Han van Thoor participated in the Certification Europe Information Security Breakfast Seminar in November 2011. Han van Thoor Managing Director of Jumper Consulting Ltd. The presentation discussed the current challenges within the security, in conjunction with the following topics:
Managing management and peers
Risk Assessment
Statement of Applicability
Post certification
Benefits
Further details on ISO 27001 Information Security Management System certification on our website http://www.certificationeurope.com/iso-27001-information-security.html
3. Challenges
Manage managers
Commitment : Is the implementation done because we have to due to our
customers/legal reasons or is there a real security awareness within
management ?
Finance : Is there a real budget, is there a provision for unforseen costs ?
Implementation times: how long do you have ?
4. Challenges
Manage peers
Buy-in : Translate security policies into accepted work practices
Managing change : People might have to change behaviour and procedures
6. Challenges
Risk Assessment Methodology
What are your Key Business Processes (KBP)
What information assets are being used by the KPB's
How valuable are the assets
Score risks against assets to identify highest risks
7. Challenges
Example of a methodology
(Integrity+Confidentiality+Availability)*(Likelihood)*(Value)
10. SME versus Corporate
Implementation Cost Complexity
Time
SME < 6 months € 0 - ?? Simple, few systems,
people, direct lines
Corporate < 18 months € 0 - ?? More complex, more
systems,more people
longer decision times
11. Benefits
Proof of security to third parties (for clients, partners and legal purposes)
Competitive advantage: ‘documented quality’ by an independent authority
Cost reductions through transparent, optimised structures.
Security becomes an integral part of business processes
Knowledge and monitoring of the IT risks and residual IT risks
Documentation of structures and processes
Increased employee awareness of security
Evaluation of the organisation’s processes from a security point of view.
Prioritising the security of the business operations: business continuity management
Globally recognised standard
Potential reduction in insurance premiums
Referencing the IT process management standard (ITIL) to ISO 27001
Seamless transition from ISO 27001 in management systems to ISO 9000