Lean ISMS - An ISO27001 based System for SMBs

LEAN ISMS - An ISO27001 based Security Management System for SMBs

Security as a Manageable BoX

2© Happiest Minds - All rights reserved

In this Presentation

• Challenges faced by SMBs• Happiest Minds Value Proposition• Happiest Minds Solution • Managing a secure posture• Benefits of Lean ISMS


Security Challenges for SMBs

Constantly under pressure to remain focused on business growth

Quick to adapt new technologies but often lack security budget

Can’t afford time, effort, skills & other resources

Often remain in the dark about threats, risks & compliance

Finally, rush to vendors to put in some quick measures

The rush and quick measures pose a new set of challenges

G

C

P

C

S

R


Value Proposition

• Adopt an integrated approach early

Get secure in the shortest possible time

• Why and how• Educate, Establish, Ensure Effectiveness, Efficiency &

Enhancement

Become aware of what needs to be maintained

• Monitor, Measure & Manage

SMB – Security as a Manageable Box


Strategy for LISMS

Start small and start early and• Avoid waiting for the moment to arrive

Institute a baseline program• To achieve a baseline, GRC or ISO27001 is an overkill

Avoid plunging into ISO27001• ISO is good but is often too heavy for SMBs

Need to be nimble, got more business to do• Pay for it instead of owning it


Solution - Lean ISMS

What is lean ISMS

Why is it required

What’s different about it

How am I doing it

1

2

3

4


What is LEAN ISMS ?

LEAN ISMS is simple

Designed for SMBs

Enables quicker adoption

Focuses on compliance through Security

Helps pace integration of security into your business

Simplifies PDCA


Why Lean ISMS ?

Certification is not the goal

Focus on getting “Security” right• no rush, no audit, no non-

compliance• Security in your own business

terms

Paced integration of security aspects• Into business & support processes• With maximum support from

users/stakeholders• Certification based security loses

sheen post certification

See, smell, touch, taste and hear Security• Preparing in advance has its own

benefits and• No one is watching your

compliance posture except you


What do we “Manage” in GRC ?

Maintain policies, Manage Risks

Assess complianceOnce in a quarter• At People, Process &

Technology levels Record changes and incidentsTrack risk levels and help

mitigateAssist in communicating audit

and compliance reporting About Risk & Security posture


What’s in the Box?

People Process

Governance, Risk Management & Security

Technology

Security as a Manageable Box


Benefits to Business Leaders

Get your “Security House” in order

Quickly, effectively and efficiently

Lets you focus on risks strategically

Strategically and tactically

Control Security & Compliance costs

Know your GRC budget for the next three years

Ensure Compliance by action, every time


Benefits to IT, Security, Risk, Audit & Compliance Leaders

Know your risks

Realize your potential to absorb risks

Know your controls

Protect your assets based on risk appetite

Ensure Security is by design

Take part in business performance, actively

Lean ISMS - An ISO27001 based System for SMBs

Documents

Transcript of Lean ISMS - An ISO27001 based System for SMBs