• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Why ISO27001 For My Organisation
 

Why ISO27001 For My Organisation

on

  • 773 views

, hosted by Alan Calder CEO and founder of Vigilant Software and acknowledged information security risk assessment and management thought leader, explains and discusses what is information security? ...

, hosted by Alan Calder CEO and founder of Vigilant Software and acknowledged information security risk assessment and management thought leader, explains and discusses what is information security? What is an information security management system (ISMS)? What is ISO 27001? Why should I and my organisation care about ISO 27001?

Statistics

Views

Total Views
773
Views on SlideShare
731
Embed Views
42

Actions

Likes
2
Downloads
63
Comments
0

3 Embeds 42

http://www.mauricall.com 21
http://www.vigilantsoftware.co.uk 18
http://mauricall.com 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Why ISO27001 For My Organisation Why ISO27001 For My Organisation Presentation Transcript

    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Alan CalderCEO, Vigilant SoftwareThursday May 9thPLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICEWhy ISO 27001 for my Organisation?
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Alan Calder• CEO and founder of Vigilant Software.• Acknowledged information security/risk managementthought leader.• Managed the world’s first successful ISO 27001 (thenBS7799) implementation project in 1996.• Frequent media commentator on risk managementissues.• Co-author of vsRisk™ – the definitive cyber security riskassessment tool.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Today’s Webinar in Context• Today’s webinar is #1 in a series of 4 educationalwebinars.• The 4 webinars are designed to take you on a learningjourney:• Webinar 1 (Today) - Why ISO 27001 for my Organisation?• Webinar 2 – The Importance of risk management.• Webinar 3 – Carrying out a risk assessment using vsRisk.• Webinar 4 – Maintaining/updating your risk assessment usingvsRisk.• Registration details of these webinars at the end.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Today’s Agenda• A short 20-30 minutes educational and informative talk on:• What is information security?• What is an information security management system (ISMS)?• What is ISO 27001?• The drivers for ISO 27001.• Why should my organisation care about ISO 27001?• Accredited Certification.• The central role of risk assessment in ISO 27001.• Ample time for Q&A.• Next steps.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013What is information security?‘Preservation of confidentiality, integrity and availability ofinformation; in addition, other properties such asauthenticity, accountability, non-repudiation and reliabilitycan also be involved’.ISO/IEC 27001:2005
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013What is an ISMS?Information Security Management System (ISMS):Systematic approach to managing confidential or sensitivecorporate information so that it remains secure.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013What is ISO 27001?• An ISMS standard that replaced BS77799-2:2002 in late 2005.• The world’s only cyber security standard.• Formally specifies an ISMS that is intended to bring informationsecurity under explicit management control.• Best practice specification that helps businesses and organisationsthroughout the world develop a best-in-class ISMS.• Adopts the Plan-Do-Check-Act (PDCA) model.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Plan-Do-Check-Act
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Drivers for ISO 27001• Clients need confidence in their supply chain.• Breaches of Personal Data can bring fines up to £500kby the Information Commissioner.• Data Handling Review 2008 – better information securityin Govt and down the food chain.• Improved reputational protection.• Balance expenditure to the information security risk.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 1 - ComplianceISO 27001 can bring in the methodology that enablesorganisations to comply in the most efficient way.Certification is often the quickest ‘return on investment’ – ifan organisation must comply to various regulationsregarding data protection, privacy and IT governance(particularly if it is a financial, health or governmentorganisation).
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 2 - Marketing edgeIn a market which is more and more competitive, it issometimes very difficult to find something that willdifferentiate you in the eyes of your customers. ISO 27001could be indeed a unique selling point, especially if youhandle clients’ sensitive information.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 3 - Lowering the expensesInformation security is usually considered as a cost with noobvious financial gain. However, there is financial gain ifyou lower your expenses caused by incidents. Youprobably do have interruption in service, or occasional dataleakage, or disgruntled employees. Or disgruntled formeremployees.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 4 - Putting your business in orderISO 27001 is particularly good in sorting out those thornymanagement system issues – it forces you to define veryprecisely both the responsibilities and duties, and thereforestrengthen your internal organisation.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Accredited Certification•Provides evidence of Information Security ManagementSystem assurance.•Verified by independent auditor.•In UK authority is UKAS Accredited Certification scheme:World wide recognition.•National certification body – member of InternationalAccreditation Forum.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013The central role of risk assessment in ISO 27001ISO 27001:2005 conformance requires implementation anddocumentation of an Information Security ManagementSystem (ISMS) implementing controls selected inaccordance with 4.2..1.g, (control objectives in Annex A)
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013The central role of risk assessment in ISO 27001•Structured ISMS gives:• Best practice.• Marketing opportunities.• Compliance to Corporate Governance requirements.• Appropriate action to comply with law.• Systematic approach to risks.• Credibility with staff, customers and partner organisations.• Informed decisions on security investments.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Next Steps – Upcoming Educational Webinars• Webinar 2 - The Importance of Risk Management - Thursday May16th, 4pm UK Time (Next week).• Webinar 3 - Carrying out a Risk Assessment using vsRisk -Thursday May 23rd, 4pm UK Time.• Webinar 4 - Maintaining and Updating your Risk Assessmentusing vsRisk - Thursday May 30th, 4pm UK Time. Includesannouncement of special offer for vsRisk for webinar registrants.Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Before the next webinars…Read a book…Read the worlds first practical e-bookguidance on achieving ISO 27001certification and the nineessential steps to an effective ISMSimplementation.Available for £25.95 (usually £29.95)http://www.vigilantsoftware.co.uk/product/1651.aspxDownload a free trial of vsRiskThe cyber security risk assessmenttool compliant to ISO 27001 thatautomates and accelerates the riskmanagement process.15-day free trial athttp://www.vigilantsoftware.co.uk
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Next Steps – Want to know more?If you would like to know more about ISO 27001, includinghow to carry out an ISO 27001-compliant risk assessment,please visit http://www.vigilantsoftware.co.uk/ or emailservicecentre@vigilantsoftware.co.uk.
    • “The definitive risk assessment tool for ISO27001 certification”Copyright © Vigilant Software Ltd 2013Questions – we welcome them all!Please type your questions into the gotowebinar chatwindow – responses will generally be verbal and sharedwith all delegates.