iso/iec27001 implementation
Post on 31-Dec-2015
34 Views
Preview:
DESCRIPTION
TRANSCRIPT
1
ISO/IEC27001 Implementation
Lecturer : Prof. Robert Dale
Department of ComputingHooran MahmoudinasabStudent ID : 41455398
2
Overview
What is International Organization for Standardization (ISO)?
The International Organization for Standardization (ISO) is an international
organization that gives measurable quality to products and services which
should increase reliability and operationality.
3
International Standardization Organizations
European Committee for Standardization (CEN)
German Institute for Standardization (DIN)
British Standards Institution (BSI)
Austrian Standard Institute (ON)
Switzerland Standardization Institution (SNV)
4
ISO/IEC27001
What is ISO/IEC27001?
ISO/IEC 27001:2005 specifies the requirements for
establishing, implementing, operating, monitoring, reviewing,
maintaining and improving a documented Information Security
Management System within the context of the organization's
overall business risks. It specifies requirements for the
implementation of security controls customized to the needs of
individual organizations or parts thereof.
Source : http://www.iso.org
5
Benefits of ISO27001
use within organizations to formulate security requirements and objectives use within organizations as a way to ensure that security risks are cost
effectively managed use within organizations to ensure compliance with laws and regulations use within an organization as a process framework for the implementation
and management of controls to ensure that the specific security objectives of an organization are met
definition of new information security management processes identification and clarification of existing information security management
processes use by the management of organizations to determine the status of
information security management activities use by the internal and external auditors of organizations to determine the
degree of compliance with the policies, directives and standards adopted by an organization
use by organizations to provide relevant information about information security policies directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons
implementation of business-enabling information security use by organizations to provide relevant information about information
security to customers
Source : http://www.iso.org
6
Statement of the Problem
This research tries to find answer to the below question:
Why is the distribution of ISO27001 holders different among the countries
that hold the standard?
7
ISO27001
To use or not to use
8
ISO27001 Worldwide
The Number of ISO27001 Holders
USA77
UK368 Germany
108
Australia28
Japan 2779
India426
China 161
Brazil20
Czech66
Vietnam3
Bulgaria2
Canada3
Korea58
Turkey15
New Zealand1
Mexico8
Russia10
Malaysia 26
Spain25
UAE15 Bangladesh
1
South Africa
5
Sri Lanka4
Morocco2
Iceland11
Taiwan183
Sweden7
Chile3
Italy54
9
Reasons for Using ISO27001
ISO27001
Certification
Population
Total Number of Companies
Export
Import
Technology
Rate of IT Crimes
Social Factors
Laws and Regulations
Politics
Geography
Compliance with Rules
Establishing ISMS
10
Research Model and Analysis
What?
What International Standardization Organizations state about the benefits of the standard
What companies state about ISO27001 Implementation
Factors that affect number of ISO27001 holders : PopulationTotal Number of CompaniesVolume of Trade-Import and Export
Analysis and Model of Research
11
Where? ISO27001
Switzerland Germany UK Austria
Number of
ISO27001
Holders
25
108368
5
12
ISO7001 in Different Categories of Business
0
10
20
30
40
50
60
70
80
90
100
UK Germany AustriaSwitzerland
13
Statistical Analysis (Population)
UK Germany Austria Switzerland SUM
Registration (O) 366.00 110.00 24.00 5.00 505.00
Registration (E) 193.10 261.82 26.04 24.00 505.00
Population 60,776,238.00 82,400,996.00 8,199,783.00 7,554,661.00 158,931,678.00
Number of Registrations Population Total 1 366 60776238 60776604 193.11 60776410.89 154.774 0.000 2 110 82400996 82401106 261.83 82400844.17 88.040 0.000 3 24 8199783 8199807 26.05 8199780.95 0.162 0.000 4 5 7554661 7554666 24.00 7554642.00 15.046 0.000
Total 505 158931678 158932183 Chi-Sq = 258.023, DF = 3, P-Value = 0.000
14
Statistical Analysis (Total Number of Companies)
UK Germany Austria Switzerland SUM
Registration (O) 366.00 110.00 24.00 5.00 505.00
Registration (E) 188.41 272.38 15.11 29.00 505.00
Company 2,016,700.00 2,915,482.00 161,732.00 311,324.00 5,405,238.00
Number of Number of Registrations Companies Total 1 366 2016334 2016700 188.42 2016511.58 167.375 0.016 2 110 2915372 2915482 272.39 2915209.61 96.809 0.009 3 24 161708 161732 15.11 161716.89 5.230 0.000 4 5 311319 311324 29.09 311294.91 19.946 0.002
Total 505 5404733 5405238 Chi-Sq = 289.387, DF = 3, P-Value = 0.000
15
Statistical Analysis (Export)
UK Germany Austria Switzerland SUM
Registration (O) 366.00 110.00 24.00 5.00 505.00
Registration (E) 118.69 310.58 35.34 40.37 505.00
Export 348,430.00 911,742.00 103,742.00 118,527.00 1,482,441.00
Number of Number of Registrations Companies Total 1 366 2016334 2016700 188.42 2016511.58 167.375 0.016 2 110 2915372 2915482 272.39 2915209.61 96.809 0.009 3 24 161708 161732 15.11 161716.89 5.230 0.000 4 5 311319 311324 29.09 311294.91 19.946 0.002
Total 505 5404733 5405238 Chi-Sq = 289.387, DF = 3, P-Value = 0.000
16
Statistical Analysis (Import)
UK Germany Austria Switzerland SUM
Registration (O) 366.00 110.00 24.00 5.00 505.00
Registration (E) 166.87 259.00 37.81 40.39 505.00
Import 461,076.00 718,150.00 104,489.00 111,603.00 1,395,318.00
Number of Registrations Population Total 1 366 461076 461442 166.95 461275.05 237.334 0.086 2 110 718150 718260 259.86 718000.14 86.425 0.031 3 24 104489 104513 37.81 104475.19 5.045 0.002 4 5 111603 111608 40.38 111567.62 30.998 0.011
Total 505 1395318 1395823 Chi-Sq = 359.933, DF = 3, P-Value = 0.000
17
Conclusion
Factors that may not contribute to the discrepancy :
Total number of companies Population Volume of trade
Factors that may contribute to the discrepancy : Nature of activities of companies ? Social factors ? Government regulations and policies ? Technology ? Crime and Hacking ? Other factors ?
18
THE END
top related