*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Compiled by; Mark E.S. Bernard, ISO 27001 Lead Auditor, CISSP, CISM,...
Security Budget for an In-House Program versus Outsourcing Security
Computer Security Institute 2010/11 Survey
Percentage ...
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
• Week 1 – 8 based on 320 hours
• Week 9 – 12 based on 160 hours
• Week 13 and beyond based on 160 hours
As the project pr...
***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS***
Six key roles have been identified for implementation and adoption of ISO 27...
***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS***
26 major deliverables have been identified and prioritised within the list b...
***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS***
The amount of effort in terms of hours to initiate, plan, execute and contro...
***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS***
The amount of effort in terms of hours required by each of the six primary r...
***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS***
The amount of effort in terms of hours required by each of the six primary r...
***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS***
The amount of effort in terms of hours required by each of the six primary r...
*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
For more information contact
Skype; Mark_E_S_Bernard
Twitter;@MESB_T...
Upcoming SlideShare
Loading in...5
×

TechSecure ISO27001 Adoption Implmenetation Project Work-Break-Down-Structure and Budget Estimates

675

Published on

TechSecure ISO27001 Adoption Implementation Project Work-Break-Down-Structure and Budget Estimates

Published in: Business, Technology
3 Comments
7 Likes
Statistics
Notes
No Downloads
Views
Total Views
675
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
3
Likes
7
Embeds 0
No embeds

No notes for slide

Transcript of "TechSecure ISO27001 Adoption Implmenetation Project Work-Break-Down-Structure and Budget Estimates"

  1. 1. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Compiled by; Mark E.S. Bernard, ISO 27001 Lead Auditor, CISSP, CISM, SABSA-F2, CISA, CRISC, CGEIT
  2. 2. Security Budget for an In-House Program versus Outsourcing Security Computer Security Institute 2010/11 Survey Percentage of IT Budget Spent on Security 237 respondents said that their budget was in excess of 18%, 8-10 of respondents said their budget was 16.5%, 6-7% of respondents said their budget was 5.5%, 3-5% of respondents said their budget was 17.7%, 1-2% of respondents said their budget was 15.6%, Less then 1% of respondents said their budget was 10.1% and 16% of respondents said they had no idea what their budget was. In contrast the percentage of Security Functions Outsourced 222 Respondents 64% said 'None' while 22% of respondents said up to 10% of their security functions were outsourced. In addition 5.9% of respondents said between 21- 40% was Outsourced, 4.1% of respondents said between 41-60% was Outsourced, 2.3% of respondents said between 61-80% was Outsourced, and 1.8% of respondents said between 81-100% was Outsourced. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  3. 3. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  4. 4. • Week 1 – 8 based on 320 hours • Week 9 – 12 based on 160 hours • Week 13 and beyond based on 160 hours As the project progresses knowledge exchange must be facilitated from the consultant to the ISMS Manager and Analyst. This is extremely important to avoid any ISMS Program hand over issue. If resources cannot be committed 100% it may be necessary to outsource the ISMS Manager role. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
  5. 5. ***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS*** Six key roles have been identified for implementation and adoption of ISO 27001. Any absence of these roles could not only jeopardize any ISMS project but could also shift more work onto the consultant assisting with implementation and reduce the necessary knowledge exchange between corporate ISMS employees and consultants. Critical knowledge could be lost.
  6. 6. ***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS*** 26 major deliverables have been identified and prioritised within the list below by which should be accomplished first so that subsequent tasks can be accomplished.
  7. 7. ***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS*** The amount of effort in terms of hours to initiate, plan, execute and control a ISMS Process has been estimated to provide mangers with perspective and context for decision making.
  8. 8. ***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS*** The amount of effort in terms of hours required by each of the six primary resources during week 1 – 8 has been estimated to provide mangers with perspective and context for decision making.
  9. 9. ***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS*** The amount of effort in terms of hours required by each of the six primary resources during week 9 – 12 has been estimated to provide mangers with perspective and context for decision making.
  10. 10. ***THISDOCUMENTISCLASSIFIEDFORPUBLICACCESS*** The amount of effort in terms of hours required by each of the six primary resources to sustain the ISMS Program has been estimated to provide mangers with perspective and context for decision making.
  11. 11. *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** For more information contact Skype; Mark_E_S_Bernard Twitter;@MESB_TechSecure LinkedIn; http://ca.linkedin.com/in/markesbernard

×