pecb lead implementer iso 27001, day1phoenix.issa.org/wp-content/uploads/2016/01/0-issa-phx... ·...
TRANSCRIPT
1© SecuraStar, LLC. 2012
ISO 27001
in the world today
2© SecuraStar, LLC. 2012
Agenda
• ISO 27001 worldwide
• Why ISO 27001
• Framework to implement ISO 27001
3© SecuraStar, LLC. 2012
ISO 27001 worldwide
Source: ISO Annual Survey
4© SecuraStar, LLC. 2012
ISO 27001 worldwide
Source: ISO Annual Survey
Number of Certificates
Year 2006 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 5797 7732 9246 12935 15626 17355 19620 22349 23972
Africa 6 10 16 47 46 40 64 99 81
Central / South America 18 38 72 100 117 150 203 272 277
North America 79 112 212 322 329 435 552 712 836
Europe 1064 1432 2172 3563 4800 5289 6379 7952 8710
East Asia and Pacific 4210 5550 5807 7394 8788 9665 10422 10861 11303
Central and South Asia 383 519 839 1303 1328 1497 1668 2002 2253
Middle East 37 71 128 206 218 279 332 451 512
Regional share - in %
Year 2006 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 100% 100% 100% 100% 100% 100% 100% 100% 100%
Africa 0.1% 0.1% 0.2% 0.4% 0.3% 0.2% 0.3% 0.4% 0.3%
Central / South America 0.3% 0.5% 0.8% 0.8% 0.7% 0.9% 1.0% 1.2% 1.2%
North America 1.4% 1.4% 2.3% 2.5% 2.1% 2.5% 2.8% 3.2% 3.5%
Europe 18.4% 18.5% 23.5% 27.5% 30.7% 31.1% 32.5% 35.6% 36.3%
East Asia and Pacific 72.6% 71.8% 62.8% 57.2% 56.2% 55.2% 53.1% 48.6% 47.2%
Central and South Asia 6.6% 6.7% 9.1% 10.1% 8.5% 8.5% 8.5% 9.0% 9.4%
Middle East 0.6% 0.9% 1.4% 1.6% 1.4% 1.6% 1.7% 2.0% 2.1%
5© SecuraStar, LLC. 2012
ISO 27001 worldwide
Annual growth - absolute numbers
Year 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 1935 1514 3689 2691 1883 2265 2729 1623
Africa 4 6 31 -1 -6 24 35 -18
Central / South America 20 34 28 17 33 53 69 5
North America 33 100 110 7 104 117 160 124
Europe 368 740 1391 1237 646 1090 1573 758
East Asia and Pacific 1340 257 1587 1394 876 757 439 442
Central and South Asia 136 320 464 25 169 171 334 251
Middle East 34 57 78 12 61 53 119 61
Annual growth - in %
Year 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 33% 20% 40% 21% 12% 13% 14% 7%
Africa 67% 60% 194% -2% -13% 60% 55% -18%
Central / South America 111% 89% 39% 17% 28% 35% 34% 2%
North America 42% 89% 52% 2% 32% 27% 29% 17%
Europe 35% 52% 64% 35% 13% 21% 25% 10%
East Asia and Pacific 32% 5% 27% 19% 10% 8% 4% 4%
Central and South Asia 36% 62% 55% 2% 13% 11% 20% 13%
Middle East 92% 80% 61% 6% 28% 19% 36% 14%
Source: ISO Annual Survey
6© SecuraStar, LLC. 2012
ISO 27001 worldwide
Top 10 countries for ISO/IEC 27001 growth - 2014
1 United Kingdom 338
2 China 292
3 India 239
4 Australia 101
5 United States of America 98
6 Ireland 77
7 Italy 69
8 Germany 59
Source: ISO Annual Survey
7© SecuraStar, LLC. 2012
ISO 27001 worldwide
Top five industrial sectors for ISO/IEC 27001 certificates 2014
1 Information technology 4933
2 Other Services 867
3 Construction 454
4 Transport, storage and communication 327
5 Electrical and optical equipment 287
Source: ISO Annual Survey
8© SecuraStar, LLC. 2012
ISO 27001 worldwide
Top 10 countries for ISO/IEC 27001 certificates - 2014
1 Japan 7181
2 United Kingdom 2261
3 India 2170
4 China 2002
5 Italy 970
6 Romania 893
7 Taipei, Chinese 781
8 Spain 701
9 United States of America 664
10 Germany 640
Source: ISO Annual Survey
9© SecuraStar, LLC. 2012
ISO 27001 worldwide
Why only 664
In the USA?
Few Frameworks
or Control Catalogues
Local Frameworks
& Control Catalogues
10© SecuraStar, LLC. 2012
Why ISO 27001
• Sony Pictures - a major online attack that
resulted in employees’ personal data and
corporate correspondence being leaked
• JPMorgan Chase & Co. a data breach that
affected 76 million households and seven million
small businesses
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
11© SecuraStar, LLC. 2012
Why ISO 27001
Global study at a glance
• 350 companies in 11 countries
• $3.79 million is the average total cost of a data breach
• 23% increase in total cost of data breach since 2013
• $154 is the average cost per lost or stolen record
• 12% percent increase in per capita cost since 2013
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
12© SecuraStar, LLC. 2012
Why ISO 27001
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
The three major reasons contributing to a higher cost of
data breach in 2015:
• Cyber attacks have increased in frequency and in the cost to
remediate the consequences
• The consequences of lost business are having a greater impact on
the cost of data breach
• Data breach costs associated with detection and escalation increased
13© SecuraStar, LLC. 2012
Why ISO 27001
• Hackers and criminal insiders cause the most data breaches
• Forty-seven percent of all breaches in this year’s study were
caused by malicious or criminal attacks
• The loss of customers increases the cost of data breach
• Business continuity management plays an important role in
reducing the cost of data breach
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
14© SecuraStar, LLC. 2012
Why ISO 27001
• Cyber Terrorism
• Cyber Wars
• Cyber Crime
(surpasses “old” weapons and drugs)
15© SecuraStar, LLC. 2012
Why ISO 27001
Spyware
Worms
Trojan horses
Some other threats out there...
Ransomware
16© SecuraStar, LLC. 2012
Why ISO 27001
What about GRC
Compliance???
International
encryption laws
Legal/Regulatory
requirements
17© SecuraStar, LLC. 2012
Why ISO 27001
Why ISO 27001?
• It is the only internationally recognized standard
• Powerful framework/tool to manage information security
• Must have for global presence and demanding market
• Improves processes and reduces costs
• Allows better management decisions
• Manages risks proactively
• Improves resilience and business continuity
• Increases competitiveness
18© SecuraStar, LLC. 2012
ISO 27001 is a Framework of processes and procedures
19
4 – Context of the Organization
4 - CONTEXT OF THE ORGANIZATION
SCOPE
&
BOUNDARIES
LEGAL
REGULATORY
CONTRACTUAL
20
5 – Leadership & Commitment
21
6 – Planning
22
7 – Support
23
8 – Operation
24
9 – Performance Evaluation
25
10 – Improvement
26© SecuraStar, LLC. 2012
27© SecuraStar, LLC. 2012
Roadmap to implement ISO 27001
Get Certified!!!
28© SecuraStar, LLC. 2012
Questions?