SlideShare uma empresa Scribd logo

Why ISO27001/ISO27005 for my organisation

Michael Francis
Michael Francis

Vigilant Software discusses the importance of ISO27001 and ISO27005, including the business benefits of information security risk assessments.

TecnologiaNegócios
1 de 21
Baixar para ler offline
Why ISO 27001 for my Organisation? Alan Calder CEO, Vigilant Software Thursday February 28th PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Alan Calder • CEO and founder of Vigilant Software. • Acknowledged information security/risk management thought leader. • Managed the world’s first successful ISO 27001 (then BS7799) implementation project in 1996. • Frequent media commentator on risk management issues. • Co-author of vsRisk™ – the definitive cyber security risk assessment tool. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Today’s Webinar in Context • Today’s webinar is #1 in a series of 4 educational webinars. • The 4 webinars are designed to take you on a learning journey: • Webinar 1 (Today) - Why ISO 27001 for my Organisation? • Webinar 2 – The Importance of risk management. • Webinar 3 – Carrying out a risk assessment using vsRisk. • Webinar 4 – Maintaining/updating your risk assessment using vsRisk. • Registration details of these webinars at the end. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Today’s Agenda • A short 20-30 minutes educational and informative talk on: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • The drivers for ISO 27001. • Why should my organisation care about ISO 27001? • Accredited Certification. • The central role of risk assessment in ISO 27001. • Ample time for Q&A. • Next steps. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
What is information security? ‘Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved’. ISO/IEC 27001:2005 “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
What is an ISMS? Information Security Management System (ISMS): Systematic approach to managing confidential or sensitive corporate information so that it remains secure. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
What is ISO 27001? • An ISMS standard that replaced BS77799-2:2002 in late 2005. • The world’s only cyber security standard. • Formally specifies an ISMS that is intended to bring information security under explicit management control. • Best practice specification that helps businesses and organisations throughout the world develop a best-in-class ISMS. • Adopts the Plan-Do-Check-Act (PDCA) model. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Plan-Do-Check-Act “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Drivers for ISO 27001 • Clients need confidence in their supply chain. • Breaches of Personal Data can bring fines up to £500k by the Information Commissioner. • Data Handling Review 2008 – better information security in Govt and down the food chain. • Improved reputational protection. • Balance expenditure to the information security risk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO 27001? Reason 1 - Compliance ISO 27001 can bring in the methodology that enables organisations to comply in the most efficient way. Certification is often the quickest ‘return on investment’ – if an organisation must comply to various regulations regarding data protection, privacy and IT governance (particularly if it is a financial, health or government organisation). “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO 27001? Reason 2 - Marketing edge In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could be indeed a unique selling point, especially if you handle clients’ sensitive information. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO 27001? Reason 3 - Lowering the expenses Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expenses caused by incidents. You probably do have interruption in service, or occasional data leakage, or disgruntled employees. Or disgruntled former employees. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Why should my organisation care about ISO 27001? Reason 4 - Putting your business in order ISO 27001 is particularly good in sorting out those thorny management system issues – it forces you to define very precisely both the responsibilities and duties, and therefore strengthen your internal organisation. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Accredited Certification •Provides evidence of Information Security Management System assurance. •Verified by independent auditor. •In UK authority is UKAS Accredited Certification scheme: World wide recognition. •National certification body – member of International Accreditation Forum. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
The central role of risk assessment in ISO 27001 ISO 27001:2005 conformance requires implementation and documentation of an Information Security Management System (ISMS) implementing controls selected in accordance with 4.2..1.g, (control objectives in Annex A) “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
The central role of risk assessment in ISO 27001 •Structured ISMS gives: • Best practice. • Marketing opportunities. • Compliance to Corporate Governance requirements. • Appropriate action to comply with law. • Systematic approach to risks. • Credibility with staff, customers and partner organisations. • Informed decisions on security investments. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Next Steps – Upcoming Educational Webinars • Webinar 2 - The Importance of Risk Management - Thursday March 7th, 4pm UK Time (Next week). • Webinar 3 - Carrying out a Risk Assessment using vsRisk - Thursday March 14th, 4pm UK Time. • Webinar 4 - Maintaining and Updating your Risk Assessment using vsRisk - Thursday March 21st, 4pm UK Time. Includes announcement of special offer for vsRisk. Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Before the next webinars… Read a book… Download a free trial of vsRisk Read the world's first practical e-book The cyber security risk assessment guidance on achieving ISO 27001 tool compliant to ISO 27001 that certification and the nine automates and accelerates the risk essential steps to an effective ISMS management process. implementation. Available for £25.95 (usually £29.95) 15-day free trial at http://www.vigilantsoftware.co.uk/pr http://www.vigilantsoftware.co.uk oduct/1651.aspx “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Next Steps – Special February offer of risk assessment software vsRisk • Purchases of vsRisk by attendees of this webinar will include free 1 years S&U (worth £150+) – offer valid today (until end of February 2013). • To claim this offer, please email servicecentre@vigilantsoftware.co.uk or call 0845 003 8228 and quote code ‘vsRisk webinar offer.’ “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Next Steps – Want to know more? If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment, please visit http://www.vigilantsoftware.co.uk/ or email servicecentre@vigilantsoftware.co.uk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
Questions – we welcome them all! Please type your questions into the Webex chat window – responses will generally be verbal and shared with all delegates. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013

Recomendados

Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMichael Francis
 
Using vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentUsing vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentMichael Francis
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfLakshy Management Consultant Pvt Ltd
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security ManagementIT Governance Ltd
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementLars Neupart
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 

Recomendados

Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMichael Francis
 
Using vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentUsing vsRisk to carry out a risk assessment
Using vsRisk to carry out a risk assessmentMichael Francis
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfLakshy Management Consultant Pvt Ltd
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security ManagementIT Governance Ltd
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementLars Neupart
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Iso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 lowIso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 lowLakshy Management Consultant Pvt Ltd
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?Lars Neupart
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Introducing vsRisk 2.6
Introducing vsRisk 2.6Introducing vsRisk 2.6
Introducing vsRisk 2.6Vigilant Software
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideVerde Ventures Pvt. Ltd.
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 

Mais conteúdo relacionado

Mais procurados

ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?Lars Neupart
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 

Mais procurados (20)

ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Iso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 lowIso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 low
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005PECB Webinar: Risk Treatment according to ISO 27005
PECB Webinar: Risk Treatment according to ISO 27005
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Introducing vsRisk 2.6
Introducing vsRisk 2.6Introducing vsRisk 2.6
Introducing vsRisk 2.6
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 

Destaque

ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...Sebastiano Panichella
 
CSCL2013 - Lajoie
CSCL2013 - LajoieCSCL2013 - Lajoie
CSCL2013 - LajoieTieLab
 
The aviators '13 april lc day review
The aviators '13 april lc day reviewThe aviators '13 april lc day review
The aviators '13 april lc day reviewaiesechyderabad
 
Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...
Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...
Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...Magdalena Górska
 
The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...
The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...
The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...Sebastiano Panichella
 
Lili’s biography
Lili’s biographyLili’s biography
Lili’s biographyalemati
 
The treadstone updates 26 july 2014
The treadstone updates 26 july 2014The treadstone updates 26 july 2014
The treadstone updates 26 july 2014aiesechyderabad
 
I gcdp discharge presentation
I gcdp discharge presentationI gcdp discharge presentation
I gcdp discharge presentationaiesechyderabad
 
The dragons '13 april lc day review
The dragons '13 april lc day reviewThe dragons '13 april lc day review
The dragons '13 april lc day reviewaiesechyderabad
 
Best TM Award Application
Best TM Award ApplicationBest TM Award Application
Best TM Award Applicationaiesechyderabad
 

Destaque (20)

ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Manage Forms
Manage FormsManage Forms
Manage Forms
 
How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...
 
Repaso - Revision
Repaso - RevisionRepaso - Revision
Repaso - Revision
 
¿Cuántos hermanos tienes?
¿Cuántos hermanos tienes?¿Cuántos hermanos tienes?
¿Cuántos hermanos tienes?
 
Xd sona
Xd sonaXd sona
Xd sona
 
CSCL2013 - Lajoie
CSCL2013 - LajoieCSCL2013 - Lajoie
CSCL2013 - Lajoie
 
Sola
SolaSola
Sola
 
The aviators '13 april lc day review
The aviators '13 april lc day reviewThe aviators '13 april lc day review
The aviators '13 april lc day review
 
2015 session
2015 session2015 session
2015 session
 
Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...
Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...
Rusz się Oława - wykład 2 - Budownictwo naturalne i zrównoważona urbanistyka ...
 
The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...
The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...
The Impact of Test Case Summaries on Bug Fixing Performance: An Empirical Inv...
 
Lili’s biography
Lili’s biographyLili’s biography
Lili’s biography
 
The treadstone updates 26 july 2014
The treadstone updates 26 july 2014The treadstone updates 26 july 2014
The treadstone updates 26 july 2014
 
I gcdp discharge presentation
I gcdp discharge presentationI gcdp discharge presentation
I gcdp discharge presentation
 
Tracking CIM-iGIP
Tracking CIM-iGIPTracking CIM-iGIP
Tracking CIM-iGIP
 
The dragons '13 april lc day review
The dragons '13 april lc day reviewThe dragons '13 april lc day review
The dragons '13 april lc day review
 
The treadstone
The treadstoneThe treadstone
The treadstone
 
Best TM Award Application
Best TM Award ApplicationBest TM Award Application
Best TM Award Application
 

Semelhante a Why ISO27001/ISO27005 for my organisation

The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskVigilant Software
 
vsRisk - features and benefits.ppt
vsRisk - features and benefits.pptvsRisk - features and benefits.ppt
vsRisk - features and benefits.pptscribdJobAN
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NA Putra
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA
 
iso 27001 certification
iso 27001 certificationiso 27001 certification
iso 27001 certificationdenieljulian79
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
ISO 27001 Certification What It Is And Why You Need It.pdf
ISO 27001 Certification What It Is And Why You Need It.pdfISO 27001 Certification What It Is And Why You Need It.pdf
ISO 27001 Certification What It Is And Why You Need It.pdfOFFICE
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptHardinScott8
 
ISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptHardinScott8
 
Iso 27001 certification in oman
Iso 27001 certification in omanIso 27001 certification in oman
Iso 27001 certification in omanKumudaFactocert
 
Iso 27001 certification in oman
Iso 27001 certification in omanIso 27001 certification in oman
Iso 27001 certification in omanKumudaFactocert
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptkeithhansen21
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...PECB
 

Semelhante a Why ISO27001/ISO27005 for my organisation (20)

The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
 
Maintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRiskMaintaining and updating your risk assessment using vsRisk
Maintaining and updating your risk assessment using vsRisk
 
vsRisk - features and benefits.ppt
vsRisk - features and benefits.pptvsRisk - features and benefits.ppt
vsRisk - features and benefits.ppt
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
Iso 27001 isms
Iso 27001 ismsIso 27001 isms
Iso 27001 isms
 
Iso 27001 isms - white paper
Iso 27001 isms - white paperIso 27001 isms - white paper
Iso 27001 isms - white paper
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
iso 27001 certification
iso 27001 certificationiso 27001 certification
iso 27001 certification
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
ISO 27001 Certification What It Is And Why You Need It.pdf
ISO 27001 Certification What It Is And Why You Need It.pdfISO 27001 Certification What It Is And Why You Need It.pdf
ISO 27001 Certification What It Is And Why You Need It.pdf
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .ppt
 
ISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.ppt
 
Iso 27001 certification in oman
Iso 27001 certification in omanIso 27001 certification in oman
Iso 27001 certification in oman
 
Iso 27001 certification in oman
Iso 27001 certification in omanIso 27001 certification in oman
Iso 27001 certification in oman
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).ppt
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...
 

Último

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Último (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Why ISO27001/ISO27005 for my organisation

  • 1. Why ISO 27001 for my Organisation? Alan Calder CEO, Vigilant Software Thursday February 28th PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 2. Alan Calder • CEO and founder of Vigilant Software. • Acknowledged information security/risk management thought leader. • Managed the world’s first successful ISO 27001 (then BS7799) implementation project in 1996. • Frequent media commentator on risk management issues. • Co-author of vsRisk™ – the definitive cyber security risk assessment tool. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 3. Today’s Webinar in Context • Today’s webinar is #1 in a series of 4 educational webinars. • The 4 webinars are designed to take you on a learning journey: • Webinar 1 (Today) - Why ISO 27001 for my Organisation? • Webinar 2 – The Importance of risk management. • Webinar 3 – Carrying out a risk assessment using vsRisk. • Webinar 4 – Maintaining/updating your risk assessment using vsRisk. • Registration details of these webinars at the end. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 4. Today’s Agenda • A short 20-30 minutes educational and informative talk on: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • The drivers for ISO 27001. • Why should my organisation care about ISO 27001? • Accredited Certification. • The central role of risk assessment in ISO 27001. • Ample time for Q&A. • Next steps. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 5. What is information security? ‘Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved’. ISO/IEC 27001:2005 “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 6. What is an ISMS? Information Security Management System (ISMS): Systematic approach to managing confidential or sensitive corporate information so that it remains secure. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 7. What is ISO 27001? • An ISMS standard that replaced BS77799-2:2002 in late 2005. • The world’s only cyber security standard. • Formally specifies an ISMS that is intended to bring information security under explicit management control. • Best practice specification that helps businesses and organisations throughout the world develop a best-in-class ISMS. • Adopts the Plan-Do-Check-Act (PDCA) model. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 8. Plan-Do-Check-Act “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 9. Drivers for ISO 27001 • Clients need confidence in their supply chain. • Breaches of Personal Data can bring fines up to £500k by the Information Commissioner. • Data Handling Review 2008 – better information security in Govt and down the food chain. • Improved reputational protection. • Balance expenditure to the information security risk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 10. Why should my organisation care about ISO 27001? Reason 1 - Compliance ISO 27001 can bring in the methodology that enables organisations to comply in the most efficient way. Certification is often the quickest ‘return on investment’ – if an organisation must comply to various regulations regarding data protection, privacy and IT governance (particularly if it is a financial, health or government organisation). “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 11. Why should my organisation care about ISO 27001? Reason 2 - Marketing edge In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could be indeed a unique selling point, especially if you handle clients’ sensitive information. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 12. Why should my organisation care about ISO 27001? Reason 3 - Lowering the expenses Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expenses caused by incidents. You probably do have interruption in service, or occasional data leakage, or disgruntled employees. Or disgruntled former employees. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 13. Why should my organisation care about ISO 27001? Reason 4 - Putting your business in order ISO 27001 is particularly good in sorting out those thorny management system issues – it forces you to define very precisely both the responsibilities and duties, and therefore strengthen your internal organisation. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 14. Accredited Certification •Provides evidence of Information Security Management System assurance. •Verified by independent auditor. •In UK authority is UKAS Accredited Certification scheme: World wide recognition. •National certification body – member of International Accreditation Forum. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 15. The central role of risk assessment in ISO 27001 ISO 27001:2005 conformance requires implementation and documentation of an Information Security Management System (ISMS) implementing controls selected in accordance with 4.2..1.g, (control objectives in Annex A) “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 16. The central role of risk assessment in ISO 27001 •Structured ISMS gives: • Best practice. • Marketing opportunities. • Compliance to Corporate Governance requirements. • Appropriate action to comply with law. • Systematic approach to risks. • Credibility with staff, customers and partner organisations. • Informed decisions on security investments. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 17. Next Steps – Upcoming Educational Webinars • Webinar 2 - The Importance of Risk Management - Thursday March 7th, 4pm UK Time (Next week). • Webinar 3 - Carrying out a Risk Assessment using vsRisk - Thursday March 14th, 4pm UK Time. • Webinar 4 - Maintaining and Updating your Risk Assessment using vsRisk - Thursday March 21st, 4pm UK Time. Includes announcement of special offer for vsRisk. Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 18. Before the next webinars… Read a book… Download a free trial of vsRisk Read the world's first practical e-book The cyber security risk assessment guidance on achieving ISO 27001 tool compliant to ISO 27001 that certification and the nine automates and accelerates the risk essential steps to an effective ISMS management process. implementation. Available for £25.95 (usually £29.95) 15-day free trial at http://www.vigilantsoftware.co.uk/pr http://www.vigilantsoftware.co.uk oduct/1651.aspx “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 19. Next Steps – Special February offer of risk assessment software vsRisk • Purchases of vsRisk by attendees of this webinar will include free 1 years S&U (worth £150+) – offer valid today (until end of February 2013). • To claim this offer, please email servicecentre@vigilantsoftware.co.uk or call 0845 003 8228 and quote code ‘vsRisk webinar offer.’ “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 20. Next Steps – Want to know more? If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment, please visit http://www.vigilantsoftware.co.uk/ or email servicecentre@vigilantsoftware.co.uk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 21. Questions – we welcome them all! Please type your questions into the Webex chat window – responses will generally be verbal and shared with all delegates. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013