SlideShare a Scribd company logo

ISO 27001 Certification - The Benefits and Challenges

C
Certification Europe

Han van Thoor participated in the Certification Europe Information Security Breakfast Seminar in November 2011. Han van Thoor Managing Director of Jumper Consulting Ltd. The presentation discussed the current challenges within the security, in conjunction with the following topics: Managing management and peers Risk Assessment Statement of Applicability Post certification Benefits Further details on ISO 27001 Information Security Management System certification on our website http://www.certificationeurope.com/iso-27001-information-security.html

Technology
1 of 11
Download to read offline
ISO27001:2005 Implementation: Benefits and Challenges 22 November 2011 Han van Thoor
Subjects discussed: Challenges Managing management and peers Risk Assessment Statement of Applicability Post certification Benefits
Challenges Manage managers Commitment : Is the implementation done because we have to due to our customers/legal reasons or is there a real security awareness within management ? Finance : Is there a real budget, is there a provision for unforseen costs ? Implementation times: how long do you have ?
Challenges Manage peers Buy-in : Translate security policies into accepted work practices Managing change : People might have to change behaviour and procedures
Challenges Risk Assessment Know your assets! Methodology
Challenges Risk Assessment Methodology What are your Key Business Processes (KBP) What information assets are being used by the KPB's How valuable are the assets Score risks against assets to identify highest risks
Challenges Example of a methodology (Integrity+Confidentiality+Availability)*(Likelihood)*(Value)
Challenges Statement of applicability The less the better ?
Challenges Post- certification Maturing the ISMS
SME versus Corporate Implementation Cost Complexity Time SME < 6 months € 0 - ?? Simple, few systems, people, direct lines Corporate < 18 months € 0 - ?? More complex, more systems,more people longer decision times
Benefits Proof of security to third parties (for clients, partners and legal purposes) Competitive advantage: ‘documented quality’ by an independent authority Cost reductions through transparent, optimised structures. Security becomes an integral part of business processes Knowledge and monitoring of the IT risks and residual IT risks Documentation of structures and processes Increased employee awareness of security Evaluation of the organisation’s processes from a security point of view. Prioritising the security of the business operations: business continuity management Globally recognised standard Potential reduction in insurance premiums Referencing the IT process management standard (ITIL) to ISO 27001 Seamless transition from ISO 27001 in management systems to ISO 9000

Recommended

ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 

Recommended

ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
SAROJ BEHERA
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptx
Mukesh Pant
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
Ramiro Cid
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
Kinverg
 

More Related Content

What's hot

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 

What's hot (20)

Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptx
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 

Viewers also liked

Types of Information Resources
Types of Information ResourcesTypes of Information Resources
Types of Information Resources
hisled
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
PECB
 

Viewers also liked (12)

ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
 
Managing Contract Obligations and Milestones with SharePoint
Managing Contract Obligations and Milestones with SharePointManaging Contract Obligations and Milestones with SharePoint
Managing Contract Obligations and Milestones with SharePoint
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Benefits of Integrated Management Systems
Benefits of Integrated Management SystemsBenefits of Integrated Management Systems
Benefits of Integrated Management Systems
 
Types of Information Resources
Types of Information ResourcesTypes of Information Resources
Types of Information Resources
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )
 
Working with students and ISO27001
Working with students and ISO27001Working with students and ISO27001
Working with students and ISO27001
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
 
Information Resources Management
Information Resources ManagementInformation Resources Management
Information Resources Management
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 

Similar to ISO 27001 Certification - The Benefits and Challenges

ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
Ana Meskovska
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
HyTrust
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
proaxissolutions
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
Robert Kloots
 

Similar to ISO 27001 Certification - The Benefits and Challenges (20)

The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0The Business Of Identity, Access And Security V1.0
The Business Of Identity, Access And Security V1.0
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk management
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
CV jagroop jagpal
CV jagroop jagpalCV jagroop jagpal
CV jagroop jagpal
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMS
 
Bpo risk management
Bpo risk managementBpo risk management
Bpo risk management
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
 
ISO 27001 Certification What You Need to Know to Get Started.pdf
ISO 27001 Certification What You Need to Know to Get Started.pdfISO 27001 Certification What You Need to Know to Get Started.pdf
ISO 27001 Certification What You Need to Know to Get Started.pdf
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

ISO 27001 Certification - The Benefits and Challenges

  • 1. ISO27001:2005 Implementation: Benefits and Challenges 22 November 2011 Han van Thoor
  • 2. Subjects discussed: Challenges Managing management and peers Risk Assessment Statement of Applicability Post certification Benefits
  • 3. Challenges Manage managers Commitment : Is the implementation done because we have to due to our customers/legal reasons or is there a real security awareness within management ? Finance : Is there a real budget, is there a provision for unforseen costs ? Implementation times: how long do you have ?
  • 4. Challenges Manage peers Buy-in : Translate security policies into accepted work practices Managing change : People might have to change behaviour and procedures
  • 5. Challenges Risk Assessment Know your assets! Methodology
  • 6. Challenges Risk Assessment Methodology What are your Key Business Processes (KBP) What information assets are being used by the KPB's How valuable are the assets Score risks against assets to identify highest risks
  • 7. Challenges Example of a methodology (Integrity+Confidentiality+Availability)*(Likelihood)*(Value)
  • 9. Challenges Post- certification Maturing the ISMS
  • 10. SME versus Corporate Implementation Cost Complexity Time SME < 6 months € 0 - ?? Simple, few systems, people, direct lines Corporate < 18 months € 0 - ?? More complex, more systems,more people longer decision times
  • 11. Benefits Proof of security to third parties (for clients, partners and legal purposes) Competitive advantage: ‘documented quality’ by an independent authority Cost reductions through transparent, optimised structures. Security becomes an integral part of business processes Knowledge and monitoring of the IT risks and residual IT risks Documentation of structures and processes Increased employee awareness of security Evaluation of the organisation’s processes from a security point of view. Prioritising the security of the business operations: business continuity management Globally recognised standard Potential reduction in insurance premiums Referencing the IT process management standard (ITIL) to ISO 27001 Seamless transition from ISO 27001 in management systems to ISO 9000