Scribd Logo
Upload

Welcome to Scribd!

  • Benefits of ISO 27001

    Uploaded by

    oropeza65
    13 views14 pages

    Original Title

    ISO_27001_benefits.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views14 pages

    Benefits of ISO 27001

    Uploaded by

    oropeza65

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Benefits of ISO 27001

    About ISO 27001


    Leading international standard for information
    security management
    Till the end of year 2009, more than 12,000
    organizations worldwide certified against this
    standard
    Its purpose is to protect the confidentiality,
    integrity and availability of information

    2 2011 27001Academy www.iso27001standard.com
    ISO 27001
    It is not a technical standard that would
    describe the ISMS into technical detail
    It does not focus only on information
    technology, but also on other important
    assets at the organization

    3 2011 27001Academy www.iso27001standard.com
    ISO 27001
    Focuses on all business processes and
    business assets
    Focuses on reducing the risks for information
    that is valuable for the organization
    Information may or may not be related to
    information technology, may or may not be in
    a digital form
    4 2011 27001Academy www.iso27001standard.com
    ISO 27001 benefits
    Best framework for complying with
    information security legislation
    Better organizational image because of the
    certificate issued by certification body
    Lower costs because of the prevented
    incidents
    The operations in the organization are
    optimized because the responsibilities and
    business processes are clearly defined
    5 2011 27001Academy www.iso27001standard.com
    Process of ISO 27001
    implementation
    Phase 1 - Planning
    Phase 2 - Implementing
    Phase 3 - Checking
    Phase 4 - Improving
    6 2011 27001Academy www.iso27001standard.com
    Planning the ISMS
    Policy and objectives
    Risk assessment & risk treatment
    Risk Assessment Report
    Statement of Applicability
    7 2011 27001Academy www.iso27001standard.com
    Implementing the ISMS
    4 mandatory procedures
    Risk Treatment Plan
    Implement all controls
    Conduct trainings, awareness

    8 2011 27001Academy www.iso27001standard.com
    Checking the ISMS
    Execute monitoring and reviewing procedures
    Measuring the effectiveness of controls
    Internal audit
    Management review
    9 2011 27001Academy www.iso27001standard.com
    Improving the ISMS
    Corrective actions
    Preventive actions
    10 2011 27001Academy www.iso27001standard.com
    Requirements for successful
    implementation
    Management support (available people +
    funding)
    Project team
    Awareness of employees
    11 2011 27001Academy www.iso27001standard.com
    Duration of
    implementation
    For very small organizations (less than 10
    employees) - up to 4 months
    For small organizations (10 to 50 employees)
    - up to 8 months
    For middle sized organizations (50 to 500
    employees) - up to 12 months
    For large organizations (500 or more
    employees) - up to 18 months
    12 2011 27001Academy www.iso27001standard.com
    Cost of implementation
    It is not possible to calculate the cost before
    the risk assessment is completed and
    applicable controls are identified
    Majority of investment is usually not in
    technology, but in employees that are
    implementing the ISMS (invested time +
    trainings)
    13 2011 27001Academy www.iso27001standard.com
    For more information:
    www.iso27001standard.com

    You might also like