pecb lead implementer iso 27001, day1phoenix.issa.org/wp-content/uploads/2016/01/0-issa-phx... ·...

1© SecuraStar, LLC. 2012

ISO 27001

in the world today


Agenda

• ISO 27001 worldwide

• Why ISO 27001

• Framework to implement ISO 27001


ISO 27001 worldwide

Source: ISO Annual Survey


ISO 27001 worldwide


Number of Certificates

Year 2006 2007 2008 2009 2010 2011 2012 2013 2014

TOTAL 5797 7732 9246 12935 15626 17355 19620 22349 23972

Africa 6 10 16 47 46 40 64 99 81

Central / South America 18 38 72 100 117 150 203 272 277

North America 79 112 212 322 329 435 552 712 836

Europe 1064 1432 2172 3563 4800 5289 6379 7952 8710

East Asia and Pacific 4210 5550 5807 7394 8788 9665 10422 10861 11303

Central and South Asia 383 519 839 1303 1328 1497 1668 2002 2253

Middle East 37 71 128 206 218 279 332 451 512

Regional share - in %

Year 2006 2007 2008 2009 2010 2011 2012 2013 2014

TOTAL 100% 100% 100% 100% 100% 100% 100% 100% 100%

Africa 0.1% 0.1% 0.2% 0.4% 0.3% 0.2% 0.3% 0.4% 0.3%

Central / South America 0.3% 0.5% 0.8% 0.8% 0.7% 0.9% 1.0% 1.2% 1.2%

North America 1.4% 1.4% 2.3% 2.5% 2.1% 2.5% 2.8% 3.2% 3.5%

Europe 18.4% 18.5% 23.5% 27.5% 30.7% 31.1% 32.5% 35.6% 36.3%

East Asia and Pacific 72.6% 71.8% 62.8% 57.2% 56.2% 55.2% 53.1% 48.6% 47.2%

Central and South Asia 6.6% 6.7% 9.1% 10.1% 8.5% 8.5% 8.5% 9.0% 9.4%

Middle East 0.6% 0.9% 1.4% 1.6% 1.4% 1.6% 1.7% 2.0% 2.1%


ISO 27001 worldwide

Annual growth - absolute numbers

Year 2007 2008 2009 2010 2011 2012 2013 2014

TOTAL 1935 1514 3689 2691 1883 2265 2729 1623

Africa 4 6 31 -1 -6 24 35 -18

Central / South America 20 34 28 17 33 53 69 5

North America 33 100 110 7 104 117 160 124

Europe 368 740 1391 1237 646 1090 1573 758

East Asia and Pacific 1340 257 1587 1394 876 757 439 442

Central and South Asia 136 320 464 25 169 171 334 251

Middle East 34 57 78 12 61 53 119 61

Annual growth - in %

Year 2007 2008 2009 2010 2011 2012 2013 2014

TOTAL 33% 20% 40% 21% 12% 13% 14% 7%

Africa 67% 60% 194% -2% -13% 60% 55% -18%

Central / South America 111% 89% 39% 17% 28% 35% 34% 2%

North America 42% 89% 52% 2% 32% 27% 29% 17%

Europe 35% 52% 64% 35% 13% 21% 25% 10%

East Asia and Pacific 32% 5% 27% 19% 10% 8% 4% 4%

Central and South Asia 36% 62% 55% 2% 13% 11% 20% 13%

Middle East 92% 80% 61% 6% 28% 19% 36% 14%



ISO 27001 worldwide

Top 10 countries for ISO/IEC 27001 growth - 2014

1 United Kingdom 338

2 China 292

3 India 239

4 Australia 101

5 United States of America 98

6 Ireland 77

7 Italy 69

8 Germany 59



ISO 27001 worldwide

Top five industrial sectors for ISO/IEC 27001 certificates 2014

1 Information technology 4933

2 Other Services 867

3 Construction 454

4 Transport, storage and communication 327

5 Electrical and optical equipment 287



ISO 27001 worldwide

Top 10 countries for ISO/IEC 27001 certificates - 2014

1 Japan 7181

2 United Kingdom 2261

3 India 2170

4 China 2002

5 Italy 970

6 Romania 893

7 Taipei, Chinese 781

8 Spain 701

9 United States of America 664

10 Germany 640



ISO 27001 worldwide

Why only 664

In the USA?

Few Frameworks

or Control Catalogues

Local Frameworks

& Control Catalogues


Why ISO 27001

• Sony Pictures - a major online attack that

resulted in employees’ personal data and

corporate correspondence being leaked

• JPMorgan Chase & Co. a data breach that

affected 76 million households and seven million

small businesses

2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute


Why ISO 27001

Global study at a glance

• 350 companies in 11 countries

• $3.79 million is the average total cost of a data breach

• 23% increase in total cost of data breach since 2013

• $154 is the average cost per lost or stolen record

• 12% percent increase in per capita cost since 2013



Why ISO 27001


The three major reasons contributing to a higher cost of

data breach in 2015:

• Cyber attacks have increased in frequency and in the cost to

remediate the consequences

• The consequences of lost business are having a greater impact on

the cost of data breach

• Data breach costs associated with detection and escalation increased


Why ISO 27001

• Hackers and criminal insiders cause the most data breaches

• Forty-seven percent of all breaches in this year’s study were

caused by malicious or criminal attacks

• The loss of customers increases the cost of data breach

• Business continuity management plays an important role in

reducing the cost of data breach



Why ISO 27001

• Cyber Terrorism

• Cyber Wars

• Cyber Crime

(surpasses “old” weapons and drugs)


Why ISO 27001

Spyware

Worms

Trojan horses

Some other threats out there...

Ransomware


Why ISO 27001

What about GRC

Compliance???

International

encryption laws

Legal/Regulatory

requirements


Why ISO 27001

Why ISO 27001?

• It is the only internationally recognized standard

• Powerful framework/tool to manage information security

• Must have for global presence and demanding market

• Improves processes and reduces costs

• Allows better management decisions

• Manages risks proactively

• Improves resilience and business continuity

• Increases competitiveness


ISO 27001 is a Framework of processes and procedures

19

4 – Context of the Organization

4 - CONTEXT OF THE ORGANIZATION

SCOPE

&

BOUNDARIES

LEGAL

REGULATORY

CONTRACTUAL

20

5 – Leadership & Commitment

21

6 – Planning

22

7 – Support

23

8 – Operation

24

9 – Performance Evaluation

25

10 – Improvement


Roadmap to implement ISO 27001

Get Certified!!!


Questions?

pecb lead implementer iso 27001, day1phoenix.issa.org/wp-content/uploads/2016/01/0-issa-phx... ·...

Documents