Sie sind auf Seite 1von 14

Benefits f of f ISO SO 2 27001 001

About ISO SO 27001


Leading international standard for information security management year 2009, , more than 12,000 , Till the end of y organizations worldwide certified against this standard Its purpose is to protect the confidentiality, integrity and availability of information

2011 Information Security & Business Continuity Academy www.iso27001standard.com

ISO SO 27001
It is not a technical standard that would describe the ISMS into technical detail y on information It does not focus only technology, but also on other important assets at the organization g

2011 Information Security & Business Continuity Academy www.iso27001standard.com

ISO SO 27001
Focuses on all business processes and business assets g the risks for information Focuses on reducing that is valuable for the organization Information may or may not be related to information technology, may or may not be in a digital form

2011 Information Security & Business Continuity Academy www.iso27001standard.com

ISO SO 27001 benefits f


Best framework for complying with information security legislation g image g because of the Better organizational certificate issued by certification body Lower costs because of the prevented incidents The operations in the organization are optimized because the responsibilities and business processes are clearly defined
2011 Information Security & Business Continuity Academy www.iso27001standard.com 5

Process of ISO 27001 implementation


Phase 1 - Planning Phase 2 - Implementing Phase 3 - Checking Phase 4 - Improving

2011 Information Security & Business Continuity Academy www.iso27001standard.com

Planning the ISMS S S


Policy and objectives Risk assessment & risk treatment Risk Assessment Report Statement of Applicability

2011 Information Security & Business Continuity Academy www.iso27001standard.com

Implementing the ISMS S S


4 mandatory procedures Risk Treatment Plan Implement all controls Conduct trainings, awareness

2011 Information Security & Business Continuity Academy www.iso27001standard.com

C Checking the ISMS S S


Execute monitoring and reviewing procedures Measuring the effectiveness of controls Internal audit Management review

2011 Information Security & Business Continuity Academy www.iso27001standard.com

Improving the ISMS S S


Corrective actions Preventive actions

2011 Information Security & Business Continuity Academy www.iso27001standard.com

10

Requirements for successful implementation


Management support (available people + funding) j team Project Awareness of employees

2011 Information Security & Business Continuity Academy www.iso27001standard.com

11

Duration of implementation
For very small organizations (less than 10 employees) - up to 4 months g ( (10 to 50 employees) p y ) For small organizations - up to 8 months For middle sized organizations (50 to 500 employees) - up to 12 months For large organizations (500 or more employees) - up to 18 months
2011 Information Security & Business Continuity Academy www.iso27001standard.com 12

C Cost of f implementation
It is not possible to calculate the cost before the risk assessment is completed and applicable controls are identified Majority of investment is usually not in technology, gy, but in employees p y that are implementing the ISMS (invested time + trainings) g )

2011 Information Security & Business Continuity Academy www.iso27001standard.com

13

F more information: For i f ti


www.iso27001standard.com

Das könnte Ihnen auch gefallen