iso 27001 benefits
DESCRIPTION
Short Powerpoint presentation for the management that describes the benefits of ISO 27001, and the process of its implementation.TRANSCRIPT
- 1. Benefits of ISO 27001
2. About ISO 27001
- Leading international standard for information security management
- Till the end of year 2009, more than 12 , 000 organizations worldwide certified against this standard
- Its purpose is to protect the confidentiality, integrity and availability of information
3. ISO 27001
- It is not a technical standard that would describe the ISMS into technical detail
- It does not focus only on information technology, but also on other important assets at the organization
4. ISO 27001
- Focuses on all business processes and business assets
- Focuses on reducing the risks for information that is valuable for the organization
- Information may or may not be related to information technology, may or may not be in a digital form
5. ISO 27001 benefits
- Better organizational image because of the certificate issued by certification body
- Lower costs because of the avoided risks
- The operations in the organization are running more smoothly because the responsibilities and business processes are clearly defined
6. Process of ISO 27001 implementation
- Phase 1 - Planning
- Phase 2 - Implementing
- Phase 3 - Checking
- Phase 4 - Improving
7. Planning the ISMS
- Policy and objectives
- Risk assessment & risk treatment
- Risk Assessment Report
- Statement of Applicability
8. Implementing the ISMS
- 4 mandatory procedures
- Risk Treatment Plan
- Implement all controls
- Conduct trainings, awareness
9. Checking the ISMS
- Execute monitoring and reviewing procedures
- Measuring the effectiveness of controls
- Internal audit
- Management review
10. Improving the ISMS
- Corrective actions
- Preventive actions
11. Requirements for successful implementation
- Management support (available people + funding)
- Project team
- Awareness of employees
12. Duration of implementation
- For very small organizations (less than 10 employees) - up to 4 months
- For small organizations (10 to 50 employees) - up to 8 months
- For middle sized organizations (50 to 500 employees) - up to 12 months
- For large organizations (500 or more employees) - up to 18 months
13. Cost of implementation
- It is not possible to calculate the cost before the risk assessment is completed and applicable controls are identified
- Majority of investment is usually not in technology, but in employees that are implementing the ISMS (invested time + trainings)
14. For more useful information: www.iso27001standard.com