SlideShare a Scribd company logo

Why_ISO_27001_Awareness_Presentation_EN.pptx

Download as PPTX, PDF
Y
yeliga7878

The document discusses why companies should implement the ISO 27001 information security standard. It provides an overview of ISO 27001, including that it is an international standard developed by security experts to protect confidentiality, integrity, and availability of information. The document outlines the ISO 27001 framework, including conducting a risk assessment and implementing 114 controls to manage risks. It also discusses myths about ISO 27001 and the benefits to a company, such as compliance, marketing advantages, and lower expenses. Implementation details are provided, including assigning a project manager over a set number of months. Employees are urged to participate in the implementation.

1 of 14
Why ISO 27001? Subtitle or presenter
By implementing information security, you help both your company and yourself 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 2
Content • Basic information about ISO 27001 • The purpose of ISO 27001 • The ISO 27001 framework • ISO 27001 myths • Benefits for our company • Implementation details • Your role in the implementation 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 3
Basic information about ISO 27001 • International standard, published by ISO • Developed by leading information security experts • Applicable to any industry • Applicable to any size company • More than 20,000 companies have certified worldwide 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 4
The purpose of ISO 27001 Preservation of: • Confidentiality • Integrity • Availability 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 5
How to protect the information Controls (safeguards): • Procedure • Password • Encryption • Legal • Training & awareness 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 6
What is information security? 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 7 Information
The ISO 27001 framework 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 8 Risk assessment & treatment 114 controls from Annex A
ISO 27001 myths • “This is an IT job” • “It’s all about writing policies and procedures” • “We’ll get lost in all those documents” • “ISO 27001 will only make our job more difficult” • “It will be implemented in 2 months” • “We do it only because of the certification” 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 9
Benefits for our company 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 10 Compliance Marketing edge Lowering the expenses Optimizing business processes
Implementation details • Project manager: [insert name] • Project sponsor: [insert name] • Project duration: [insert number of months] 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 11
Your role in the implementation • Suggest which processes to document • Suggest changes in existing & new policies and procedures • Read all the new documents and attend awareness & training sessions • Comply with policies and procedures once they are published 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 12
ISO 27001 helps you put all the pieces together (if done properly) 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 13
Thank you! Presenter’s name 10/20/2023 Copyright ©2014 27001Academy. All rights reserved. 14

Recommended

Why iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enWhy iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_en
Selby Wilson
 
Why_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptxWhy_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptx
FirozKhan158275
 
Why_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptxWhy_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptx
ssuserb5e127
 
An introduction to BSI.
An introduction to BSI.An introduction to BSI.
An introduction to BSI.
Normdocs
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
Corporacion Colombia Digital
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 

Recommended

Why iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_enWhy iso 27001_awareness_presentation_en
Why iso 27001_awareness_presentation_en
Selby Wilson
 
Why_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptxWhy_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptx
FirozKhan158275
 
Why_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptxWhy_ISO_20000_Awareness_Presentation_EN.pptx
Why_ISO_20000_Awareness_Presentation_EN.pptx
ssuserb5e127
 
An introduction to BSI.
An introduction to BSI.An introduction to BSI.
An introduction to BSI.
Normdocs
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
Corporacion Colombia Digital
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
IT Governance Ltd
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
IT Governance Ltd
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread
 
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdf
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdf
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdf
trainingJaiswalgroup
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
IEVISION IT SERVICES Pvt. Ltd
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
AgileNetwork
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
IEVISION IT SERVICES Pvt. Ltd
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
IEVISION IT SERVICES Pvt. Ltd
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
IEVISION IT SERVICES Pvt. Ltd
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
Secure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 PerspectiveSecure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 Perspective
SPIN Chennai
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Nguyễn Đăng Quang
 
COBIT®5 - Foundation
COBIT®5 - FoundationCOBIT®5 - Foundation
COBIT®5 - Foundation
Mirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Jan 23 Webinar on Document Center Acquistion.pptx
Jan 23 Webinar on Document Center Acquistion.pptxJan 23 Webinar on Document Center Acquistion.pptx
Jan 23 Webinar on Document Center Acquistion.pptx
Leanne Forbes
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Schellman & Company
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
tdt5v4b
 
innovation in nursing practice, education and management.pptx
innovation in nursing practice, education and management.pptxinnovation in nursing practice, education and management.pptx
innovation in nursing practice, education and management.pptx
TulsiDhidhi1
 

More Related Content

Similar to Why_ISO_27001_Awareness_Presentation_EN.pptx

Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
IT Governance Ltd
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
IT Governance Ltd
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread
 
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdf
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdf
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdf
trainingJaiswalgroup
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
IEVISION IT SERVICES Pvt. Ltd
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
AgileNetwork
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
IEVISION IT SERVICES Pvt. Ltd
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
IEVISION IT SERVICES Pvt. Ltd
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
IEVISION IT SERVICES Pvt. Ltd
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
Secure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 PerspectiveSecure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 Perspective
SPIN Chennai
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
PECB
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Nguyễn Đăng Quang
 
COBIT®5 - Foundation
COBIT®5 - FoundationCOBIT®5 - Foundation
COBIT®5 - Foundation
Mirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Jan 23 Webinar on Document Center Acquistion.pptx
Jan 23 Webinar on Document Center Acquistion.pptxJan 23 Webinar on Document Center Acquistion.pptx
Jan 23 Webinar on Document Center Acquistion.pptx
Leanne Forbes
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Schellman & Company
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
Shane Coughlan
 

Similar to Why_ISO_27001_Awareness_Presentation_EN.pptx (20)

Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0Implementing PCI DSS v 2.0 and v 3.0
Implementing PCI DSS v 2.0 and v 3.0
 
Implementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practiceImplementing PCI DSS v2.0 and v3.0 best practice
Implementing PCI DSS v2.0 and v3.0 best practice
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMOVisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
VisibleThread User Experience Within Our ISO 20K Certified Air Force PMO
 
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdf
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdfHandout day 1.pdf
Handout day 1.pdfHandout day 1.pdfHandout day 1.pdf
 
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
ISO 27001 Lead Implementer Classroom Training Course Certification - ievision...
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
Agile Chennai 2023 | DevOps Business Impact - Sustainable Value Delivery - Pa...
 
Iso 27001 lead implementer
Iso 27001 lead implementerIso 27001 lead implementer
Iso 27001 lead implementer
 
Iso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcityIso 27001 lead implementer training in kuwaitcity
Iso 27001 lead implementer training in kuwaitcity
 
Iso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadiIso 27001 lead implementer in al ahmadi
Iso 27001 lead implementer in al ahmadi
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Secure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 PerspectiveSecure Software Development – COBIT5 Perspective
Secure Software Development – COBIT5 Perspective
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
COBIT®5 - Foundation
COBIT®5 - FoundationCOBIT®5 - Foundation
COBIT®5 - Foundation
 
Jan 23 Webinar on Document Center Acquistion.pptx
Jan 23 Webinar on Document Center Acquistion.pptxJan 23 Webinar on Document Center Acquistion.pptx
Jan 23 Webinar on Document Center Acquistion.pptx
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01OpenChain Monthly Meeting 2022-11-01
OpenChain Monthly Meeting 2022-11-01
 

Recently uploaded

原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
tdt5v4b
 
innovation in nursing practice, education and management.pptx
innovation in nursing practice, education and management.pptxinnovation in nursing practice, education and management.pptx
innovation in nursing practice, education and management.pptx
TulsiDhidhi1
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
tdt5v4b
 
Credit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentationCredit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentation
bernanbumatay1
 
Chart--Time Management.pdf How to time is spent
Chart--Time Management.pdf How to time is spentChart--Time Management.pdf How to time is spent
Chart--Time Management.pdf How to time is spent
spandane
 
W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...
W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...
W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...
William (Bill) H. Bender, FCSI
 
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
tdt5v4b
 
Strategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptxStrategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptx
KarthikRaghu8
 
Risk-Management-presentation for cooperatives
Risk-Management-presentation for cooperativesRisk-Management-presentation for cooperatives
Risk-Management-presentation for cooperatives
bernanbumatay1
 
一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理
8p28uk6g
 
All the Small Things - XP2024 Bolzano/Bozen
All the Small Things - XP2024 Bolzano/BozenAll the Small Things - XP2024 Bolzano/Bozen
All the Small Things - XP2024 Bolzano/Bozen
Alberto Brandolini
 
Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
Ram V Chary
 
Comparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile SystemsComparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile Systems
Rob Healy
 
Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™
Alexey Krivitsky
 
Public Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdfPublic Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdf
Pinta Partners
 
Employment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational CorporationsEmployment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational Corporations
RoopaTemkar
 
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Dr. Nazrul Islam
 
Resource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdfResource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdf
FeteneA
 
Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024
stuwilson.co.uk
 
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...
dsnow9802
 

Recently uploaded (20)

原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
原版制作(CDU毕业证书)查尔斯达尔文大学毕业证PDF成绩单一模一样
 
innovation in nursing practice, education and management.pptx
innovation in nursing practice, education and management.pptxinnovation in nursing practice, education and management.pptx
innovation in nursing practice, education and management.pptx
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
 
Credit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentationCredit-Management seminar for cooperative power point presentation
Credit-Management seminar for cooperative power point presentation
 
Chart--Time Management.pdf How to time is spent
Chart--Time Management.pdf How to time is spentChart--Time Management.pdf How to time is spent
Chart--Time Management.pdf How to time is spent
 
W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...
W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...
W.H.Bender Quote 66 - ServPoints Sequence of Service™ should be Identified fo...
 
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
在线办理(UVic毕业证书)维多利亚大学毕业证录取通知书一模一样
 
Strategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptxStrategy for E-Types - Strategy Formulation.pptx
Strategy for E-Types - Strategy Formulation.pptx
 
Risk-Management-presentation for cooperatives
Risk-Management-presentation for cooperativesRisk-Management-presentation for cooperatives
Risk-Management-presentation for cooperatives
 
一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理一比一原版(QU毕业证)皇后大学毕业证如何办理
一比一原版(QU毕业证)皇后大学毕业证如何办理
 
All the Small Things - XP2024 Bolzano/Bozen
All the Small Things - XP2024 Bolzano/BozenAll the Small Things - XP2024 Bolzano/Bozen
All the Small Things - XP2024 Bolzano/Bozen
 
Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...Integrity in leadership builds trust by ensuring consistency between words an...
Integrity in leadership builds trust by ensuring consistency between words an...
 
Comparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile SystemsComparing Stability and Sustainability in Agile Systems
Comparing Stability and Sustainability in Agile Systems
 
Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™Strategic Org Design with Org Topologies™
Strategic Org Design with Org Topologies™
 
Public Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdfPublic Speaking Tips to Help You Be A Strong Leader.pdf
Public Speaking Tips to Help You Be A Strong Leader.pdf
 
Employment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational CorporationsEmployment Practices Regulation and Multinational Corporations
Employment Practices Regulation and Multinational Corporations
 
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...
 
Resource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdfResource-mobilization-guide-for-community-based-organizations1.pdf
Resource-mobilization-guide-for-community-based-organizations1.pdf
 
Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024Stuart Wilson the teams I have led - 2024
Stuart Wilson the teams I have led - 2024
 
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...
 

Why_ISO_27001_Awareness_Presentation_EN.pptx

  • 1. Why ISO 27001? Subtitle or presenter
  • 2. By implementing information security, you help both your company and yourself 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 2
  • 3. Content • Basic information about ISO 27001 • The purpose of ISO 27001 • The ISO 27001 framework • ISO 27001 myths • Benefits for our company • Implementation details • Your role in the implementation 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 3
  • 4. Basic information about ISO 27001 • International standard, published by ISO • Developed by leading information security experts • Applicable to any industry • Applicable to any size company • More than 20,000 companies have certified worldwide 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 4
  • 5. The purpose of ISO 27001 Preservation of: • Confidentiality • Integrity • Availability 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 5
  • 6. How to protect the information Controls (safeguards): • Procedure • Password • Encryption • Legal • Training & awareness 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 6
  • 7. What is information security? 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 7 Information
  • 8. The ISO 27001 framework 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 8 Risk assessment & treatment 114 controls from Annex A
  • 9. ISO 27001 myths • “This is an IT job” • “It’s all about writing policies and procedures” • “We’ll get lost in all those documents” • “ISO 27001 will only make our job more difficult” • “It will be implemented in 2 months” • “We do it only because of the certification” 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 9
  • 10. Benefits for our company 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 10 Compliance Marketing edge Lowering the expenses Optimizing business processes
  • 11. Implementation details • Project manager: [insert name] • Project sponsor: [insert name] • Project duration: [insert number of months] 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 11
  • 12. Your role in the implementation • Suggest which processes to document • Suggest changes in existing & new policies and procedures • Read all the new documents and attend awareness & training sessions • Comply with policies and procedures once they are published 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 12
  • 13. ISO 27001 helps you put all the pieces together (if done properly) 10/20/2023 Copyright ©2014 9001Academy. All rights reserved. 13
  • 14. Thank you! Presenter’s name 10/20/2023 Copyright ©2014 27001Academy. All rights reserved. 14

Editor's Notes

  1. In this presentation I’ll show you why ISO 27001 doesn’t have to be just another bureaucratic compliance job – I’ll show you how it can help you do your job.
  2. The main point is – information security can be very useful – not only for our company, but also for you personally.
  3. ISO = International Organization for Standardization Developed by leading information security experts – the point is, ISO 27001 is the summary of best information security practices worldwide
  4. Confidentiality = only the authorized persons can access the information Integrity = only the authorized persons or systems can change the information Availability = the information is available when needed The point is: information security is not only about confidentiality, it is also about preserving the integrity and availability
  5. How can we protect the confidentiality, integrity and availability? Let's say, you leave your laptop frequently in your car, on the back seat. Chances are, sooner or later it will get stolen. So, what can you do to decrease the risk to your information? First of all, you can make a rule (by writing a procedure or a policy) that laptops cannot be left in a car unattended, or that you have to park a car where some kind of physical protection exists. Second, you can protect your information by setting a strong password and encrypting your data. Further, you can require your employees to sign a statement by which they are legally responsible for the damage that may occur. But all these measures may remain ineffective if you didn’t explain the rules to your employees through a short training. QUESTION: Can you think of any other risks in our company, and the ways to mitigate them?
  6. So what can we conclude from the laptop example? The controls are never only IT-related – they always involve organizational issues, human resources management, physical security and legal protection. Therefore, information security is a set of combined controls, very diversified in nature.
  7. Now, since our company has [use real number here] laptops, [number] servers, a complex network, lots of sensitive information in databases and on paper, many contractors, etc. - if protecting the information on a single laptop was easy, managing the security of all of these assets in an organization is certainly not. For that you need a system, and ISO 27001 defines the Information Security Management System or ISMS. So, what is it that you need to do to set your ISMS? First you need to find out what can go wrong with your information – that is, how can the confidentiality, integrity and availability of each and every piece of information in your company be endangered – this is done through a process called risk assessment; once you know where the risks are, you need to select appropriate controls (or safeguards) for each risk you find unacceptable.
  8. “This is an IT job” – this is wrong because security is everyone’s job – e.g., everyone needs to protect his or her laptop “It’s all about writing policies and procedures” – this is wrong because the point is not in writing documents, but in applying them in practice – e.g., if the procedure says that backup needs to be done daily even for laptops, then this is something that everyone needs to do “We’ll get lost in all those documents” – wrong because we will write only the documents that are really needed – we will try to keep the number of documents to a minimum; besides, we will present you with the documents before they are published “ISO 27001 will only make our job more difficult” – this standard may require some new things from you, but it will help you with other things – e.g., implementation of ISO 27001 will decrease the number of IT incidents, meaning that employees in the IT department won’t have to lose time on resolving those incidents; also, it will decrease the chance of someone abusing your account and performing fraud (for which you would be held accountable) “It will be implemented in 2 months” – this is wrong because implementation of ISO 27001 requires changes in behavior, and we cannot make several changes at the same time (imagine if we published 20 new policies and procedures in a single day). This is why these documents need to be introduced gradually “We do it only because of the certification” – certification is one of our goals, but not the only one… [go to the next slide]
  9. [choose the benefits that fit your company – for detailed explanation of each of these read this article: Four key benefits of ISO 27001 implementation http://blog.iso27001standard.com/2010/07/21/four-key-benefits-of-iso-27001-implementation/]
  10. Project manager – write here the person who will coordinate the implementation of ISO 27001 Project sponsor – write here someone from the top management who will provide you with support for your project Project duration – calculate the time needed using this free calculator: http://www.iso27001standard.com/en/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation
  11. Suggest which process to document – if you think some process is important, but it is not clear who has to perform the tasks in this process, when and how
  12. So to conclude – this standard enables you to take into account all the information in various forms and all the potential problems, and gives you the methodology how to keep the information secure. And in it will even make your job easier in some cases. However, to be effective, ISO 27001 needs to be implemented for real, not just because of an auditor and not just by printing documents without applying them.