1. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Alan CalderCEO, Vigilant SoftwareThursday May 9thPLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICEWhy ISO 27001 for my Organisation?

2. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Alan Calder CEO and founder of Vigilant Software. Acknowledged information security/risk managementthought leader. Managed the worlds first successful ISO 27001 (thenBS7799) implementation project in 1996. Frequent media commentator on risk managementissues. Co-author of vsRisk the definitive cyber security riskassessment tool. 3. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Todays Webinar in Context Todays webinar is #1 in a series of 4 educationalwebinars. The 4 webinars are designed to take you on a learningjourney: Webinar 1 (Today) - Why ISO 27001 for my Organisation? Webinar 2 The Importance of risk management. Webinar 3 Carrying out a risk assessment using vsRisk. Webinar 4 Maintaining/updating your risk assessment usingvsRisk. Registration details of these webinars at the end. 4. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Todays Agenda A short 20-30 minutes educational and informative talk on: What is information security? What is an information security management system (ISMS)? What is ISO 27001? The drivers for ISO 27001. Why should my organisation care about ISO 27001? Accredited Certification. The central role of risk assessment in ISO 27001. Ample time for Q&A. Next steps. 5. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013What is information security?Preservation of confidentiality, integrity and availability ofinformation; in addition, other properties such asauthenticity, accountability, non-repudiation and reliabilitycan also be involved.ISO/IEC 27001:2005 6. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013What is an ISMS?Information Security Management System (ISMS):Systematic approach to managing confidential or sensitivecorporate information so that it remains secure. 7. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013What is ISO 27001? An ISMS standard that replaced BS77799-2:2002 in late 2005. The worlds only cyber security standard. Formally specifies an ISMS that is intended to bring informationsecurity under explicit management control. Best practice specification that helps businesses and organisationsthroughout the world develop a best-in-class ISMS. Adopts the Plan-Do-Check-Act (PDCA) model. 8. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Plan-Do-Check-Act 9. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Drivers for ISO 27001 Clients need confidence in their supply chain. Breaches of Personal Data can bring fines up to 500kby the Information Commissioner. Data Handling Review 2008 better information securityin Govt and down the food chain. Improved reputational protection. Balance expenditure to the information security risk. 10. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 1 - ComplianceISO 27001 can bring in the methodology that enablesorganisations to comply in the most efficient way.Certification is often the quickest return on investment ifan organisation must comply to various regulationsregarding data protection, privacy and IT governance(particularly if it is a financial, health or governmentorganisation). 11. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 2 - Marketing edgeIn a market which is more and more competitive, it issometimes very difficult to find something that willdifferentiate you in the eyes of your customers. ISO 27001could be indeed a unique selling point, especially if youhandle clients sensitive information. 12. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 3 - Lowering the expensesInformation security is usually considered as a cost with noobvious financial gain. However, there is financial gain ifyou lower your expenses caused by incidents. Youprobably do have interruption in service, or occasional dataleakage, or disgruntled employees. Or disgruntled formeremployees. 13. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Why should my organisation care about ISO27001?Reason 4 - Putting your business in orderISO 27001 is particularly good in sorting out those thornymanagement system issues it forces you to define veryprecisely both the responsibilities and duties, and thereforestrengthen your internal organisation. 14. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Accredited CertificationProvides evidence of Information Security ManagementSystem assurance.Verified by independent auditor.In UK authority is UKAS Accredited Certification scheme:World wide recognition.National certification body member of InternationalAccreditation Forum. 15. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013The central role of risk assessment in ISO 27001ISO 27001:2005 conformance requires implementation anddocumentation of an Information Security ManagementSystem (ISMS) implementing controls selected inaccordance with 4.2..1.g, (control objectives in Annex A) 16. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013The central role of risk assessment in ISO 27001Structured ISMS gives: Best practice. Marketing opportunities. Compliance to Corporate Governance requirements. Appropriate action to comply with law. Systematic approach to risks. Credibility with staff, customers and partner organisations. Informed decisions on security investments. 17. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Next Steps Upcoming Educational Webinars Webinar 2 - The Importance of Risk Management - Thursday May16th, 4pm UK Time (Next week). Webinar 3 - Carrying out a Risk Assessment using vsRisk -Thursday May 23rd, 4pm UK Time. Webinar 4 - Maintaining and Updating your Risk Assessmentusing vsRisk - Thursday May 30th, 4pm UK Time. Includesannouncement of special offer for vsRisk for webinar registrants.Registration details at http://www.vigilantsoftware.co.uk/webinars.aspx 18. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Before the next webinarsRead a bookRead the worlds first practical e-bookguidance on achieving ISO 27001certification and the nineessential steps to an effective ISMSimplementation.Available for 25.95 (usually 29.95)http://www.vigilantsoftware.co.uk/product/1651.aspxDownload a free trial of vsRiskThe cyber security risk assessmenttool compliant to ISO 27001 thatautomates and accelerates the riskmanagement process.15-day free trial athttp://www.vigilantsoftware.co.uk 19. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Next Steps Want to know more?If you would like to know more about ISO 27001, includinghow to carry out an ISO 27001-compliant risk assessment,please visit http://www.vigilantsoftware.co.uk/ or emailservicecentre@vigilantsoftware.co.uk. 20. The definitive risk assessment tool for ISO27001 certificationCopyright Vigilant Software Ltd 2013Questions we welcome them all!Please type your questions into the gotowebinar chatwindow responses will generally be verbal and sharedwith all delegates.