using vsrisk to carry out a risk assessment

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Phil Hare

Information Risk Consultant and

Vigilant Software Product Manager Friday March 15th

PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.

Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE

Using vsRisk to carry out a risk

assessment

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Phil Hare

• An information security professional with many years’ experience of

information security risk assessments

• Heavily involved in the specification and creation of one of the

leading software tools for ISO27001 compliant risk assessments

available today.

• A broad knowledge of the technical, procedural, methodological and

theoretical aspects of Information Security Risk Assessment.

• Instrumental in successful ISMS development projects across a

wide range of organisations. Currently the architect and product

manager for the Vigilant Software product suite, focusing on

incorporating a broad range of compliance objectives into a usable

and efficient software suite.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Today’s Webinar in Context

• Today’s webinar is #3 in a series of 4 educational

webinars.

• The 4 webinars are designed to take you on a learning

journey:

• Webinar 1 - Why IS027001?

• Webinar 2 – The Importance of risk management.

• Webinar 3 (Today) – Using vsRisk to carry out a risk

assessment.

• Webinar 4 – Maintaining/updating your risk assessment.

Registration details of future webinars at the end.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Today’s Agenda

• A short 20-30 minutes educational and informative talk:

• Quick recap of last 2 week’s webinar – Why ISO27001 and the

importance of risk management.

• What is a risk assessment?

• Carrying out a risk assessment using vsRisk - software

demonstration.

• Ample time for Q&A at the end

• Next steps including 1 upcoming educational webinar.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Recap – last 2 webinars

In the last 2 webinars we covered:

• What is information security?

• What is an information security management system (ISMS)?

• What is ISO27001?

• Why should I and my organisation care about ISO27001?

• The importance of risk management.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

What is a risk assessment?

• A risk assessment is the core competence of

information security management.

• ISO27001 explicitly asks for:

• a risk assessment to be carried out before any controls are

selected and implemented.

• every control to be justified by a risk assessment.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

What is a risk assessment?

• The risk assessment must:

• Identify the threat/vulnerability combinations that have a

likelihood of impacting the confidentiality, availability or integrity

of each asset within a scope.

• This must be done from a business, compliance or contractual

perspective.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

What is a risk assessment?

• From completing a risk assessment:

• Spend on controls is balanced against business harm, likely to

result from security failures.

• Information security management decisions are entirely made by the outcomes from a risk assessment.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

How do I carry out a risk assessment?

• Modern software tools take the pain out of risk

assessment.

• vsRisk is the industry-leading ISO27001-compliant risk

assessment tool.

• vsRisk has simplified and automated the information

security risk assessment process for many organisations

across the globe, both large and small.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

What can vsRisk do for you?

• Simplification: minimises the manual hassle and

complexity from carrying out an ISO27001 risk

assessment, saving time and resources.

• Replication: risk assessments can be repeated easily in

a standard format year after year.

• Generates Reports: for sharing across the business and

with auditors.

• Automation: the best and most efficient way to carry out

a risk assessment.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

vsRisk - Demo

Software demonstration – carrying out a risk assessment

using vsRisk.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Questions – we welcome them all!

Please type your questions into the Webex chat window –

responses will generally be verbal and shared with all

delegates.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Next Steps – Upcoming Educational Webinar

• Maintaining and Updating your Risk Assessment -

Thursday March 21st, 4pm UK Time

• Register at www.vigilantsoftware.co.uk/webinars.aspx

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Before the next webinar…

Read a book…

Read the world's first practical e-book

guidance on achieving ISO27001

certification and the nine

essential steps to an effective ISMS

implementation.

Available for £29.95 at

http://www.vigilantsoftware.co.uk/pr

oduct/1651.aspx

Download a free trial of vsRisk

The cyber security risk assessment

tool compliant to ISO 27001 that

automates and accelerates the risk

management process.

15-day free trial at

http://www.vigilantsoftware.co.uk

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Next Steps – Special March offer of risk

assessment software vsRisk

• Purchases of vsRisk in March will include for free the information

security risk management standard, ISO 27005 (worth £100) and a

copy of the book Information Security Risk Management for ISO

27001/ISO 27002 (worth £39.95).

• To claim this offer, please visit www.vigilantsoftware.co.uk.

• Offer valid until Thursday March 28th.

“The definitive risk assessment tool for ISO27001 certification”

Copyright © Vigilant Software Ltd 2013

Next Steps – Want to know more?

• If you would like to know more about IS027001, including

how to carry out an ISO27001-compliant risk

assessment using vsRisk, please visit

http://www.vigilantsoftware.co.uk or email

servicecentre@vigilantsoftware.co.uk.

• Free trial of vsRisk available at

http://www.vigilantsoftware.co.uk