ISO 27001 Information Security Management Systems Trends and Developments

•

8 likes•5,432 views

Michael Brophy's ISO 27001 Information Security Management Systems Trends and Developments presentation. The presentation was delivered at our Information Security Breakfast Seminar (Nov 2011)

Technology

Michael Brophy
ISO 27001 Trends and CEO
Developments Certification Europe

1

1000
2000
3000
4000
5000
6000
7000
8000

Global take-up of ISO 27001
0
Apr-99
Jan-02
Jan-04

Total No. of ISO 27001 Certifications
Dec-04
Nov-05
Jan-06
Oct-06
Jan-07
Feb-07
Mar-07
Apr-07
Aug-07
Oct-07
Dec-07
Aug-08
Dec-08
Sep-09
Nov-09
Dec-09
Dec-11
Total
3

Top Ten Countries with ISO 27001
Certificates
4500
4000
3500
3000
2500
2000
1500
1000
500
0

4

Which sectors are prominent?
IT & IT Services (Security)

Financial Services

Government & Semi-State (extensive)

Telecoms

Printing

Software

Consultancy

Healthcare

Online Gambling & Betting *

Infrastructure *

5

Why are organisations getting
certified?

• First mover advantage still a factor, but not in the
ten major categories
• Tendering requirements
• Supply chain pressure
• In some sectors it is virtually a market requirement
(E.g. hosting and datacentres)

6

Why are organisations getting
certified?
What Standards or Guidelines have your customers required
you to comply with?

41%
A recognised standard like ISO 27001
31%
Large Organisations
37% Small Organisations
Government related requirements
26%

30%
PCI (payment Card Industry)
16%

6%
Other
6%

32%
Not aware of any such demands
38%

Source: PWC Information Security Breaches Survey 2010 fig 15 7

Recent Trends (2)

• Supply Chain Pressure

Security Policy Guidelines (Telefónica O2 UK only)
O2 attaches particular importance to the security of its own, its
employees’ and its customers’ data.
The reference standard for O2’s security policies is ISO27001 and the
suppliers shall comply with the principles of that standard at all times.

11

Recent Trends (3)

• Major incidents

12

Recent Trends (3)

• Major incidents

13

Recent Trends (3)

• Major incidents

Office of the Australian Information Commissioner:
“noted that the company had a wide range of security
safeguards in place for the protection of personal
information including physical, network,
communications security and maintained security
standards… ISO 27001”

14

What is coming down the line (1)

• Expect to see ISO 27001 (& BS 25999)
featuring in many more tendering
requirements
• Particularly when IT services are
outsourced

16

What is coming down the line (2)

• ISO 27001 used as a basis to address
the risks associated with Cloud
Computing

17

What is coming down the line (3)

• Increasing reliance being placed upon
ISO 27001 by regulatory bodies

18

What is coming down the line (3)

• APACS & Standard 55

19

What is coming down the line (3)
• "Outsourcing requires not only a
written contract but also active
measures to ensure data is secure in
the “cloud”. If a cloud provider has
taken the trouble to certify to
recognised security standards such as
ISO 27001… this provides significant
reassurance about data security."

Irish Data Protection Commissioner Annual Report 2010

20

What is coming down the line (3)

• Financial Services Authority (UK)
• "FSA Handbook" in SYSC 3A.7.8 that
"firms should have regard to
established security standards such as
ISO17799 (Information Security
Management)."

21

What is coming down the line (3)

• In essence evolving to become a key
tool in overall risk management as
opposed to an isolated activity

22

Thank you

mbrophy@certificationeurope.com

www.certificationeurope.com

23

What's hot

ISO 27001 2013 isms final overview

Naresh Rao

Why ISO27001 For My Organisation

Vigilant Software

ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001. Following are the key objectives of this presentation:  Provide an introduction to ISO27001 and changes in 2013 version  Discuss the implementation approach for an Information Security Management System (ISMS) framework  Familiarize the audience with some common challenges in implementation

ISO27001: Implementation & Certification Process Overview

Shankar Subramaniyan

New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information. Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures. The webinar covers: 1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR • ISO/IEC 27005 – Information Security Risk Management • ISO/IEC 27035 – Information Security Incident Management • ISO/IEC 22301 & 27031 - Business Continuity Management (BCM) 2. Alternative Frameworks • CMMC - Cybersecurity Maturity Model Certification • NIST CSF Cybersecurity Framework • ISO/IEC 27032 – Guidelines for Cybersecurity 3. Supplier Management Date: April 21, 2021 Recorded Webinar: https://youtu.be/bi3tvvhGV1s

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

PECB

Iso 27001 awareness

Ãsħâr Ãâlâm

NQA Your Risk Assurance Partner

NQA

Iso iec 27001 foundation training course by interprom

Mart Rovers

Han van Thoor participated in the Certification Europe Information Security Breakfast Seminar in November 2011. Han van Thoor Managing Director of Jumper Consulting Ltd. The presentation discussed the current challenges within the security, in conjunction with the following topics: Managing management and peers Risk Assessment Statement of Applicability Post certification Benefits Further details on ISO 27001 Information Security Management System certification on our website http://www.certificationeurope.com/iso-27001-information-security.html

ISO 27001 Certification - The Benefits and Challenges

Certification Europe

Main points covered: • Information Security best practices (ESA, COBIT, ITIL, Resilia) • NIST security publications (NIST 800-53) • ISO standards for information security (ISO 20000 and ISO 27000 series) - Information Security Management in ISO 20000 - ISO 27001, ISO 27002 and ISO 27005 • What is best for me: Information Security Best Practices or ISO standards? Presenter: This webinar was presented by Mohamed Gohar. Mr.Gohar has more than 10 years of experience in ISM/ITSM Training and Consultation. He is one of the expert reviewers of CISA RM 26th edition (2016), ISM Senior Trainer/Consultant at EGYBYTE. Link of the recorded session published on YouTube: https://youtu.be/eKYR2BG_MYU

Information Security between Best Practices and ISO Standards

PECB

27001 awareness Training

Dr Madhu Aman Sharma

University iso 27001 bgys intro and certification lami kaya may2012

Hakem Filiz

ISMS implementation challenges-KASYS

Reza Teynia ISMS, ITSM, MSc

Reporting about Overview Summery of ISO-27000 Se.(ISMS)

AHM Pervej Kabir

Due to an increase in the collection of consumer data, high-profile data breaches have become common. Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy. The webinar covers:  Data protection, a global development  Introduction to the GDPR, ePrivacy & ISO/IEC 27701  GDPR & ISO/IEC 27701mapping  ePrivacy & ISO/IEC 27701 mapping Recorded Webinar: https://youtu.be/oVhIoHAGGwk Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701 Webinars: https://pecb.com/webinars Articles: https://pecb.com/article Whitepapers: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION

ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?

PECB

4 System For Information Security

Ana Meskovska

Implementing a Security Framework based on ISO/IEC 27002

pgpmikey

ISO 27001:2013 is the international standard that provides a framework for Information Security Management Systems (ISMS) to provide continued confidentiality, integrity and availability of information as well as legal compliance. ISO 27001 certification is essential for protecting your most vital assets like employee and client information, brand image and other private information. The ISO standard includes a process-based approach to initiating, implementing, operating and maintaining your ISMS. This implementation guide will help you run through the benefits, PDCA Cycle and Annex SL structure in detail for implementing ISO 27001. Find out more or get a quote for certification here – https://www.nqa.com/en-gb/certification/standards/iso-27001

NQA ISO 27001 Implementation Guide

NQA

It security iso 27001

Iris Maaß

[null] Iso 27001 a business view by Sripathi

Prajwal Panchmahalkar

Mr. ahmed obaid the ceo guide to implement iso 27001

qualitysummit

What's hot (20)

ISO 27001 2013 isms final overview

Why ISO27001 For My Organisation

ISO27001: Implementation & Certification Process Overview

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

Iso 27001 awareness

NQA Your Risk Assurance Partner

Iso iec 27001 foundation training course by interprom

ISO 27001 Certification - The Benefits and Challenges

Information Security between Best Practices and ISO Standards

27001 awareness Training

University iso 27001 bgys intro and certification lami kaya may2012

ISMS implementation challenges-KASYS

Reporting about Overview Summery of ISO-27000 Se.(ISMS)

ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?

4 System For Information Security

Implementing a Security Framework based on ISO/IEC 27002

NQA ISO 27001 Implementation Guide

It security iso 27001

[null] Iso 27001 a business view by Sripathi

Mr. ahmed obaid the ceo guide to implement iso 27001

Similar to ISO 27001 Information Security Management Systems Trends and Developments

Ai Investor Presentation July 2007

Teguh Prasetya

201306 CIO NET The Value of IT Frameworks

Francisco Calzado

2022 Webinar - ISO 27001 Certification.pdf

ControlCase

OneAudit™ - Assess Once, Certify to Many

ControlCase

Negotiating the Next Service Level Agreement

Eduardo Mendez Polo

The Road to ISO 20K Certification - ITSMF Ottawa Conference March 2014

Matthieu DEMOOR

Talk1 esc3 muscl-standards and regulation_v1_1

Sylvain Martinez

GRC2-KSA.ppt

ssuser3901ab

I Forum GSTI - David Bathiely

Marcos Andre

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map? Because of the ongoing increase in consumer data collection, breaches have also been increasing. In this regards the information security, data privacy, and cybersecurity standards provide some guidelines and requirements on how to better manage and deal with such breaches. Amongst others, the webinar covers: • ISO 27032:2012 – A Framework for Cybersecurity Risks • ISO/IEC 27000-series, Standards, 27001 vs 27002 • ISO 27002:2022 and 27001:2022 Updates Presenters: Danny Manimbo Danny Manimbo is a Principal with Schellman, based in Denver, Colorado. As a member of Schellman’s West Coast/Mountain region management team, Danny is primarily responsible for co-leading Schellman's ISO practice and the development and oversight of Schellman's SOC practice line, as well as specialty practices such as HIPAA. Danny has been with Schellman for nine years and has over 11 years of experience in providing data security audit and compliance services. Erik Tomasi Erik Tomasi is the Managing Partner at EMTsec, a security consulting firm based in Miami and New York. He leads the firm’s consulting division and manages client relationships across several industry sectors. Mr. Tomasi is considered an expert in information security, risk management, and technology management. Sawyer Miller Sawyer is a Senior Manager who oversees the ISO practice for risk3sixty, an Atlanta-based Security, Privacy, and Compliance firm helping clients implement business-first information security and compliance programs. Date: June 22, 2022 Tags: ISO, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27032, Data protection, Data Privacy, Cybersecurity, Information Security ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-breaches-2014-2015 https://pecb.com/whitepaper/isoiec-270022013-information-technology---security-techniques-code-of-practice-for-information-security-controls Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/fE3DqISAfQY

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

PECB

Cisco Case Analysis

perk2624

06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware

VMUG IT

Citigroup 19th Annual Global Industrial Manufacturing Conference

finance10

SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...

AMD Developer Central

SU Student Investment Fund - Fall 2010

fb18077

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

Cohesive Networks

Juniper "New Network" Launch Press Conference

Juniper Networks

In today's digital age, cybersecurity is more critical than ever. Hence, it is crucial to stay informed and prepared. Amongst others, the webinar covers: • ISO/IEC 27032:2023 and ISO/IEC 27701 and their key components • The standard’s alignment • Emerging Cybersecurity Threats • What is new to the ISO/IEC 27032:2023 Presenters: Madhu Maganti Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes. Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting. Jeffrey Crump Mr. Jeffrey Crump is the Principal Consultant at Arizona-based Cyber Security Training and Consulting LLC and a graduate of the Certified NIS 2 Directive Lead Implementer course. He is a Certified CMMC Assessor, Certified CMMC Professional, and Instructor. Mr. Crump is also the author of Cyber Crisis Management Planning: How to reduce cyber risk and increase organizational resilience. His book has been expanded into a triad of certification courses on cyber crisis planning, exercises, and leadership. Date: October 25, 2023 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/a21uasr8aLs

Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...

PECB

Cyber resolution ban-ana comparing to ana-nas.pdf

toncik

L'acquisition de BlueArc en septembre dernier a concrétisé la stratégie d'Hitachi Data Systems de transformation des Data Centers traditionnels en Centres d’Information, où les clients peuvent stocker leurs données, contenus et informations, et y accéder en toute transparence. Notre vision est celle de l’information : - Accessible et interrogeable partout et à tout moment - Indépendante de l’infrastructure et de l’application - Administrable de façon durable, économique et sécurisée. Retour avec Randy DeMont, Executive Vice President and General Manager, Global Sales, Services and Support sur la formidable croissance d'Hitachi Data Systems.

Vision et Stratégie d'Hitachi Data Systems Randy DEMONT, Executive Vice Presi...

Hitachi Data Systems France

Similar to ISO 27001 Information Security Management Systems Trends and Developments (20)

Ai Investor Presentation July 2007

201306 CIO NET The Value of IT Frameworks

2022 Webinar - ISO 27001 Certification.pdf

OneAudit™ - Assess Once, Certify to Many

Negotiating the Next Service Level Agreement

The Road to ISO 20K Certification - ITSMF Ottawa Conference March 2014

Talk1 esc3 muscl-standards and regulation_v1_1

GRC2-KSA.ppt

I Forum GSTI - David Bathiely

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?

Cisco Case Analysis

06 - VMUGIT - Lecce 2018 - Rodolfo Rotondo, VMware

Citigroup 19th Annual Global Industrial Manufacturing Conference

SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...

SU Student Investment Fund - Fall 2010

Chris Swan's presentation from the London Tech Entrepreneurs' Meetup

Juniper "New Network" Launch Press Conference

Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...

Cyber resolution ban-ana comparing to ana-nas.pdf

Vision et Stratégie d'Hitachi Data Systems Randy DEMONT, Executive Vice Presi...

Recently uploaded

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Developing An App To Navigate The Roads of Brazil

V3cube

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Real Time Object Detection Using Open CV

Khem

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Artificial Intelligence: Facts and Myths

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Handwritten Text Recognition for manuscripts and early printed texts

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Developing An App To Navigate The Roads of Brazil

HTML Injection Attacks: Impact and Mitigation Strategies

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Tata AIG General Insurance Company - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Real Time Object Detection Using Open CV

A Domino Admins Adventures (Engage 2024)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Exploring the Future Potential of AI-Enabled Smartphone Processors

Apidays New York 2024 - The value of a flexible API Management solution for O...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Strategies for Landing an Oracle DBA Job as a Fresher

🐬 The future of MySQL is Postgres 🐘

ISO 27001 Information Security Management Systems Trends and Developments

1. Michael Brophy ISO 27001 Trends and CEO Developments Certification Europe 1

2. 2

3. 1000 2000 3000 4000 5000 6000 7000 8000 Global take-up of ISO 27001 0 Apr-99 Jan-02 Jan-04 Total No. of ISO 27001 Certifications Dec-04 Nov-05 Jan-06 Oct-06 Jan-07 Feb-07 Mar-07 Apr-07 Aug-07 Oct-07 Dec-07 Aug-08 Dec-08 Sep-09 Nov-09 Dec-09 Dec-11 Total 3

4. Top Ten Countries with ISO 27001 Certificates 4500 4000 3500 3000 2500 2000 1500 1000 500 0 4

5. Which sectors are prominent? IT & IT Services (Security) Financial Services Government & Semi-State (extensive) Telecoms Printing Software Consultancy Healthcare Online Gambling & Betting * Infrastructure * 5

6. Why are organisations getting certified? • First mover advantage still a factor, but not in the ten major categories • Tendering requirements • Supply chain pressure • In some sectors it is virtually a market requirement (E.g. hosting and datacentres) 6

7. Why are organisations getting certified? What Standards or Guidelines have your customers required you to comply with? 41% A recognised standard like ISO 27001 31% Large Organisations 37% Small Organisations Government related requirements 26% 30% PCI (payment Card Industry) 16% 6% Other 6% 32% Not aware of any such demands 38% Source: PWC Information Security Breaches Survey 2010 fig 15 7

8. 8

9. Recent Trends (1) • High Profile Data Breaches 9

10. Recent Trends (1) • High Profile Data Breaches 10

11. Recent Trends (2) • Supply Chain Pressure Security Policy Guidelines (Telefónica O2 UK only) O2 attaches particular importance to the security of its own, its employees’ and its customers’ data. The reference standard for O2’s security policies is ISO27001 and the suppliers shall comply with the principles of that standard at all times. 11

12. Recent Trends (3) • Major incidents 12

13. Recent Trends (3) • Major incidents 13

14. Recent Trends (3) • Major incidents Office of the Australian Information Commissioner: “noted that the company had a wide range of security safeguards in place for the protection of personal information including physical, network, communications security and maintained security standards… ISO 27001” 14

15. 15

16. What is coming down the line (1) • Expect to see ISO 27001 (& BS 25999) featuring in many more tendering requirements • Particularly when IT services are outsourced 16

17. What is coming down the line (2) • ISO 27001 used as a basis to address the risks associated with Cloud Computing 17

18. What is coming down the line (3) • Increasing reliance being placed upon ISO 27001 by regulatory bodies 18

19. What is coming down the line (3) • APACS & Standard 55 19

20. What is coming down the line (3) • "Outsourcing requires not only a written contract but also active measures to ensure data is secure in the “cloud”. If a cloud provider has taken the trouble to certify to recognised security standards such as ISO 27001… this provides significant reassurance about data security." Irish Data Protection Commissioner Annual Report 2010 20

21. What is coming down the line (3) • Financial Services Authority (UK) • "FSA Handbook" in SYSC 3A.7.8 that "firms should have regard to established security standards such as ISO17799 (Information Security Management)." 21

22. What is coming down the line (3) • In essence evolving to become a key tool in overall risk management as opposed to an isolated activity 22

23. Thank you mbrophy@certificationeurope.com www.certificationeurope.com 23

ISO 27001 Information Security Management Systems Trends and Developments

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to ISO 27001 Information Security Management Systems Trends and Developments

Similar to ISO 27001 Information Security Management Systems Trends and Developments (20)

Recently uploaded

Recently uploaded (20)

ISO 27001 Information Security Management Systems Trends and Developments