SlideShare ist ein Scribd-Unternehmen logo

Maintaining Risk Assessments

Vigilant Software
Vigilant Software
TechnologieBusiness
1 von 15
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Phil Hare Vigilant Software Thursday May 30th PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH THE GOTOWEBINAR QUESTION FUNCTION Maintaining and updating your risk assessment using vsRisk™
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Phil Hare • An information security professional with many years’ experience of information security risk assessments. • Heavily involved in the specification and creation of one of the leading software tools for ISO 27001 compliant risk assessments available today. • A broad knowledge of the technical, procedural, methodological and theoretical aspects of Information Security Risk Assessment. • Instrumental in successful ISMS development projects across a wide range of organisations.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Today’s Webinar in Context • Today’s webinar is #4 in a series of 4 educational webinars. • The 4 webinars are designed to take you on a learning journey: • Webinar 1 - Why IS027001 for my Organisation? • Webinar 2 – The Importance of risk management • Webinar 3 – Carrying out a risk assessment using vsRisk • Webinar 4 (Today) – Maintaining/updating your risk assessment using vsRisk.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Today’s Agenda • A short 20-30 minutes educational and informative talk: • Quick recap of last 3 week’s webinar – Why ISO 27001, the importance of risk management, and using vsRisk to carry out a risk assessment. • Why maintain and update your risk assessment? • Maintaining and update your risk assessment using vsRisk - software demonstration. • Ample time for Q&A. • Next steps including a special offer for vsRisk.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Recap – last 3 webinars In the last 3 webinars we covered: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • Why should I and my organisation care about ISO 27001? • The importance of risk management. • Carrying out a risk assessment using vsRisk.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why maintain/update your risk assessment? Reason 1 – Required by ISO27001 (clause 4.2.3.d) Review risk assessments at planned intervals and review the residual risks and the identified acceptable levels of risks, taking into account changes to: 1. the organization; 2. technology; 3. business objectives and processes; 4. identified threats; 5. effectiveness of the implemented controls; and 6. external events, such as changes to the legal or regulatory environment, changed contractual obligations, and changes in social climate.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why review your risk assessment? Reason 2 – Risks do actually change…. Any change to the environment within which the Organisation operates will mean the ISMS should be reviewed – e.g. change in risk environment, business growth, change in legislation, change in supply chain…
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why review your risk assessment? Management’s attitude to risk changes – which could reflect changes in the funding cycle, the business environment, or in management! The Organisation should review its risk acceptance criteria to confirm that they still reflect the Management’s Risk Appetite
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why is vsRisk unique? vsRisk is the only tool in its price range that integrates out-of-the-box in to an ISO 27001 management system, allowing users to carry out an automated, robust and extensive cyber security risk assessment of their organisation’s assets compliant with ISO 27001.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 How does vsRisk help with review and maintenance? 1. It’s a database – so it stores data exactly as created last time around; 2. It has an automated process, which makes it very easy for a risk review to produce results comparable to those achieved the last time; 3. It’s easy to compare and contrast pre- and post- review states; 4. There’s even a built-in comment capability and an audit log
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 What does vsRisk already do for you? Integrated, out-of-the-box, into an ISO 27001 management system – vsRisk employs a risk assessment methodology that complies with ISO 27001 and ISO 27005, reducing the risk of non-compliance at audit of an ISO 27001 ISMS. Produced key ISO 27001 documentation – Statement of Applicability and Risk Treatment Plan ensure consistency in documentation quality and transparency across the risk management process initially and over time.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 vsRisk - Demo Software demonstration – maintaining and updating a risk assessment using vsRisk.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Next Steps – Special May offer of risk assessment software vsRisk • Purchases of vsRisk in May will include 1 years support and upgrades for free (worth £150). • To claim this offer, please visit www.vigilantsoftware.co.uk. • Offer valid until Thursday May 31st.
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Next Steps – Want to know more? • If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment using vsRisk, please visit http://www.vigilantsoftware.co.uk or email servicecentre@vigilantsoftware.co.uk. • Free trial of vsRisk available at http://www.vigilantsoftware.co.uk
“Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Questions – we welcome them all! Please type your questions into the Gotowebinar question box – responses will be verbal and shared with all delegates.

Empfohlen

Introducing vsRisk 2.6
Introducing vsRisk 2.6Introducing vsRisk 2.6
Introducing vsRisk 2.6Vigilant Software
 
Using vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentUsing vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentMichael Francis
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 

Empfohlen

Introducing vsRisk 2.6
Introducing vsRisk 2.6Introducing vsRisk 2.6
Introducing vsRisk 2.6Vigilant Software
 
Using vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentUsing vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentMichael Francis
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
The 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisThe 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisAcronis
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElasticsearch
 
Matteo Meucci Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017Matteo Meucci Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017Minded Security
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environmentArthur Donkers
 
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware BluesDon’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware BluesSynopsys Software Integrity Group
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 
Top 5 Data Security Strategies in QA
Top 5 Data Security Strategies in QATop 5 Data Security Strategies in QA
Top 5 Data Security Strategies in QAQASource
 
Automating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceAutomating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceWhiteSource
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Top 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesTop 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesIT Tech
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentIntland Software GmbH
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsDeborah Schalm
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsJoel Divekar
 
Ccna sec
Ccna secCcna sec
Ccna secshg4916
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElasticsearch
 
Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMichael Francis
 
Why ISO27001/ISO27005 for my organisation
Why ISO27001/ISO27005 for my organisationWhy ISO27001/ISO27005 for my organisation
Why ISO27001/ISO27005 for my organisationMichael Francis
 

Weitere ähnliche Inhalte

Was ist angesagt?

The 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisThe 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisAcronis
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElasticsearch
 
Matteo Meucci Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017Matteo Meucci Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017Minded Security
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environmentArthur Donkers
 
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware BluesDon’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware BluesSynopsys Software Integrity Group
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureWhiteSource
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 
Top 5 Data Security Strategies in QA
Top 5 Data Security Strategies in QATop 5 Data Security Strategies in QA
Top 5 Data Security Strategies in QAQASource
 
Automating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceAutomating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceWhiteSource
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Top 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesTop 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesIT Tech
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentIntland Software GmbH
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsDeborah Schalm
 
Ccna sec
Ccna secCcna sec
Ccna secshg4916
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElasticsearch
 

Was ist angesagt? (20)

The 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by AcronisThe 7 Rules of IT Disaster Recovery by Acronis
The 7 Rules of IT Disaster Recovery by Acronis
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic Stack
 
Matteo Meucci Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017Matteo Meucci Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environment
 
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware BluesDon’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG EffitasAcronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOps
 
Top 5 Data Security Strategies in QA
Top 5 Data Security Strategies in QATop 5 Data Security Strategies in QA
Top 5 Data Security Strategies in QA
 
Automating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSourceAutomating Open Source Security: A SANS Review of WhiteSource
Automating Open Source Security: A SANS Review of WhiteSource
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Top 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesTop 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 series
 
Managing Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development EnvironmentManaging Traceability in an Agile, Safety-critical Development Environment
Managing Traceability in an Agile, Safety-critical Development Environment
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management Teams
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Ccna sec
Ccna secCcna sec
Ccna sec
 
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic StackElastic Security: Proteção Empresarial construída sobre o Elastic Stack
Elastic Security: Proteção Empresarial construída sobre o Elastic Stack
 

Ähnlich wie Maintaining Risk Assessments

Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMichael Francis
 
Why ISO27001/ISO27005 for my organisation
Why ISO27001/ISO27005 for my organisationWhy ISO27001/ISO27005 for my organisation
Why ISO27001/ISO27005 for my organisationMichael Francis
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 
vsRisk - features and benefits.ppt
vsRisk - features and benefits.pptvsRisk - features and benefits.ppt
vsRisk - features and benefits.pptscribdJobAN
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
Neupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessmentsNeupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessmentsLars Neupart
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...PECB
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NA Putra
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lankaAnoosha Factocert
 

Ähnlich wie Maintaining Risk Assessments (20)

Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRisk
 
Why ISO27001/ISO27005 for my organisation
Why ISO27001/ISO27005 for my organisationWhy ISO27001/ISO27005 for my organisation
Why ISO27001/ISO27005 for my organisation
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk management
 
vsRisk - features and benefits.ppt
vsRisk - features and benefits.pptvsRisk - features and benefits.ppt
vsRisk - features and benefits.ppt
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
Ebsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal PresentationEbsl Technologies It Operations Internal Presentation
Ebsl Technologies It Operations Internal Presentation
 
Neupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessmentsNeupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessments
 
Iso 27001 isms
Iso 27001 ismsIso 27001 isms
Iso 27001 isms
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
Adaptive RiskPro
Adaptive RiskProAdaptive RiskPro
Adaptive RiskPro
 
8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Maintaining Risk Assessments

  • 1. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Phil Hare Vigilant Software Thursday May 30th PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH THE GOTOWEBINAR QUESTION FUNCTION Maintaining and updating your risk assessment using vsRisk™
  • 2. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Phil Hare • An information security professional with many years’ experience of information security risk assessments. • Heavily involved in the specification and creation of one of the leading software tools for ISO 27001 compliant risk assessments available today. • A broad knowledge of the technical, procedural, methodological and theoretical aspects of Information Security Risk Assessment. • Instrumental in successful ISMS development projects across a wide range of organisations.
  • 3. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Today’s Webinar in Context • Today’s webinar is #4 in a series of 4 educational webinars. • The 4 webinars are designed to take you on a learning journey: • Webinar 1 - Why IS027001 for my Organisation? • Webinar 2 – The Importance of risk management • Webinar 3 – Carrying out a risk assessment using vsRisk • Webinar 4 (Today) – Maintaining/updating your risk assessment using vsRisk.
  • 4. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Today’s Agenda • A short 20-30 minutes educational and informative talk: • Quick recap of last 3 week’s webinar – Why ISO 27001, the importance of risk management, and using vsRisk to carry out a risk assessment. • Why maintain and update your risk assessment? • Maintaining and update your risk assessment using vsRisk - software demonstration. • Ample time for Q&A. • Next steps including a special offer for vsRisk.
  • 5. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Recap – last 3 webinars In the last 3 webinars we covered: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • Why should I and my organisation care about ISO 27001? • The importance of risk management. • Carrying out a risk assessment using vsRisk.
  • 6. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why maintain/update your risk assessment? Reason 1 – Required by ISO27001 (clause 4.2.3.d) Review risk assessments at planned intervals and review the residual risks and the identified acceptable levels of risks, taking into account changes to: 1. the organization; 2. technology; 3. business objectives and processes; 4. identified threats; 5. effectiveness of the implemented controls; and 6. external events, such as changes to the legal or regulatory environment, changed contractual obligations, and changes in social climate.
  • 7. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why review your risk assessment? Reason 2 – Risks do actually change…. Any change to the environment within which the Organisation operates will mean the ISMS should be reviewed – e.g. change in risk environment, business growth, change in legislation, change in supply chain…
  • 8. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why review your risk assessment? Management’s attitude to risk changes – which could reflect changes in the funding cycle, the business environment, or in management! The Organisation should review its risk acceptance criteria to confirm that they still reflect the Management’s Risk Appetite
  • 9. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why is vsRisk unique? vsRisk is the only tool in its price range that integrates out-of-the-box in to an ISO 27001 management system, allowing users to carry out an automated, robust and extensive cyber security risk assessment of their organisation’s assets compliant with ISO 27001.
  • 10. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 How does vsRisk help with review and maintenance? 1. It’s a database – so it stores data exactly as created last time around; 2. It has an automated process, which makes it very easy for a risk review to produce results comparable to those achieved the last time; 3. It’s easy to compare and contrast pre- and post- review states; 4. There’s even a built-in comment capability and an audit log
  • 11. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 What does vsRisk already do for you? Integrated, out-of-the-box, into an ISO 27001 management system – vsRisk employs a risk assessment methodology that complies with ISO 27001 and ISO 27005, reducing the risk of non-compliance at audit of an ISO 27001 ISMS. Produced key ISO 27001 documentation – Statement of Applicability and Risk Treatment Plan ensure consistency in documentation quality and transparency across the risk management process initially and over time.
  • 12. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 vsRisk - Demo Software demonstration – maintaining and updating a risk assessment using vsRisk.
  • 13. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Next Steps – Special May offer of risk assessment software vsRisk • Purchases of vsRisk in May will include 1 years support and upgrades for free (worth £150). • To claim this offer, please visit www.vigilantsoftware.co.uk. • Offer valid until Thursday May 31st.
  • 14. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Next Steps – Want to know more? • If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment using vsRisk, please visit http://www.vigilantsoftware.co.uk or email servicecentre@vigilantsoftware.co.uk. • Free trial of vsRisk available at http://www.vigilantsoftware.co.uk
  • 15. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Questions – we welcome them all! Please type your questions into the Gotowebinar question box – responses will be verbal and shared with all delegates.