IS YOUR ORGANISATION’S INFORMATION SECURE?

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Advertisements

“The definitive risk assessment tool for ISO27001 implementation and certification” Copyright © Vigilant Software Ltd Introducing The definitive,
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Dr. Julian Lo Consulting Director ITIL v3 Expert
PERFORMANCE FOR ALL The Project & the System. A HE project co-ordinated by University of Bristol, open to HE internationally. Developing the requirements.
Security Controls – What Works
Viewpoint Consulting – Committed to your success.
Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO Certification.
Welcome ISO9001:2000 Foundation Workshop.
365 IT CONSULTANCY AND PROJECTS PTY (LTD) 04 Smuts Park Corner Northey & Smuts Ave Witbank 1039 Phone: Fax:
Effectively applying ISO9001:2000 clauses 5 and 8
Consultancy.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Information Security Management BS 7799 now ISO 17799:2000 Paul M Kane nic.AC wwTLD Meeting Argentina April 2005.
SecureAware Building an Information Security Management System.
Evolving IT Framework Standards (Compliance and IT)
GRC - Governance, Risk MANAGEMENT, and Compliance
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
UL UK – European Affiliates Briefing – 6 July July 2004  The High Performance Organisation Group Ltd Online Auditing European Affiliates Briefing.
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
Information Security tools for records managers Frank Rankin.
Royal Scientific Society Eng. Nael Almulki. Royal Scientific Society FunctionsAbout RSS RSS was established in 1970 as an independent, not-for- profit.
CMMI Certification - By Global Certification Consultancy.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Delivering value to the NHS Customer Satisfaction.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
People Inc. from P&A Software
Accountability & Structured Privacy Management
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Learn Your Information Security Management System
Integrated Management System and Certification
Microsoft 365 Get help with regulatory compliance
of our Partners and Customers
12.2 Conduct Procurements The process of obtaining seller responses, selecting a seller and awarding the contract The team applies selection criteria.
Getting Started with cPacket
GDPR Awareness and Training Workshop
Senior Team Briefing Implementing 360 Degree Feedback.
Microsoft Corporation
Project proposal for ISO 27001:2013 implementation
I have many checklists: how do I get started with cyber security?
The session will commence at Please mute your microphone
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
People Inc. from P&A Software
Chapter 8 Developing an Effective Ethics Program
Managed Content Services
How to conduct Effective Stage-1 Audit
Key Value Indicators (KVIs)
Portfolio, Programme and Project
How to build your Integrated
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
DSC Contract Management Committee Meeting
ISO 9001.
COBIT 5 and GRC Date.
General Data Protection Regulation “11 months in”
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Protect data in core business applications
DSC Contract Management Committee Meeting
OU BATTLECARD: Oracle Identity Management Training
Presentation transcript:

IS YOUR ORGANISATION’S INFORMATION SECURE?

WOULD YOU COMPLY TODAY TO THE ISO 27001 STANDARD?

IN MOST CASES TODAY THE ANSWER WOULD BE …NO! Are you aware that… 87% of UK businesses today are highly dependant on electronic information and the systems that process it 94% of businesses had a security incident last year The UK Cabinet Office requires all central government departments to appoint a Senior Information Risk Owner at Board level The ODPM is actively encouraging local government to meet national standards for information security Source: DTI Report “UK's Information Security Breaches Survey 2004”

ISO 27001 Risk Assessment Tool from Introducing v1.0 ISO 27001 Risk Assessment Tool from

Vigilant Software Ltd a joint venture company formed by… Top Solutions (UK) Ltd …an award winning market leader in software development for managing opportunities, risks and business continuity and IT Governance Ltd …globally acknowledged as a leading authority on IT governance and information security

WHAT IS ISO 27001? Objective: to align information security management with business compliance and risk reduction objectives Focuses on the availability, confidentiality and integrity of organisational information; and only on those risks relevant to the business justified financially & commercially through a risk assessment ISO 27001 is a management standard not a technical standard; a key pillar of corporate governance & best practice ISO 27001 is the standard for ISMS (Information Security Management System) and helps identify, manage and reduce the range of risks to which information is regularly subjected

BENEFITS - ISO 27001 CERTIFICATION Providing a framework for resolving security issues; focusing only on those relevant to your specific organisation Enhancing the confidence and perception of your clients, stakeholders and partners Increasingly become a differentiator in contract tenders Breeding internal and external confidence in the management of risk within your organisation Increasing security awareness throughout the business via staff training and involvement Helping develop best practice Helping adherence to the Standard proving business continuity is managed professionally and vigilantly in the event of a catastrophe continued…

BENEFITS - ISO 27001 CERTIFICATION (CONTINUED) Risk assessments are central to initial / ongoing ISO 27001 certification they …must be carried out in line with the specific steps set out in the Standard …must be carried out at individual asset level with a structured analysis of threats, vulnerabilities and impacts to acceptable levels of risk …must be recorded and repeat assessments must give comparable results VSRisk is an outstanding product that …was designed with the user in mind …automates and simplifies the user experience of this essential process …offers online support and feedback as standard

vsRisk: Unique Features Automates and delivers an ISO/IEC 27001-compliant risk assessment Uniquely, can assess confidentiality, integrity & availability for each of business, legal and contractual aspects of information assets – as required by ISO 27001 Comprehensive best-practice alignment: Supports ISO/IEC 17799 Complies with BS7799-3:2006 Conforms to ISO/IEC TR 13335-3:1998 Conforms to NIST SP 800-30 Complies with the UK’s Risk Assessment Standard Wizard-based approach simplifies and accelerates the risk assessment process; Integrated, regularly updated, BS7799-3 compliant threat and vulnerability databases;

KEY FEATURES Asset by asset ID of threats and vulnerabilities A process to assign all relevant ISO 27001 Annex A controls Easily import additional controls to deal with additional risks Integrated threats and vulnerability databases These databases are continually updated to ensure that they are the most up to date available anywhere with one year of free updates built into price Customisable management scale and risk acceptance criteria Helps define the scope and business requirements, policy and objectives for the ISMS Wizard-based approach to simply and accelerate the process for undertaking risk assessments Produces an audit-ready Statement of Applicability Detailed gap analysis helps drive forward the risk treatment plan

KEY FEATURES (continued) Integrated audit trail and comparative history Helps develop an ISMS asset inventory Capture business, legal and contractual requirements against each asset Ability to assess confidentiality, integrity and availability against each asset Inbuilt intuitive help feature Asset monitor allows asset owners to import and export asset information Backup and restore capability Simplifies a business-critical but complex task – meaning external training not required

GENERIC BENEFITS Supports and complies with ISO 27001, ISO 17799 and BS7799-3 information security and risk assessment standards Customisable by client to meet specific needs when introducing new risks, vulnerabilities and controls without the additional cost of involving consultants or developers Control deficiencies quickly identified by integrated Gap Analysis tool preventing costly failures downstream…….if sufficient controls are not robust enough then Gap Analysis alerts client of this situation Highly searchable audit trail and version tracking ensuring the right information is quickly accessible providing mandatory compliance feature plus huge savings in time and cost Leads to better informed decision making; impacting on performance, continuity, profitability and business value Protects integrity and reputation with minimum implementation and training……..increasing confidence of suppliers and customers at affordable cost

GENERIC BENEFITS (continued) Software generates consistent results in line with compliance requirements………ISO27001 involves regular continuous assessment Associated support available from the industry experts as VSRisk is a tool developed by acknowledged risk management experts Facilitates asset management via asset inventory build…….spin-off benefit of asset inventory for other purposes e.g. investment planning, auditing, hardware security etc Asset inventory is built automatically by involving all asset owners in the business or organisation…….introduces benefit of risk appreciation and ownership throughout the organisation Archived results uniquely make the tool’s output comparable and reproducible ensuring compliance and significant time savings

If you have any questions or require a demonstration please phone… 0845 070 1750 or email… servicecentre@itgovernance.co.uk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.