- 1. The definitive risk assessment tool for ISO27001
certificationCopyright Vigilant Software Ltd 2013Alan CalderCEO,
Vigilant SoftwareThursday May 9thPLEASE NOTE THAT ALL DELEGATES IN
THE TELECONFERENCE ARE MUTED ON JOINING.Q&A IS HANDLED THROUGH
A COMBINATION OF WEBEX CHAT/TEXT AND VOICEWhy ISO 27001 for my
Organisation?
2. The definitive risk assessment tool for ISO27001
certificationCopyright Vigilant Software Ltd 2013Alan Calder CEO
and founder of Vigilant Software. Acknowledged information
security/risk managementthought leader. Managed the worlds first
successful ISO 27001 (thenBS7799) implementation project in 1996.
Frequent media commentator on risk managementissues. Co-author of
vsRisk the definitive cyber security riskassessment tool. 3. The
definitive risk assessment tool for ISO27001 certificationCopyright
Vigilant Software Ltd 2013Todays Webinar in Context Todays webinar
is #1 in a series of 4 educationalwebinars. The 4 webinars are
designed to take you on a learningjourney: Webinar 1 (Today) - Why
ISO 27001 for my Organisation? Webinar 2 The Importance of risk
management. Webinar 3 Carrying out a risk assessment using vsRisk.
Webinar 4 Maintaining/updating your risk assessment usingvsRisk.
Registration details of these webinars at the end. 4. The
definitive risk assessment tool for ISO27001 certificationCopyright
Vigilant Software Ltd 2013Todays Agenda A short 20-30 minutes
educational and informative talk on: What is information security?
What is an information security management system (ISMS)? What is
ISO 27001? The drivers for ISO 27001. Why should my organisation
care about ISO 27001? Accredited Certification. The central role of
risk assessment in ISO 27001. Ample time for Q&A. Next steps.
5. The definitive risk assessment tool for ISO27001
certificationCopyright Vigilant Software Ltd 2013What is
information security?Preservation of confidentiality, integrity and
availability ofinformation; in addition, other properties such
asauthenticity, accountability, non-repudiation and reliabilitycan
also be involved.ISO/IEC 27001:2005 6. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013What is an ISMS?Information Security Management
System (ISMS):Systematic approach to managing confidential or
sensitivecorporate information so that it remains secure. 7. The
definitive risk assessment tool for ISO27001 certificationCopyright
Vigilant Software Ltd 2013What is ISO 27001? An ISMS standard that
replaced BS77799-2:2002 in late 2005. The worlds only cyber
security standard. Formally specifies an ISMS that is intended to
bring informationsecurity under explicit management control. Best
practice specification that helps businesses and
organisationsthroughout the world develop a best-in-class ISMS.
Adopts the Plan-Do-Check-Act (PDCA) model. 8. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013Plan-Do-Check-Act 9. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013Drivers for ISO 27001 Clients need confidence in
their supply chain. Breaches of Personal Data can bring fines up to
500kby the Information Commissioner. Data Handling Review 2008
better information securityin Govt and down the food chain.
Improved reputational protection. Balance expenditure to the
information security risk. 10. The definitive risk assessment tool
for ISO27001 certificationCopyright Vigilant Software Ltd 2013Why
should my organisation care about ISO27001?Reason 1 - ComplianceISO
27001 can bring in the methodology that enablesorganisations to
comply in the most efficient way.Certification is often the
quickest return on investment ifan organisation must comply to
various regulationsregarding data protection, privacy and IT
governance(particularly if it is a financial, health or
governmentorganisation). 11. The definitive risk assessment tool
for ISO27001 certificationCopyright Vigilant Software Ltd 2013Why
should my organisation care about ISO27001?Reason 2 - Marketing
edgeIn a market which is more and more competitive, it issometimes
very difficult to find something that willdifferentiate you in the
eyes of your customers. ISO 27001could be indeed a unique selling
point, especially if youhandle clients sensitive information. 12.
The definitive risk assessment tool for ISO27001
certificationCopyright Vigilant Software Ltd 2013Why should my
organisation care about ISO27001?Reason 3 - Lowering the
expensesInformation security is usually considered as a cost with
noobvious financial gain. However, there is financial gain ifyou
lower your expenses caused by incidents. Youprobably do have
interruption in service, or occasional dataleakage, or disgruntled
employees. Or disgruntled formeremployees. 13. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013Why should my organisation care about
ISO27001?Reason 4 - Putting your business in orderISO 27001 is
particularly good in sorting out those thornymanagement system
issues it forces you to define veryprecisely both the
responsibilities and duties, and thereforestrengthen your internal
organisation. 14. The definitive risk assessment tool for ISO27001
certificationCopyright Vigilant Software Ltd 2013Accredited
CertificationProvides evidence of Information Security
ManagementSystem assurance.Verified by independent auditor.In UK
authority is UKAS Accredited Certification scheme:World wide
recognition.National certification body member of
InternationalAccreditation Forum. 15. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013The central role of risk assessment in ISO
27001ISO 27001:2005 conformance requires implementation
anddocumentation of an Information Security ManagementSystem (ISMS)
implementing controls selected inaccordance with 4.2..1.g, (control
objectives in Annex A) 16. The definitive risk assessment tool for
ISO27001 certificationCopyright Vigilant Software Ltd 2013The
central role of risk assessment in ISO 27001Structured ISMS gives:
Best practice. Marketing opportunities. Compliance to Corporate
Governance requirements. Appropriate action to comply with law.
Systematic approach to risks. Credibility with staff, customers and
partner organisations. Informed decisions on security investments.
17. The definitive risk assessment tool for ISO27001
certificationCopyright Vigilant Software Ltd 2013Next Steps
Upcoming Educational Webinars Webinar 2 - The Importance of Risk
Management - Thursday May16th, 4pm UK Time (Next week). Webinar 3 -
Carrying out a Risk Assessment using vsRisk -Thursday May 23rd, 4pm
UK Time. Webinar 4 - Maintaining and Updating your Risk
Assessmentusing vsRisk - Thursday May 30th, 4pm UK Time.
Includesannouncement of special offer for vsRisk for webinar
registrants.Registration details at
http://www.vigilantsoftware.co.uk/webinars.aspx 18. The definitive
risk assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013Before the next webinarsRead a bookRead the worlds
first practical e-bookguidance on achieving ISO 27001certification
and the nineessential steps to an effective
ISMSimplementation.Available for 25.95 (usually
29.95)http://www.vigilantsoftware.co.uk/product/1651.aspxDownload a
free trial of vsRiskThe cyber security risk assessmenttool
compliant to ISO 27001 thatautomates and accelerates the
riskmanagement process.15-day free trial
athttp://www.vigilantsoftware.co.uk 19. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013Next Steps Want to know more?If you would like to
know more about ISO 27001, includinghow to carry out an ISO
27001-compliant risk assessment,please visit
http://www.vigilantsoftware.co.uk/ or
[email protected]. 20. The definitive risk
assessment tool for ISO27001 certificationCopyright Vigilant
Software Ltd 2013Questions we welcome them all!Please type your
questions into the gotowebinar chatwindow responses will generally
be verbal and sharedwith all delegates.