download of presentation deck
TRANSCRIPT
![Page 1: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/1.jpg)
ISO 27001: An Overview ofISMS Implementation Process
Presenter: Dejan Kosutic
![Page 2: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/2.jpg)
©2016 27001Academy www.advisera.com/27001academy
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand
![Page 3: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/3.jpg)
©2016 27001Academy www.advisera.com/27001academy 3
Which are the mandatory steps in ISO 27001 implementation
If you’re planning to implement ISO 27001…
… to succeed, you need to know exactly what’s ahead of you
![Page 4: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/4.jpg)
©2016 27001Academy www.advisera.com/27001academy 4
ISO 27001 doesn’t have to be just another bureaucratic compliance
job – if implemented properly, it can be a very efficient tool to achieve
business benefits
![Page 5: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/5.jpg)
©2016 27001Academy www.advisera.com/27001academy
Agenda
5
• ISO 27k family of standards
• 16 steps towards the certification
• How to sell the idea to management
• How long does it take
• How much does it cost
• How to approach the implementation
• Biggest challenges in implementation
![Page 6: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/6.jpg)
©2016 27001Academy www.advisera.com/27001academy
ISO 27k family of standards
6
ISO 27001
ISO
27004
ISO
27002
ISO
27005
![Page 7: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/7.jpg)
©2016 27001Academy www.advisera.com/27001academy
16 steps towards certification…
Su textoIdentify requirements
Management support
Establishing the
project Project plan
Budget,
HR plan
List of
interested
parties
![Page 8: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/8.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
8
Su texto
Su texto
Su textoScope & management
intention
Risk process
Risk assessment and
treatment
Risk
assessment
methodology
ISMS scope,
Policy,
objectives
Risk
assessment
report
![Page 9: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/9.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
9
Su texto
Su texto
Su textoWhich controls to
implement
Who will implement
controls, deadlines
Define how to mea-
sure the effectiveness
Risk
treatment
plan
Statement of
Applicability
Measurement
methodology
![Page 10: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/10.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
10
Su texto
Su texto
Su textoImplement controls &
support procedures
Implement training &
awareness programs
Operate the ISMS
Records
Documentation
Records
![Page 11: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/11.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification…
11
Su texto
Su texto
Su textoMonitor the ISMS
Internal audit
Management review
Internal audit
report,
corrective
actions
Records
Minutes of the
meeting
![Page 12: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/12.jpg)
©2016 27001Academy www.advisera.com/27001academy
…16 steps towards certification
12
Su textoImprovements
Corrective
actions
![Page 13: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/13.jpg)
©2016 27001Academy www.advisera.com/27001academy
How to sell the idea to management?
13
Benefits!
ComplianceMarketing
edge
Lowering the
expenses
Optimizing business
processes
![Page 14: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/14.jpg)
©2016 27001Academy www.advisera.com/27001academy
How long does it take?
14
• Smaller organizations – up to 8 months
• Medium sized organizations – 8 to 12 months
• Larger organizations – 12+ months
![Page 15: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/15.jpg)
©2016 27001Academy www.advisera.com/27001academy
How much does it cost?
15
Cost structure:
• Direct costs of acquiring knowledge
• Cost of new technology
• Certification body
• Employees time
![Page 16: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/16.jpg)
©2016 27001Academy www.advisera.com/27001academy
How to approach the implementation
16
• With own employees only
• Consultant does it all
• Combination of employees and external help
![Page 17: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/17.jpg)
©2016 27001Academy www.advisera.com/27001academy
Biggest challenges in ISO 27001 implementation
17
• Standards don't fit naturally with organizations
• Not enough knowledge on IT part (e.g., network administration, system administration)
• Resources, both time and staffing
• Not missing any of the requirements and without duplication of efforts
• Companies adopting the standard as part of their DNA, and not just a certificate to hang in reception
![Page 18: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/18.jpg)
©2016 27001Academy www.advisera.com/27001academy
Conclusions
18
If set up properly, ISO 27001 can resolve more issues in your organization than you have
expected.
Discuss with your colleagues the benefits could achieve!
![Page 19: Download of presentation deck](https://reader034.vdocument.in/reader034/viewer/2022052606/5868bb731a28ab5e1c8b48b7/html5/thumbnails/19.jpg)
Q & A
Dejan Kosutic