2. About ISO 27001
- Leading international standard for information security
management
- Till the end of year 2009, more than 12 , 000 organizations
worldwide certified against this standard
- Its purpose is to protect the confidentiality, integrity and
availability of information
3. ISO 27001
- It is not a technical standard that would describe the ISMS
into technical detail
- It does not focus only on information technology, but also on
other important assets at the organization
4. ISO 27001
- Focuses on all business processes and business assets
- Focuses on reducing the risks for information that is valuable
for the organization
- Information may or may not be related to information
technology, may or may not be in a digital form
5. ISO 27001 benefits
- Better organizational image because of the certificate issued
by certification body
- Lower costs because of the avoided risks
- The operations in the organization are running more smoothly
because the responsibilities and business processes are clearly
defined
6. Process of ISO 27001 implementation
7. Planning the ISMS
- Risk assessment & risk treatment
- Statement of Applicability
8. Implementing the ISMS
- Conduct trainings, awareness
9. Checking the ISMS
- Execute monitoring and reviewing procedures
- Measuring the effectiveness of controls
10. Improving the ISMS
11. Requirements for successful implementation
- Management support (available people + funding)
12. Duration of implementation
- For very small organizations (less than 10 employees) - up to 4
months
- For small organizations (10 to 50 employees) - up to 8
months
- For middle sized organizations (50 to 500 employees) - up to 12
months
- For large organizations (500 or more employees) - up to 18
months
13. Cost of implementation
- It is not possible to calculate the cost before the risk
assessment is completed and applicable controls are identified
- Majority of investment is usually not in technology, but in
employees that are implementing the ISMS (invested time +
trainings)
14. For more useful information: www.iso27001standard.com