Scribd Logo
Importer

Bienvenue sur Scribd !

  • Iso 27001 An Overview of Isms Implementation Process

    Transféré par

    NarayanaRao
    25 vues7 pages
    iso

    Titre original

    Iso 27001 an Overview of Isms Implementation Process

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    iso

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    25 vues7 pages

    Iso 27001 An Overview of Isms Implementation Process

    Transféré par

    NarayanaRao
    iso

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 7

    ISO 27001: An Overview of

    ISMS Implementation Process

    Presenter: Dejan Kosutic

    GoToWebinar Control Panel

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 2

    Which are the mandatory steps in ISO 27001


    implementation

    If you
    youre
    re planning to implement ISO 27001
    27001

    if you want to succeed, you need to know


    exactly whats ahead of you

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 3


    ISO 27001 doesnt have to be just
    another bureaucratic compliance job if
    implemented properly, it can be a very
    efficient tool to achieve business
    benefits

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 4

    Agenda

    ISO 27k family of standards


    16 steps towards the ISO 27001 certification
    Mandatory documents
    How to sell the idea to management
    How long does it take
    How much does it cost
    Acquiring knowledge
    Tips for successful implementation
    2011 Information Security & Business Continuity Academy www.iso27001standard.com 5

    ISO 27k family of


    standards

    ISO 27001

    ISO ISO
    27005 27002

    ISO
    27004

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 6


    16 steps towards
    certification
    Budget,
    Management support
    HR plan

    Establishing the project Project plan

    Your Text ISMS Scope


    Defining the scope

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 7

    16 steps towards
    certification
    Your Text ISMS Policy,
    Management intention
    objectives

    Your Text
    Risk approach Risk assessment
    methodology

    Perform
    Your Text
    risk assess. Risk
    assessment
    and treatment
    report

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 8

    16 steps towards
    certification
    Which
    Yourcontrols
    Text to Statement of
    implement Applicability

    Who willText
    Your implement Risk treatment
    controls, deadlines plan

    Define
    Yourhow
    Textto mea- Measurement
    sure the effectiveness methodology

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 9


    16 steps towards
    certification
    Implement
    Your Textcontrols &
    Documentation
    mandatory procedures

    Implement
    Your Texttraining &
    Records
    awareness programs

    Your Text Records


    Operate the ISMS

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 10

    16 steps towards
    certification
    Your Text
    Monitor the ISMS Records

    Your Text Internal audit


    Internal audit
    report, corrective
    actions

    Your Text Minutes of the


    Management review
    meeting

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 11

    16 steps towards
    certification
    Your Text Corrective
    Improvements and preventive
    actions

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 12


    Mandatory documents

    ISMS scope
    ISMS policy
    Risk assessment methodologygy
    Risk assessment report
    Risk treatment plan
    4 mandatory procedures
    Statement of Applicability
    Records
    2011 Information Security & Business Continuity Academy www.iso27001standard.com 13

    How to sell the idea to


    management?

    Benefits!
    Compliance
    Marketing edge
    Lowering the expenses
    Getting the business in order

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 14

    How long does it take?

    Smaller organizations ca 6 months


    Medium sized organizations 10 to 12
    months
    Larger organizations 12+ months

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 15


    How much does it cost?

    Cost structure:
    Direct costs of acquiring knowledge
    Cost of new security measures
    Employees time
    Certification body

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 16

    Acquiring knowledge

    Consultant
    Literature
    In-person
    In person courses
    On-line courses & webinars
    Documentation templates

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 17

    Tips for successful


    implementation

    Management commitment = time + money


    Training and awareness
    This is not only IT project!

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 18


    Conclusions

    If set up properly, ISO 27001 can


    resolve more issues in your
    organization than you have expected

    Discuss with your colleagues what


    benefits you could achieve!

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 19

    Q&A

    Dejan Kosutic

    2011 Information Security & Business Continuity Academy www.iso27001standard.com 20

    Thank you!

    www.iso27001standard.com

    Vous aimerez peut-être aussi