Why ISO27001/ISO27005 for my organisation

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Alan Calder

CEO, Vigilant Software Thursday February 28th

PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.

Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE

Why ISO 27001 for my Organisation?

http://www.vigilantsoftware.co.uk/



Alan Calder

• CEO and founder of Vigilant Software.

• Acknowledged information security/risk management

thought leader.

• Managed the world’s first successful ISO 27001 (then

BS7799) implementation project in 1996.

• Frequent media commentator on risk management

issues.

• Co-author of vsRisk™ – the definitive cyber security risk

assessment tool.




Today’s Webinar in Context

• Today’s webinar is #1 in a series of 4 educational

webinars.

• The 4 webinars are designed to take you on a learning

journey:

• Webinar 1 (Today) - Why ISO 27001 for my Organisation?

• Webinar 2 – The Importance of risk management.

• Webinar 3 – Carrying out a risk assessment using vsRisk.

• Webinar 4 – Maintaining/updating your risk assessment using

vsRisk.

• Registration details of these webinars at the end.




Today’s Agenda

• A short 20-30 minutes educational and informative talk on:

• What is information security?

• What is an information security management system (ISMS)?

• What is ISO 27001?

• The drivers for ISO 27001.

• Why should my organisation care about ISO 27001?

• Accredited Certification.

• The central role of risk assessment in ISO 27001.

• Ample time for Q&A.

• Next steps.




What is information security?

‘Preservation of confidentiality, integrity and availability of

information; in addition, other properties such as

authenticity, accountability, non-repudiation and reliability

can also be involved’.

ISO/IEC 27001:2005




What is an ISMS?

Information Security Management System (ISMS):

Systematic approach to managing confidential or sensitive

corporate information so that it remains secure.




What is ISO 27001?

• An ISMS standard that replaced BS77799-2:2002 in late 2005.

• The world’s only cyber security standard.

• Formally specifies an ISMS that is intended to bring information

security under explicit management control.

• Best practice specification that helps businesses and organisations

throughout the world develop a best-in-class ISMS.

• Adopts the Plan-Do-Check-Act (PDCA) model.




Plan-Do-Check-Act




Drivers for ISO 27001

• Clients need confidence in their supply chain.

• Breaches of Personal Data can bring fines up to £500k

by the Information Commissioner.

• Data Handling Review 2008 – better information security

in Govt and down the food chain.

• Improved reputational protection.

• Balance expenditure to the information security risk.




Why should my organisation care about ISO

27001?

Reason 1 - Compliance

ISO 27001 can bring in the methodology that enables

organisations to comply in the most efficient way.

Certification is often the quickest ‘return on investment’ – if

an organisation must comply to various regulations

regarding data protection, privacy and IT governance

(particularly if it is a financial, health or government

organisation).





27001?

Reason 2 - Marketing edge

In a market which is more and more competitive, it is

sometimes very difficult to find something that will

differentiate you in the eyes of your customers. ISO 27001

could be indeed a unique selling point, especially if you

handle clients’ sensitive information.





27001?

Reason 3 - Lowering the expenses

Information security is usually considered as a cost with no

obvious financial gain. However, there is financial gain if

you lower your expenses caused by incidents. You

probably do have interruption in service, or occasional data

leakage, or disgruntled employees. Or disgruntled former

employees.





27001? Reason 4 - Putting your business in order

ISO 27001 is particularly good in sorting out those thorny

management system issues – it forces you to define very

precisely both the responsibilities and duties, and therefore

strengthen your internal organisation.




Accredited Certification

•Provides evidence of Information Security Management

System assurance.

•Verified by independent auditor.

•In UK authority is UKAS Accredited Certification scheme:

World wide recognition.

•National certification body – member of International

Accreditation Forum.




The central role of risk assessment in ISO 27001

ISO 27001:2005 conformance requires implementation and

documentation of an Information Security Management

System (ISMS) implementing controls selected in

accordance with 4.2..1.g, (control objectives in Annex A)




The central role of risk assessment in ISO 27001

•Structured ISMS gives:

• Best practice.

• Marketing opportunities.

• Compliance to Corporate Governance requirements.

• Appropriate action to comply with law.

• Systematic approach to risks.

• Credibility with staff, customers and partner organisations.

• Informed decisions on security investments.




Next Steps – Upcoming Educational Webinars

• Webinar 2 - The Importance of Risk Management - Thursday

March 7th, 4pm UK Time (Next week).

• Webinar 3 - Carrying out a Risk Assessment using vsRisk -

Thursday March 14th, 4pm UK Time.

• Webinar 4 - Maintaining and Updating your Risk Assessment

using vsRisk - Thursday March 21st, 4pm UK Time. Includes

announcement of special offer for vsRisk.

Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx


http://www.vigilantsoftware.co.uk/webinars.aspx?utm_source=webinars&utm_medium=vsriskwebinarslidesq113



Before the next webinars…

Read a book…

Read the world's first practical e-book

guidance on achieving ISO 27001

certification and the nine

essential steps to an effective ISMS

implementation.

Available for £25.95 (usually £29.95)

http://www.vigilantsoftware.co.uk/pr

oduct/1651.aspx

Download a free trial of vsRisk

The cyber security risk assessment

tool compliant to ISO 27001 that

automates and accelerates the risk

management process.

15-day free trial at

http://www.vigilantsoftware.co.uk


http://www.vigilantsoftware.co.uk/product/1651.aspx

http://www.vigilantsoftware.co.uk/product/1651.aspx

http://www.vigilantsoftware.co.uk/?utm_source=webinars&utm_medium=vsriskwebinarslidesq113



Next Steps – Special February offer of risk

assessment software vsRisk

• Purchases of vsRisk by attendees of this webinar will include free 1

years S&U (worth £150+) – offer valid today (until end of February

2013).

• To claim this offer, please email

[email protected] or call 0845 003 8228 and

quote code ‘vsRisk webinar offer.’




Next Steps – Want to know more?

If you would like to know more about ISO 27001, including

how to carry out an ISO 27001-compliant risk assessment,

please visit http://www.vigilantsoftware.co.uk/ or email

[email protected].


http://www.vigilantsoftware.co.uk/?utm_source=webinars&utm_medium=vsriskwebinarslidesq113

mailto:[email protected]



Questions – we welcome them all!

Please type your questions into the Webex chat window –

responses will generally be verbal and shared with all

delegates.


Why ISO27001/ISO27005 for my organisation

Technology

Transcript of Why ISO27001/ISO27005 for my organisation