Maintaining and updating your risk assessment using vsRisk
Click here to load reader
-
Upload
michael-francis -
Category
Technology
-
view
261 -
download
2
description
Transcript of Maintaining and updating your risk assessment using vsRisk
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Alan Calder and Phil Hare
Vigilant Software Thursday March 21st
PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.
Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE
Maintaining and updating your risk
assessment using vsRisk™
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Alan Calder
• CEO and founder of Vigilant Software
• Acknowledged information security/risk management
thought leader
• Managed the world’s first successful ISO27001 (then
BS7799) implementation project in 1996
• Frequent media commentator on risk management
issues
• Co-author of vsRisk™ – the definitive cybersecurity risk
assessment tool
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Webinar in Context
• Today’s webinar is #4 in a series of 4 educational
webinars.
• The 4 webinars are designed to take you on a learning
journey:
• Webinar 1 - Why IS027001 for my Organisation?
• Webinar 2 – The Importance of risk management
• Webinar 3 – Carrying out a risk assessment using vsRisk
• Webinar 4 (Today) – Maintaining/updating your risk assessment
using vsRisk.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Agenda
• A short 20-30 minutes educational and informative talk:
• Quick recap of last 3 week’s webinar – Why ISO 27001, the
importance of risk management, and using vsRisk to carry out a
risk assessment.
• Why maintain and update your risk assessment?
• Maintaining and update your risk assessment using vsRisk -
software demonstration.
• Ample time for Q&A.
• Next steps including a special offer for vsRisk.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Recap – last 3 webinars
In the last 3 webinars we covered:
• What is information security?
• What is an information security management system (ISMS)?
• What is ISO 27001?
• Why should I and my organisation care about ISO 27001?
• The importance of risk management.
• Carrying out a risk assessment using vsRisk.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why maintain/update your risk assessment?
It is vitally important to maintain and update your ISMS for
two main reasons:
Reason 1 - Change of ISMS environment
Any change to the ISMS needs assessing – e.g. new job
roles, new equipment, business growth, change in
legislation, change in supply chain…
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why maintain/update your risk assessment?
Reason 2 - ISO 27001 relies on the Plan-Do-Check-Act (PDCA)
approach.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why maintain/update your risk assessment?
PDCA is a constant cycle of review and action.
Acceptance criteria (established before any actual assessment took
place) - should be reviewed.
It is wise to consider reducing the overall acceptance criteria of the
organisation before engaging in the next pass of the PDCA cycle,
updating the assessment as such and thus reducing the level of risk
overall.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Why is vsRisk unique?
vsRisk is the only tool in its price range that integrates
out-of-the-box in to an ISO 27001 management system,
allowing users to carry out an automated, robust and
extensive cyber security risk assessment of their
organisation’s assets compliant with ISO 27001.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What can vsRisk do for you?
Automates assessment of information risk – the risk-
assessment wizard eliminates the opportunity for human
and spread sheet error, improving consistency across time,
and improving the robustness of risk management
decisions.
Accelerates the information risk assessment process –
vsRisk substantially reduces the time and cost required for
an ISMS project.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What can vsRisk do for you? Contd.
Integrates, out-of-the-box, into an ISO 27001
management system – vsRisk employs a risk assessment
methodology that complies with ISO 27001 and ISO 27005,
reducing the risk of non-compliance at audit of an ISO
27001 ISMS.
Produces key ISO 27001 documentation – Statement of
Applicability and Risk Treatment Plan ensure consistency
in documentation quality and transparency across the risk
management process initially and over time.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Phil Hare
• An information security professional with many years’ experience of
information security risk assessments.
• Heavily involved in the specification and creation of one of the
leading software tools for ISO 27001 compliant risk assessments
available today.
• A broad knowledge of the technical, procedural, methodological and
theoretical aspects of Information Security Risk Assessment.
• Instrumental in successful ISMS development projects across a
wide range of organisations.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
vsRisk - Demo
Software demonstration – maintaining and updating a risk
assessment using vsRisk.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next steps
Read a book…
Read the world's first practical e-book
guidance on achieving ISO 27001
certification and the nine
essential steps to an effective ISMS
implementation.
Available for £29.95 at
http://www.vigilantsoftware.co.uk/pr
oduct/1651.aspx
Buy and/or get a free trial of vsRisk
The cyber security risk assessment
tool compliant to ISO 27001 that
automates and accelerates the risk
management process.
Buy (£995 for Standalone) and/or
get a free trial at
http://www.vigilantsoftware.co.uk
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Special March offer of risk
assessment software vsRisk
• Purchases of vsRisk in March will include for free a digital copy of
the information security risk management standard, ISO 27005
(worth £100) and a digital copy of the book Information Security Risk
Management for ISO 27001/ISO 27002 (worth £39.95).
• To claim this offer, please visit www.vigilantsoftware.co.uk.
• Offer valid until Thursday March 28th.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Want to know more?
• If you would like to know more about ISO 27001,
including how to carry out an ISO 27001-compliant risk
assessment using vsRisk, please visit
http://www.vigilantsoftware.co.uk or email
• Free trial of vsRisk available at
http://www.vigilantsoftware.co.uk
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Questions – we welcome them all!
Please type your questions into the Webex chat window –
responses will generally be verbal and shared with all
delegates.