Before we dive into the new year, we’d like to take a step back and reflect on 2023.  Last year was filled with a lot of topics and challenges, from tackling the transition to ISO 27001:2022, to finding credible ways to offset your carbon emissions within the UK. With a total of 33 episodes published last year, Mel looks back on the 5 most popular episodes of 2023, including some highlights from each episode. You’ll learn ·       What were the top 5 most popular podcast episodes of 2023? ·       A highlight from each of the top 5 episodes   Resources ·       The ISO Show   In this episode, we talk about: [00:45] Editor shoutout – A special shout out to the Blackmores Communication Manager, Steph Churchman, who helps organise, produce and publish the ISO Show podcast!   [01:20] Information Security was a favorite topic for 2023 – ISO 27001:2022 was definitely a hot topic in 2023, which is not a surprise seeing as anyone currently certified to ISO 27001:2013 will need to transition to the latest standard by October 2025. Many were making a start on this in 2023, or looking to plan it in for 2024. [02:10] #1: Episode 128 What’s new with ISO 27001:2022? – Orginially published as part of a series of podcasts explaining the new Standard. This episode focuses on a high-level overview of the major changes. Here are a few highlights from the snippet: ·       Steve Gives an overview of what’s new in ISO 27001:2022 – The updated version of ISO 27001 was released on the 26th Oct 2022. The new version included 24 changes and clarifications within the main clauses. ·       The controls for the new standard are now categorised into 4 groups: Organisation, People, Physical and Technology  ·       We covered some of the new controls in more detail in previous episodes: #109, #110, #111, #112, #113 and #114 ·       The 24 changes and clarifications to Clauses include older existing clauses which have been tidied up to be more transparent. We recommend reviewing to ensure that you are complying in a way that aligns with the Standard. ·       There are 11 new Controls. 56 controls from the 2013 version have been reduced to 24 with 58 remaining unchanged. So, in short, Annex A has been simplified with less duplication of controls.   [09:15] #2: Episode 130 What are the 11 new controls in ISO 27001:2022? – In this episode we brought Steve Mason back to discuss the 11 new controls in ISO 27001:2022, and delve into the context of why these were added. We also highlight some of the resources we’ve made available in the isologuhub, including mention of our ISO 27001 Transition Gameplan. Here are a few highlights from the snippet: ·       These new controls are nothing to worry about – they are simply aligning the Standard with more modern security considerations. You may already be complying with them! ·       Control A.5.7 Threat intelligence – ‘To provide awareness of the organization’s threat environment so that the appropriate mitigation actions can be taken.’ – This can come from many different sources, such as the NCSC or local police websites. There are also additional tools you can add to detect possible phishing attacks. This also includes consideration to external threats – Information Security is about much more than just protecting data! It also includes physical security. ·       Control A.5.23 Information security for use of cloud services – “To specify and manage information security for the use of cloud services.” – More and more businesses reply on cloud-based computing. It’s important to verify the security of your service provider to ensure it’s adequate. You can check to see if they have any valid Information Security related credentials such as CSA Star, Cyber Essentials, SOC. You could also adopt principles of ISO 27017 (certification for cloud security), ISO 27018 (Protection of PII in the public cloud) and ISO 27701 (PII security Standard). ·       Control A.5.30 ICT readiness for business continuity –‘