lean isms - an iso27001 based system for smbs
DESCRIPTION
TRANSCRIPT
LEAN ISMS - An ISO27001 based Security Management System for SMBs
Security as a Manageable BoX
2© Happiest Minds - All rights reserved
In this Presentation
• Challenges faced by SMBs• Happiest Minds Value Proposition• Happiest Minds Solution • Managing a secure posture• Benefits of Lean ISMS
3© Happiest Minds - All rights reserved
Security Challenges for SMBs
Constantly under pressure to remain focused on business growth
Quick to adapt new technologies but often lack security budget
Can’t afford time, effort, skills & other resources
Often remain in the dark about threats, risks & compliance
Finally, rush to vendors to put in some quick measures
The rush and quick measures pose a new set of challenges
G
C
P
C
S
R
4© Happiest Minds - All rights reserved
Value Proposition
• Adopt an integrated approach early
Get secure in the shortest possible time
• Why and how• Educate, Establish, Ensure Effectiveness, Efficiency &
Enhancement
Become aware of what needs to be maintained
• Monitor, Measure & Manage
SMB – Security as a Manageable Box
5© Happiest Minds - All rights reserved
Strategy for LISMS
Start small and start early and• Avoid waiting for the moment to arrive
Institute a baseline program• To achieve a baseline, GRC or ISO27001 is an overkill
Avoid plunging into ISO27001• ISO is good but is often too heavy for SMBs
Need to be nimble, got more business to do• Pay for it instead of owning it
6© Happiest Minds - All rights reserved
Solution - Lean ISMS
What is lean ISMS
Why is it required
What’s different about it
How am I doing it
1
2
3
4
7© Happiest Minds - All rights reserved
What is LEAN ISMS ?
LEAN ISMS is simple
Designed for SMBs
Enables quicker adoption
Focuses on compliance through Security
Helps pace integration of security into your business
Simplifies PDCA
8© Happiest Minds - All rights reserved
Why Lean ISMS ?
Certification is not the goal
Focus on getting “Security” right• no rush, no audit, no non-
compliance• Security in your own business
terms
Paced integration of security aspects• Into business & support processes• With maximum support from
users/stakeholders• Certification based security loses
sheen post certification
See, smell, touch, taste and hear Security• Preparing in advance has its own
benefits and• No one is watching your
compliance posture except you
9© Happiest Minds - All rights reserved
What do we “Manage” in GRC ?
Maintain policies, Manage Risks
Assess complianceOnce in a quarter• At People, Process &
Technology levels Record changes and incidentsTrack risk levels and help
mitigateAssist in communicating audit
and compliance reporting About Risk & Security posture
10© Happiest Minds - All rights reserved
What’s in the Box?
People Process
Governance, Risk Management & Security
Technology
Security as a Manageable Box
11© Happiest Minds - All rights reserved
Benefits to Business Leaders
Get your “Security House” in order
Quickly, effectively and efficiently
Lets you focus on risks strategically
Strategically and tactically
Control Security & Compliance costs
Know your GRC budget for the next three years
Ensure Compliance by action, every time
12© Happiest Minds - All rights reserved
Benefits to IT, Security, Risk, Audit & Compliance Leaders
Know your risks
Realize your potential to absorb risks
Know your controls
Protect your assets based on risk appetite
Ensure Security is by design
Take part in business performance, actively