“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Alan Calder and Phil Hare

Vigilant Software Thursday March 21st

PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.

Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE

Maintaining and updating your risk

assessment using vsRisk™

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Alan Calder

• CEO and founder of Vigilant Software

• Acknowledged information security/risk management

thought leader

• Managed the world’s first successful ISO27001 (then

BS7799) implementation project in 1996

• Frequent media commentator on risk management

issues

• Co-author of vsRisk™ – the definitive cybersecurity risk

assessment tool

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Today’s Webinar in Context

• Today’s webinar is #4 in a series of 4 educational

webinars.

• The 4 webinars are designed to take you on a learning

journey:

• Webinar 1 - Why IS027001 for my Organisation?

• Webinar 2 – The Importance of risk management

• Webinar 3 – Carrying out a risk assessment using vsRisk

• Webinar 4 (Today) – Maintaining/updating your risk assessment

using vsRisk.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Today’s Agenda

• A short 20-30 minutes educational and informative talk:

• Quick recap of last 3 week’s webinar – Why ISO 27001, the

importance of risk management, and using vsRisk to carry out a

risk assessment.

• Why maintain and update your risk assessment?

• Maintaining and update your risk assessment using vsRisk -

software demonstration.

• Ample time for Q&A.

• Next steps including a special offer for vsRisk.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Recap – last 3 webinars

In the last 3 webinars we covered:

• What is information security?

• What is an information security management system (ISMS)?

• What is ISO 27001?

• Why should I and my organisation care about ISO 27001?

• The importance of risk management.

• Carrying out a risk assessment using vsRisk.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Why maintain/update your risk assessment?

It is vitally important to maintain and update your ISMS for

two main reasons:

Reason 1 - Change of ISMS environment

Any change to the ISMS needs assessing – e.g. new job

roles, new equipment, business growth, change in

legislation, change in supply chain…

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Why maintain/update your risk assessment?

Reason 2 - ISO 27001 relies on the Plan-Do-Check-Act (PDCA)

approach.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Why maintain/update your risk assessment?

PDCA is a constant cycle of review and action.

Acceptance criteria (established before any actual assessment took

place) - should be reviewed.

It is wise to consider reducing the overall acceptance criteria of the

organisation before engaging in the next pass of the PDCA cycle,

updating the assessment as such and thus reducing the level of risk

overall.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Why is vsRisk unique?

vsRisk is the only tool in its price range that integrates

out-of-the-box in to an ISO 27001 management system,

allowing users to carry out an automated, robust and

extensive cyber security risk assessment of their

organisation’s assets compliant with ISO 27001.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

What can vsRisk do for you?

Automates assessment of information risk – the risk-

assessment wizard eliminates the opportunity for human

and spread sheet error, improving consistency across time,

and improving the robustness of risk management

decisions.

Accelerates the information risk assessment process –

vsRisk substantially reduces the time and cost required for

an ISMS project.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

What can vsRisk do for you? Contd.

Integrates, out-of-the-box, into an ISO 27001

management system – vsRisk employs a risk assessment

methodology that complies with ISO 27001 and ISO 27005,

reducing the risk of non-compliance at audit of an ISO

27001 ISMS.

Produces key ISO 27001 documentation – Statement of

Applicability and Risk Treatment Plan ensure consistency

in documentation quality and transparency across the risk

management process initially and over time.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Phil Hare

• An information security professional with many years’ experience of

information security risk assessments.

• Heavily involved in the specification and creation of one of the

leading software tools for ISO 27001 compliant risk assessments

available today.

• A broad knowledge of the technical, procedural, methodological and

theoretical aspects of Information Security Risk Assessment.

• Instrumental in successful ISMS development projects across a

wide range of organisations.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

vsRisk - Demo

Software demonstration – maintaining and updating a risk

assessment using vsRisk.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Next steps

Read a book…

Read the world's first practical e-book

guidance on achieving ISO 27001

certification and the nine

essential steps to an effective ISMS

implementation.

Available for £29.95 at

http://www.vigilantsoftware.co.uk/pr

oduct/1651.aspx

Buy and/or get a free trial of vsRisk

The cyber security risk assessment

tool compliant to ISO 27001 that

automates and accelerates the risk

management process.

Buy (£995 for Standalone) and/or

get a free trial at

http://www.vigilantsoftware.co.uk

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Next Steps – Special March offer of risk

assessment software vsRisk

• Purchases of vsRisk in March will include for free a digital copy of

the information security risk management standard, ISO 27005

(worth £100) and a digital copy of the book Information Security Risk

Management for ISO 27001/ISO 27002 (worth £39.95).

• To claim this offer, please visit www.vigilantsoftware.co.uk.

• Offer valid until Thursday March 28th.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Next Steps – Want to know more?

• If you would like to know more about ISO 27001,

including how to carry out an ISO 27001-compliant risk

assessment using vsRisk, please visit

http://www.vigilantsoftware.co.uk or email

servicecentre@vigilantsoftware.co.uk.

• Free trial of vsRisk available at

http://www.vigilantsoftware.co.uk

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Questions – we welcome them all!

Please type your questions into the Webex chat window –

responses will generally be verbal and shared with all

delegates.