All Episodes
Displaying 61 - 71 of 71 in total
Episode 61 — A.8.15–8.16 — Logging; Monitoring activities
A.8.15 requires that logging be planned, consistent, and comprehensive enough to reconstruct significant actions affecting information security. For the exam, connect ...
Episode 62 — A.8.17–8.18 — Clock synchronization; Privileged utility programs
A.8.17 mandates synchronized time across systems so that events recorded in different places can be reliably correlated. For the exam, stress why this matters: investi...
Episode 63 — A.8.19–8.20 — Software installation on operational systems; Network security
A.8.19 restricts software installation on operational systems to prevent drift, reduce attack surface, and maintain license and support compliance. For the exam, disti...
Episode 64 — A.8.21–8.22 — Security of network services; Segregation of networks
A.8.21 requires that network services—whether internal or provided by third parties—be specified and secured to meet business and security requirements. For the exam, ...
Episode 65 — A.8.23–8.24 — Web filtering; Use of cryptography
A.8.23 establishes web filtering to manage risk from browsing and outbound HTTP/S traffic, acknowledging that the browser is a primary threat vector. For the exam, emp...
Episode 66 — A.8.25–8.26 — Secure development lifecycle; Application security requirements
A.8.25 requires a secure development lifecycle (SDLC) that embeds security from concept to retirement, not as a late-stage gate. For the exam, describe SDLC phases wit...
Episode 67 — A.8.27–8.28 — Secure system architecture & engineering; Secure coding
A.8.27 focuses on secure system architecture and engineering, requiring designs that partition trust, minimize attack surface, and enforce least privilege at every lay...
Episode 68 — A.8.29–8.30 — Security testing in development & acceptance; Outsourced development
A.8.29 requires structured security testing throughout development and acceptance, proving that controls operate as intended before release. For the exam, differentiat...
Episode 69 — A.8.31–8.32 — Separation of dev/test/prod; Change management
A.8.31 enforces separation between development, test, and production to prevent inadvertent changes, data leakage, and unauthorized access. For the exam, stress enviro...
Episode 70 — A.8.33–8.34 — Test information; Protecting systems during audit testing
A.8.33 governs test information—data and artifacts used to verify functionality and security—so that confidentiality, integrity, and legality are preserved. For the ex...
Welcome to Framework - ISO 27001
Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world takeaways. In this ...