Send us a text

Summary

In this conversation, Ian Shorten, an independent information security consultant, discusses the fundamentals of ISO 27001, a standard for managing information security. He explains its importance in today's interconnected world, the core concepts of the standard, and the journey organisations face during implementation. Ian emphasises the need for a culture of security awareness across all levels of an organisation and provides practical tips for successfully implementing ISO 27001.

Takeaways

ISO 27001 is a management system for information security.

It's not just for IT companies; all organisations need it.

Understanding information as an asset is crucial.

Confidentiality, integrity, and availability are key attributes of information security.

Creating a culture of security awareness is vital for all employees.

The implementation journey can take from three months to several years.

Risk management doesn't have to be overly complicated.

Regular maintenance of the ISMS is essential for effectiveness.

Most problems in security are caused by human error, not technology.

Get a grip on your information assets early in the process.

Chapters

00:00 Introduction to ISO 27001 and Information Security

02:55 Understanding Information Security Management Systems

05:35 The Importance of ISO 27001 in Today's World

08:09 Core Concepts of ISO 27001

10:39 Identifying and Managing Risks in Information Security

13:11 The Role of Controls in ISO 27001

15:51 Flexibility and Adaptability of ISO 27001

18:33 Implementation Journey for ISO 27001

21:49 Implementation Timeline for ISO 27001

23:24 Understanding Existing Controls and Technology

25:15 Common Pitfalls in Information Security Management

28:57 Scalability of ISO 27001 for Small Businesses

31:01 Creating a Culture of Security Awareness

33:45 Maintaining ISO 27001 Compliance

36:52 Top Tips for Starting ISO 27001 Journey

Key Links

Auva Website: www.auva.com

Apple Podcast:  https://podcasts.apple.com/gb/podcast/by-all-standards/id1771677594

Spotify: https://open.spotify.com/show/79OUNj3vY9dmESR3okwHJa?si=871837f56dc149b6

Youtube: https://www.youtube.com/@auvacertification/podcasts

LinkedIN: https://www.linkedin.com/company/auva-certification-ltd 

Instagram: @auvacert

Michael Venner:  https://www.linkedin.com/in/michaelvenner-isocertificationexpert/ 

Ian Shorten: https://www.linkedin.com/in/ian-shorten-8a100012/

Ian Shorten: ian@ianshorten.co.uk