Cybersecurity is an ongoing journey. The regular update and improvement of security measures is essential to stay ahead of evolving threats. Amongst others, the webinar covers: • Benefits of Compliance • Digital Transformation: Why • ISO/IEC 27001 and ISO/IEC 27032 • ISO/IEC 27001: Information Security Management System (ISMS) • ISO/IEC 27032: Cybersecurity Framework Presenters: Douglas Brush Douglas Brush is a federally court-appointed Special Master, and Court Appointed Neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery. He is an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He is the founder and host of Cyber Security Interviews, a popular information security podcast. Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, diversity, equity, and inclusion, in the information security industry. Malcolm Xavier Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc. His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management. Carole Njoya Founder in 2018 of Alcees, a Paris-based management consulting fabric specialized in cybersecurity, data privacy governance and digital trust, Carole Njoya provides independent, tailored and expert advisory to companies doing business in European markets and serving both B2B and B2C customers. With more than 100 cybersecurity projects delivered, she assists entities in preparing, implementing and maintaining the right best practices under the ISO 27001 compliance framework and GDPR article 25 obligation (Privacy by design) for their vendors. Carole Njoya featured in the « Women Know Cybersecurity » 2019 Twitter list edited by Cybercrime Magazine. Carole Njoya is committed in science and engineering since pre-teen period. Date: September 27, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 YouTube video: https://youtu.be/U7tyzUrh8aI

3. Agenda
▪ Panellist Introductions
 Benefits of Compliance
 Digital Transformation: Why
 ISO/IEC 27001 and ISO/IEC 27032
 ISO/IEC 27001: Information Security Management
System (ISMS)
 ISO/IEC 27032: Cybersecurity Framework
▪ Case Studies
▪ Q&A

5. Benefits of Compliance
Compliance with ISO/IEC 27001 and ISO/IEC 27032 offers numerous
advantages, enhancing security, trust, and business continuity.
Enhanced
Information Security
Risk Reduction Increased Trust Legal and Regulatory
Compliance
Business Continuity
Competitive
Advantage
Efficiency and Cost
Savings

6. DATA GOVERNANCE
What are we protecting?
▪ Data Privacy - International laws and regs
▪ Reasonable security measures for legal defensibility
Data classification/Data mapping
▪ Data importance to the Org, to the customers, to the
regulators - strike a balance
▪ Identify the data - build reasonable controls around
it, RMFs are a great way to understand controls
around the data

8. Digital transformation uses digital technologies to improve business processes radically, create
new opportunities, and deliver value to customers, employees, and stakeholders.
Cybersecurity in Digital Transformation

9. Digital Transformation
Start With Why & Challenges
▪ Cloud Native Advantages
▪ Scale
▪ Transforming business environments
▪ Remote work (27/7/365)
▪ Security Culture Changes
▪ Risk Surface Areas

10. Increasing Importance of
Cybersecurity
The Digital
Revolution
Growing
Attack
Surface
Data-Centric
Approach
Remote Work

11. Risks and Challenges:
Cyber Threats
Compliance
Complexities
Skill Shortage
Legacy
Systems
Third-Party
Risk

12. C:> Introduction To 27001 and 27032
ISO/IEC 27001 ISO/IEC 27032

13. Scope: This standard provides a structured approach for ensuring the
confidentiality, integrity, and availability of information within an
organization. It encompasses the management of risks related to data,
systems, processes, and personnel.
ISO/IEC 27001 is a globally recognized Information
Security Management Systems (ISMS) standard.
Purpose: ISO/IEC 27001 is designed to help organizations
systematically manage and protect their valuable information
assets. Its primary purpose is establishing a framework for
identifying, assessing, and mitigating information security risks.
ISO/IEC 27001

14. Managing Information Security
Risk Assessment: Risk Mitigation:
Continuous
Improvement:
Compliance and
Certification:

15. ISO/IEC 27032
Role: ISO/IEC 27032 is crucial in enhancing cybersecurity by offering a
comprehensive framework for managing and mitigating cybersecurity
risks. It helps organizations establish a systematic approach to
safeguarding their information and digital assets.
ISO/IEC 27032, or "Information Technology -
Security Techniques - Guidelines for Cybersecurity,"
is an international standard that guides how
organizations and individuals can effectively
address cybersecurity issues.

16. Key Principles and Guidelines:
Collaboration:
Risk
Management
Incident
Response:
Legal and
Regulatory
Compliance:
Ethical
Behaviour

17. Myth Busting
Common Misconceptions

18. Case Studies
Background: Company A, a global financial institution,
implemented ISO/IEC 27001 to strengthen its cybersecurity
posture.
Results: After certification, Company A saw a 30%
reduction in security incidents, leading to substantial cost
savings and improved customer trust.
Background: Company B, a healthcare provider, adopted
ISO/IEC 27032 to enhance its cybersecurity resilience and
ensure compliance with healthcare data regulations.
Results: The organization successfully thwarted multiple
cyberattacks, protecting sensitive patient data and avoiding
regulatory penalties.
Background: Company C, a tech startup, achieved
ISO/IEC 27001 certification to differentiate itself in a
competitive market.
Results: The certification helped Company C secure
key partnerships and attract new clients, ultimately
driving revenue growth by 20% within a year.
Background: Company E, a multinational corporation,
utilized ISO/IEC 27032 to enhance global
cybersecurity collaboration with partners and
suppliers.
Results: Collaborative threat intelligence sharing
reduced cybersecurity incidents by 40% across the
supply chain, strengthening the overall security
ecosystem.

19. Implementation Steps
Step 1:
Leadership Buy-
In
Step 2:
Establish a
Project Team
Step 3: Scope
Definition
Step 4: Conduct
Risk
Assessment
Step 5: Develop
Policies and
Procedures
Step 6:
Implement
Controls
Step 7: Training
and Awareness
Step 8: Incident
Response
Planning
Step 9:
Compliance
Audits
Step 10:
External
Certification
Step 11:
Continuous
Improvement
Step 12: Risk
Assessments
and Update
Step 13:
Stakeholder
Communication

20. THANK YOU
Q&A
douglas.brush@accelconsulting.llc
cnjoya@alcees.com
https://www.linkedin.com/in/douglasab
rush/
https://www.linkedin.com/in/carole-
njoya/
xavier.malcolm@gmail.com https://www.linkedin.com/in/malcolmxa
vier/