Successfully reported this slideshow.

Maintaining and updating your risk assessment using vsRisk

514 views

Published on

Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Maintaining and updating your risk assessment using vsRisk

  1. 1. Maintaining and updating your risk assessment using vsRisk™ Alan Calder and Phil Hare Vigilant Software Thursday March 21st PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  2. 2. Alan Calder• CEO and founder of Vigilant Software• Acknowledged information security/risk management thought leader• Managed the world’s first successful ISO27001 (then BS7799) implementation project in 1996• Frequent media commentator on risk management issues• Co-author of vsRisk™ – the definitive cybersecurity risk assessment tool “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  3. 3. Today’s Webinar in Context• Today’s webinar is #4 in a series of 4 educational webinars.• The 4 webinars are designed to take you on a learning journey: • Webinar 1 - Why IS027001 for my Organisation? • Webinar 2 – The Importance of risk management • Webinar 3 – Carrying out a risk assessment using vsRisk • Webinar 4 (Today) – Maintaining/updating your risk assessment using vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  4. 4. Today’s Agenda• A short 20-30 minutes educational and informative talk: • Quick recap of last 3 week’s webinar – Why ISO 27001, the importance of risk management, and using vsRisk to carry out a risk assessment. • Why maintain and update your risk assessment? • Maintaining and update your risk assessment using vsRisk - software demonstration.• Ample time for Q&A.• Next steps including a special offer for vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  5. 5. Recap – last 3 webinarsIn the last 3 webinars we covered: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • Why should I and my organisation care about ISO 27001? • The importance of risk management. • Carrying out a risk assessment using vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  6. 6. Why maintain/update your risk assessment?It is vitally important to maintain and update your ISMS fortwo main reasons:Reason 1 - Change of ISMS environmentAny change to the ISMS needs assessing – e.g. new jobroles, new equipment, business growth, change inlegislation, change in supply chain… “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  7. 7. Why maintain/update your risk assessment?Reason 2 - ISO 27001 relies on the Plan-Do-Check-Act (PDCA)approach. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  8. 8. Why maintain/update your risk assessment?PDCA is a constant cycle of review and action.Acceptance criteria (established before any actual assessment tookplace) - should be reviewed.It is wise to consider reducing the overall acceptance criteria of theorganisation before engaging in the next pass of the PDCA cycle,updating the assessment as such and thus reducing the level of riskoverall. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  9. 9. Why is vsRisk unique?vsRisk is the only tool in its price range that integratesout-of-the-box in to an ISO 27001 management system,allowing users to carry out an automated, robust andextensive cyber security risk assessment of theirorganisation’s assets compliant with ISO 27001. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  10. 10. What can vsRisk do for you?Automates assessment of information risk – the risk-assessment wizard eliminates the opportunity for humanand spread sheet error, improving consistency across time,and improving the robustness of risk managementdecisions.Accelerates the information risk assessment process –vsRisk substantially reduces the time and cost required foran ISMS project. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  11. 11. What can vsRisk do for you? Contd.Integrates, out-of-the-box, into an ISO 27001management system – vsRisk employs a risk assessmentmethodology that complies with ISO 27001 and ISO 27005,reducing the risk of non-compliance at audit of an ISO27001 ISMS.Produces key ISO 27001 documentation – Statement ofApplicability and Risk Treatment Plan ensure consistencyin documentation quality and transparency across the riskmanagement process initially and over time. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  12. 12. Phil Hare• An information security professional with many years’ experience of information security risk assessments.• Heavily involved in the specification and creation of one of the leading software tools for ISO 27001 compliant risk assessments available today.• A broad knowledge of the technical, procedural, methodological and theoretical aspects of Information Security Risk Assessment.• Instrumental in successful ISMS development projects across a wide range of organisations. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  13. 13. vsRisk - DemoSoftware demonstration – maintaining and updating a riskassessment using vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  14. 14. Next stepsRead a book… Buy and/or get a free trial of vsRiskRead the worlds first practical e-book The cyber security risk assessmentguidance on achieving ISO 27001 tool compliant to ISO 27001 thatcertification and the nine automates and accelerates the riskessential steps to an effective ISMS management process.implementation.Available for £29.95 at Buy (£995 for Standalone) and/orhttp://www.vigilantsoftware.co.uk/pr get a free trial atoduct/1651.aspx http://www.vigilantsoftware.co.uk “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  15. 15. Next Steps – Special March offer of riskassessment software vsRisk• Purchases of vsRisk in March will include for free a digital copy of the information security risk management standard, ISO 27005 (worth £100) and a digital copy of the book Information Security Risk Management for ISO 27001/ISO 27002 (worth £39.95).• To claim this offer, please visit www.vigilantsoftware.co.uk.• Offer valid until Thursday March 28th. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  16. 16. Next Steps – Want to know more?• If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment using vsRisk, please visit http://www.vigilantsoftware.co.uk or email servicecentre@vigilantsoftware.co.uk.• Free trial of vsRisk available at http://www.vigilantsoftware.co.uk “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  17. 17. Questions – we welcome them all!Please type your questions into the Webex chat window –responses will generally be verbal and shared with alldelegates. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013

×