Your SlideShare is downloading. ×
Why ISO27001/ISO27005 for my organisation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Why ISO27001/ISO27005 for my organisation

530
views

Published on

Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.

Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.

Published in: Technology, Business

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
530
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Why ISO 27001 for my Organisation? Alan Calder CEO, Vigilant Software Thursday February 28th PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 2. Alan Calder• CEO and founder of Vigilant Software.• Acknowledged information security/risk management thought leader.• Managed the world’s first successful ISO 27001 (then BS7799) implementation project in 1996.• Frequent media commentator on risk management issues.• Co-author of vsRisk™ – the definitive cyber security risk assessment tool. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 3. Today’s Webinar in Context• Today’s webinar is #1 in a series of 4 educational webinars.• The 4 webinars are designed to take you on a learning journey: • Webinar 1 (Today) - Why ISO 27001 for my Organisation? • Webinar 2 – The Importance of risk management. • Webinar 3 – Carrying out a risk assessment using vsRisk. • Webinar 4 – Maintaining/updating your risk assessment using vsRisk.• Registration details of these webinars at the end. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 4. Today’s Agenda• A short 20-30 minutes educational and informative talk on: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • The drivers for ISO 27001. • Why should my organisation care about ISO 27001? • Accredited Certification. • The central role of risk assessment in ISO 27001.• Ample time for Q&A.• Next steps. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 5. What is information security?‘Preservation of confidentiality, integrity and availability of information; in addition, other properties such asauthenticity, accountability, non-repudiation and reliability can also be involved’. ISO/IEC 27001:2005 “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 6. What is an ISMS?Information Security Management System (ISMS):Systematic approach to managing confidential or sensitive corporate information so that it remains secure. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 7. What is ISO 27001?• An ISMS standard that replaced BS77799-2:2002 in late 2005.• The world’s only cyber security standard.• Formally specifies an ISMS that is intended to bring information security under explicit management control.• Best practice specification that helps businesses and organisations throughout the world develop a best-in-class ISMS.• Adopts the Plan-Do-Check-Act (PDCA) model. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 8. Plan-Do-Check-Act “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 9. Drivers for ISO 27001• Clients need confidence in their supply chain.• Breaches of Personal Data can bring fines up to £500k by the Information Commissioner.• Data Handling Review 2008 – better information security in Govt and down the food chain.• Improved reputational protection.• Balance expenditure to the information security risk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 10. Why should my organisation care about ISO27001?Reason 1 - ComplianceISO 27001 can bring in the methodology that enablesorganisations to comply in the most efficient way.Certification is often the quickest ‘return on investment’ – ifan organisation must comply to various regulationsregarding data protection, privacy and IT governance(particularly if it is a financial, health or governmentorganisation). “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 11. Why should my organisation care about ISO27001?Reason 2 - Marketing edgeIn a market which is more and more competitive, it issometimes very difficult to find something that willdifferentiate you in the eyes of your customers. ISO 27001could be indeed a unique selling point, especially if youhandle clients’ sensitive information. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 12. Why should my organisation care about ISO27001?Reason 3 - Lowering the expensesInformation security is usually considered as a cost with noobvious financial gain. However, there is financial gain ifyou lower your expenses caused by incidents. Youprobably do have interruption in service, or occasional dataleakage, or disgruntled employees. Or disgruntled formeremployees. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 13. Why should my organisation care about ISO27001?Reason 4 - Putting your business in orderISO 27001 is particularly good in sorting out those thornymanagement system issues – it forces you to define veryprecisely both the responsibilities and duties, and thereforestrengthen your internal organisation. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 14. Accredited Certification•Provides evidence of Information Security ManagementSystem assurance.•Verified by independent auditor.•In UK authority is UKAS Accredited Certification scheme:World wide recognition.•National certification body – member of InternationalAccreditation Forum. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 15. The central role of risk assessment in ISO 27001ISO 27001:2005 conformance requires implementation anddocumentation of an Information Security ManagementSystem (ISMS) implementing controls selected inaccordance with 4.2..1.g, (control objectives in Annex A) “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 16. The central role of risk assessment in ISO 27001•Structured ISMS gives: • Best practice. • Marketing opportunities. • Compliance to Corporate Governance requirements. • Appropriate action to comply with law. • Systematic approach to risks. • Credibility with staff, customers and partner organisations. • Informed decisions on security investments. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 17. Next Steps – Upcoming Educational Webinars• Webinar 2 - The Importance of Risk Management - Thursday March 7th, 4pm UK Time (Next week).• Webinar 3 - Carrying out a Risk Assessment using vsRisk - Thursday March 14th, 4pm UK Time.• Webinar 4 - Maintaining and Updating your Risk Assessment using vsRisk - Thursday March 21st, 4pm UK Time. Includes announcement of special offer for vsRisk.Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 18. Before the next webinars…Read a book… Download a free trial of vsRiskRead the worlds first practical e-book The cyber security risk assessmentguidance on achieving ISO 27001 tool compliant to ISO 27001 thatcertification and the nine automates and accelerates the riskessential steps to an effective ISMS management process.implementation.Available for £25.95 (usually £29.95) 15-day free trial athttp://www.vigilantsoftware.co.uk/pr http://www.vigilantsoftware.co.ukoduct/1651.aspx “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 19. Next Steps – Special February offer of riskassessment software vsRisk• Purchases of vsRisk by attendees of this webinar will include free 1 years S&U (worth £150+) – offer valid today (until end of February 2013).• To claim this offer, please email servicecentre@vigilantsoftware.co.uk or call 0845 003 8228 and quote code ‘vsRisk webinar offer.’ “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 20. Next Steps – Want to know more?If you would like to know more about ISO 27001, includinghow to carry out an ISO 27001-compliant risk assessment,please visit http://www.vigilantsoftware.co.uk/ or emailservicecentre@vigilantsoftware.co.uk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 21. Questions – we welcome them all!Please type your questions into the Webex chat window –responses will generally be verbal and shared with alldelegates. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013