Scribd Logo
Upload

Welcome to Scribd!

  • ISO 27001 Benefits

    Uploaded by

    Dejan Košutić
    820 views14 pages
    Short Powerpoint presentation for the management that describes the benefits of ISO 27001, and the process of its implementation.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Short Powerpoint presentation for the management that describes the benefits of ISO 27001, and the process of its implementation.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    820 views14 pages

    ISO 27001 Benefits

    Uploaded by

    Dejan Košutić
    Short Powerpoint presentation for the management that describes the benefits of ISO 27001, and the process of its implementation.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Benefits of ISO 27001

    About ISO 27001


    • Leading international standard for information
    security management
    • Till the end of year 2009, more than 12,000
    organizations worldwide certified against this
    standard
    • Its purpose is to protect the confidentiality,
    integrity and availability of information
    ISO 27001
    • It is not a technical standard that would
    describe the ISMS into technical detail
    • It does not focus only on information
    technology, but also on other important assets
    at the organization
    ISO 27001
    • Focuses on all business processes and business
    assets
    • Focuses on reducing the risks for information
    that is valuable for the organization
    • Information may or may not be related to
    information technology, may or may not be in
    a digital form
    ISO 27001 benefits
    • Better organizational image because of the
    certificate issued by certification body
    • Lower costs because of the avoided risks
    • The operations in the organization are running
    more smoothly because the responsibilities
    and business processes are clearly defined
    Process of ISO 27001 implementation
    • Phase 1 - Planning
    • Phase 2 - Implementing
    • Phase 3 - Checking
    • Phase 4 - Improving
    Planning the ISMS
    • Policy and objectives
    • Risk assessment & risk treatment
    • Risk Assessment Report
    • Statement of Applicability
    Implementing the ISMS
    • 4 mandatory procedures
    • Risk Treatment Plan
    • Implement all controls
    • Conduct trainings, awareness
    Checking the ISMS
    • Execute monitoring and reviewing procedures
    • Measuring the effectiveness of controls
    • Internal audit
    • Management review
    Improving the ISMS
    • Corrective actions
    • Preventive actions
    Requirements for successful
    implementation
    • Management support (available people +
    funding)
    • Project team
    • Awareness of employees
    Duration of implementation
    • For very small organizations (less than 10
    employees) - up to 4 months
    • For small organizations (10 to 50 employees) -
    up to 8 months
    • For middle sized organizations (50 to 500
    employees) - up to 12 months
    • For large organizations (500 or more
    employees) - up to 18 months
    Cost of implementation
    • It is not possible to calculate the cost before
    the risk assessment is completed and
    applicable controls are identified
    • Majority of investment is usually not in
    technology, but in employees that are
    implementing the ISMS (invested time +
    trainings)
    For more useful information:
    www.iso27001standard.com

    You might also like