Weitere ähnliche Inhalte Ähnlich wie Why ISO27001 For My Organisation (20) Kürzlich hochgeladen (20) Why ISO27001 For My Organisation1. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Alan Calder
CEO, Vigilant Software
Thursday May 9th
PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.
Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE
Why ISO 27001 for my Organisation?
2. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Alan Calder
• CEO and founder of Vigilant Software.
• Acknowledged information security/risk management
thought leader.
• Managed the world’s first successful ISO 27001 (then
BS7799) implementation project in 1996.
• Frequent media commentator on risk management
issues.
• Co-author of vsRisk™ – the definitive cyber security risk
assessment tool.
3. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Webinar in Context
• Today’s webinar is #1 in a series of 4 educational
webinars.
• The 4 webinars are designed to take you on a learning
journey:
• Webinar 1 (Today) - Why ISO 27001 for my Organisation?
• Webinar 2 – The Importance of risk management.
• Webinar 3 – Carrying out a risk assessment using vsRisk.
• Webinar 4 – Maintaining/updating your risk assessment using
vsRisk.
• Registration details of these webinars at the end.
4. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Agenda
• A short 20-30 minutes educational and informative talk on:
• What is information security?
• What is an information security management system (ISMS)?
• What is ISO 27001?
• The drivers for ISO 27001.
• Why should my organisation care about ISO 27001?
• Accredited Certification.
• The central role of risk assessment in ISO 27001.
• Ample time for Q&A.
• Next steps.
5. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is information security?
‘Preservation of confidentiality, integrity and availability of
information; in addition, other properties such as
authenticity, accountability, non-repudiation and reliability
can also be involved’.
ISO/IEC 27001:2005
6. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is an ISMS?
Information Security Management System (ISMS):
Systematic approach to managing confidential or sensitive
corporate information so that it remains secure.
7. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is ISO 27001?
• An ISMS standard that replaced BS77799-2:2002 in late 2005.
• The world’s only cyber security standard.
• Formally specifies an ISMS that is intended to bring information
security under explicit management control.
• Best practice specification that helps businesses and organisations
throughout the world develop a best-in-class ISMS.
• Adopts the Plan-Do-Check-Act (PDCA) model.
8. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Plan-Do-Check-Act
9. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Drivers for ISO 27001
• Clients need confidence in their supply chain.
• Breaches of Personal Data can bring fines up to £500k
by the Information Commissioner.
• Data Handling Review 2008 – better information security
in Govt and down the food chain.
• Improved reputational protection.
• Balance expenditure to the information security risk.
10. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO
27001?
Reason 1 - Compliance
ISO 27001 can bring in the methodology that enables
organisations to comply in the most efficient way.
Certification is often the quickest ‘return on investment’ – if
an organisation must comply to various regulations
regarding data protection, privacy and IT governance
(particularly if it is a financial, health or government
organisation).
11. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO
27001?
Reason 2 - Marketing edge
In a market which is more and more competitive, it is
sometimes very difficult to find something that will
differentiate you in the eyes of your customers. ISO 27001
could be indeed a unique selling point, especially if you
handle clients’ sensitive information.
12. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO
27001?
Reason 3 - Lowering the expenses
Information security is usually considered as a cost with no
obvious financial gain. However, there is financial gain if
you lower your expenses caused by incidents. You
probably do have interruption in service, or occasional data
leakage, or disgruntled employees. Or disgruntled former
employees.
13. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO
27001?
Reason 4 - Putting your business in order
ISO 27001 is particularly good in sorting out those thorny
management system issues – it forces you to define very
precisely both the responsibilities and duties, and therefore
strengthen your internal organisation.
14. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Accredited Certification
•Provides evidence of Information Security Management
System assurance.
•Verified by independent auditor.
•In UK authority is UKAS Accredited Certification scheme:
World wide recognition.
•National certification body – member of International
Accreditation Forum.
15. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
The central role of risk assessment in ISO 27001
ISO 27001:2005 conformance requires implementation and
documentation of an Information Security Management
System (ISMS) implementing controls selected in
accordance with 4.2..1.g, (control objectives in Annex A)
16. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
The central role of risk assessment in ISO 27001
•Structured ISMS gives:
• Best practice.
• Marketing opportunities.
• Compliance to Corporate Governance requirements.
• Appropriate action to comply with law.
• Systematic approach to risks.
• Credibility with staff, customers and partner organisations.
• Informed decisions on security investments.
17. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Upcoming Educational Webinars
• Webinar 2 - The Importance of Risk Management - Thursday May
16th, 4pm UK Time (Next week).
• Webinar 3 - Carrying out a Risk Assessment using vsRisk -
Thursday May 23rd, 4pm UK Time.
• Webinar 4 - Maintaining and Updating your Risk Assessment
using vsRisk - Thursday May 30th, 4pm UK Time. Includes
announcement of special offer for vsRisk for webinar registrants.
Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx
18. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Before the next webinars…
Read a book…
Read the world's first practical e-book
guidance on achieving ISO 27001
certification and the nine
essential steps to an effective ISMS
implementation.
Available for £25.95 (usually £29.95)
http://www.vigilantsoftware.co.uk/pr
oduct/1651.aspx
Download a free trial of vsRisk
The cyber security risk assessment
tool compliant to ISO 27001 that
automates and accelerates the risk
management process.
15-day free trial at
http://www.vigilantsoftware.co.uk
19. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Want to know more?
If you would like to know more about ISO 27001, including
how to carry out an ISO 27001-compliant risk assessment,
please visit http://www.vigilantsoftware.co.uk/ or email
servicecentre@vigilantsoftware.co.uk.
20. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Questions – we welcome them all!
Please type your questions into the gotowebinar chat
window – responses will generally be verbal and shared
with all delegates.