The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
All content for InfoSec Insider is the property of URM Consulting and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
In this episode of InfoSec Insider, Jack Woods and Mark O’Kane, both Consultants at URM, take a deep dive on the ‘People’ controls theme in ISO 27001, and why these controls matter in today’s hybrid workplaces, how they strengthen information security, and what auditors look for during assessments. Jack and Mark draw upon their extensive experience supporting organisations’ implementation of the Standard to discuss:
How to balance the risk of potential insider threats against the downsides of overzealous background checks when implementing pre-employment screening
The practical steps you can take to meaningfully enforce people controls beyond generic policies in the context of remote and hybrid work environments
How to ensure incident reporting for information security is both mandatory and non-punitive, so employees feel safe to report without fear of reprisal
The types of evidence auditors expect to see in a people controls-focused audit
The risks that arise when people controls such as training or NDAs are not routinely reviewed/updated as working patterns or staff roles evolve.
Ask Jack and Mark a question: https://urmconsulting.com/podcasts/iso-27001-people-controls
If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider
You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts
Connect with us on LinkedIn
Brought to you by URM, the UK’s leading information and cyber security specialists.
InfoSec Insider
The InfoSec Insider podcast brings you weekly interviews with practicing senior consultants, who draw upon their extensive experience to provide detailed and practical guidance on all things information and cyber security, data protection compliance, risk management, and more. In each episode, one of our experts takes a deep-dive into a particular aspect of their area of specialism, whether that be certifying to ISO 27001, outlining some top tips for GDPR compliance, making the case for alternative approaches to pen testing, or discussing how to conduct an effective business impact analysis (BIA). Enhance your understanding and professional skillset with the InfoSec Insider podcast, brought to you by URM, the UK’s leading provider of cyber security and governance, risk management and compliance consultancy.
