Mark is an Information Security Consultant at URM with significant experience working with ISO 27001 and other GRC security frameworks and services. In addition to his broad knowledge of the core information security domains, Mark has a keen interest in areas such as risk management, supplier management, physical security, business continuity and internal audits. With a comprehensive knowledge of ISO 27001, Mark has helped a wide range of organisations to implement the Standard and maintain their conformance. Whether providing consultancy, implementation support, or conducting internal audits, Mark uses his excellent communication and listening skills to understand the security problems organisations face, and to provide practical and tailored solutions to resolve those problems and improve their security posture.
ISO 27001 Information Security Management Controls
In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the information security management controls within Annex A of ISO 27001, which comprise the first eight controls of Annex A’s ‘Organisational’ control theme. Mark leverages his extensive experience supporting ISO 27001 implementations to discuss:
- What the organisational controls are, and how the first eight fit into the overall aim of the ‘Organisational’ control theme
- The role of management and senior leadership in relation to information security, and how leadership is linked to the creation of information security policies
- The importance of segregation of duties and clearly defined roles and responsibilities in addressing information security risk
- How maintaining contact with authorities, special interest groups, and threat intelligence sources can help you address both security risks that may materialise and security incidents that have occurred
- Common challenges and mistakes associated with implementing these controls, and how they can be overcome.