Wayne Armstrong

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the 5 supplier management-related controls in the ‘Organisational’ control theme of ISO 27001’s Annex A.  Wayne draws upon 30+ of experience with information security to discuss:

• Why your organisation should consider supplier management as part of information security
• What each of the following 5 controls cover and how to implement them:
  
  • A5.19 – Information security in supplier relationships
  • A5.20 – Addressing information security within supplier relationships
  • A5.21 – Managing information security in the ICT supply chain
  • A5.22 – Monitoring, review and change management of supplier services
  • A5.23 – Information security for use of cloud services.

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, provides his insights on the 34 technological controls in Annex A of ISO 27001 and how these can be implemented by organisations looking to conform or certify to the Standard.  Wayne leverages his 30+ years of experience in information security and risk management to discuss:

• What the technological controls in ISO 27001 are designed to achieve
• How you can go about selecting the most appropriate technological controls for your organisation
• How the guidance contained in ISO 27002, the supplementary standard to ISO 27001, can help your organisation meet the Standard’s requirements in relation to technological controls
• The constraints that may prevent your organisation from implementing certain controls, and how these can be overcome
• The importance of balancing security and operational effectiveness and efficiency.

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the ‘Physical’ control theme from Annex A of ISO 27001, which are a set of security measures aimed at protecting an organisation’s physical assets and environment, such as their buildings, equipment, and paper copies of documents.  Wayne leverages his 30+ of experience with information security to discuss:

• Why the physical security controls are important and what physical controls are recommended by ISO 27001
• Whether you still need to consider physical security when all your data is stored in and accessible from the cloud
• The benefits of controls such as access cards and visible IDs for staff accessing business premises
• The relevance of physical controls for remote workers
• How to overcome the common pitfalls associated with operating and managing physical security controls.

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, explains the steps organisations can take to effectively plan, conduct, and action an ISO 27001 internal audit.  Wayne draws upon 30+ years of experience in the information security and risk management field to discuss:

• The key things to remember when planning your audit programme and to plan specific audits
• His tips for auditors when they are conducting audits
• The key considerations when reporting on audit results
• When you may need to follow-up on audit findings and when you can consider an audit closed.

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, shares some of his top tips for implementing an information security management system (ISMS) that is both conformant to the requirements of ISO 27001 and effectively enhances an organisation’s information security culture.  Wayne draws upon his 30+ years of experience in information security and risk management to discuss:

• The role of top management in the success of an ISMS implementation project
• The approach you should take when creating policies and procedures for an ISMS
• How to encourage employees to take ownership of information security as part of their day-to-day responsibilities
• The importance of a clear risk assessment, engaging all levels of the organisation from the outset, and of building information security into business processes.

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the common mistakes and challenges organisations come up against on both sides of their certification assessment, i.e., before the external assessment when the Information Security Management System (ISMS) is first being implemented, and after certification has been achieved and the ISMS is being maintained.  Wayne leverages his 30+ years of experience in information security and risk management to discuss:

• The mistakes he frequently sees organisations make when implementing ISO 27001 and preparing to certify
• The common mistakes organisations make in maintaining their ISMS and ISO 27001 certification
• New common pitfalls he has seen regarding organisations’ implementation of the 2022 version of the Standard
• Challenges and mistakes that organisations from particular industries and sectors should look out for.

In the episode of InfoSec Insider Wayne Armstrong, Senior Information Security Consultant at URM, discusses the Certificate in Information Security Management Principles (CISMP), a BCS managed, foundation-level information security qualification.  Drawing upon his 30+ years’ experience in IT, information security and risk management, Wayne discusses:

• What the CISMP is
• What is covered in the CISMP curriculum
• Who the CISMP is for and the benefits they could reap from sitting a CISMP course/exam.