14
ISO 27001 Benefits
Embed Size (px)
DESCRIPTION
Short Powerpoint presentation for the management that describes the benefits of ISO 27001, and the process of its implementation.
Citation preview
2. About ISO 27001
- Leading international standard for information security
management
- Till the end of year 2009, more than 12 , 000 organizations
worldwide certified against this standard
- Its purpose is to protect the confidentiality, integrity and
availability of information
3. ISO 27001
- It is not a technical standard that would describe the ISMS
into technical detail
- It does not focus only on information technology, but also on
other important assets at the organization
4. ISO 27001
- Focuses on all business processes and business assets
- Focuses on reducing the risks for information that is valuable
for the organization
- Information may or may not be related to information
technology, may or may not be in a digital form
5. ISO 27001 benefits
- Better organizational image because of the certificate issued
by certification body
- Lower costs because of the avoided risks
- The operations in the organization are running more smoothly
because the responsibilities and business processes are clearly
defined
6. Process of ISO 27001 implementation
7. Planning the ISMS
- Risk assessment & risk treatment
- Statement of Applicability
8. Implementing the ISMS
- Conduct trainings, awareness
9. Checking the ISMS
- Execute monitoring and reviewing procedures
- Measuring the effectiveness of controls
10. Improving the ISMS
11. Requirements for successful implementation
- Management support (available people + funding)
12. Duration of implementation
- For very small organizations (less than 10 employees) - up to 4
months
- For small organizations (10 to 50 employees) - up to 8
months
- For middle sized organizations (50 to 500 employees) - up to 12
months
- For large organizations (500 or more employees) - up to 18
months
13. Cost of implementation
- It is not possible to calculate the cost before the risk
assessment is completed and applicable controls are identified
- Majority of investment is usually not in technology, but in
employees that are implementing the ISMS (invested time +
trainings)
14. For more useful information: www.iso27001standard.com