Upload File

are you ready for iso27001 - missing the linq€¦ ·  · 2017-06-06are you ready for...

  • Home
  • Documents
  • Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –
7
ARE YOU READY FOR ISO27001:2013 A Simple Guide ABSTRACT If you’re thinking about implementing ISO 27001:2013, then this guide will help you make an assessment of whether you’re ready to face the challenges ahead MISSING THE LINQ 2016

Upload: dothuan

Post on 09-Apr-2018

215 views

Category:

Documents


1 download

Report

TRANSCRIPT

Page 1: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADY

FOR

ISO27001:2013ASimpleGuide

ABSTRACTIfyou’rethinkingaboutimplementingISO27001:2013,thenthisguidewillhelpyoumakeanassessmentofwhetheryou’rereadytofacethechallengesahead

MISSINGTHELINQ2016

Page 2: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 2

AREYOUREADYFORISO27001:2013?

ASIMPLEGUIDE

INTRODUCTION

Ifyou’rethinkingaboutimplementingISO27001:2013,thenthisguidewillhelpyoumakeanassessmentofwhetheryouarereadyforISO27001:2013.

Byaskingafewsimplequestions,itwillenableyoutomaketherightdecisionforyouandyourbusinessandhelpyouavoidmakingacostlymistake.

FollowtheAreYouReadyforISO27001:2013–ASimpleGuidetolearnwhatisrequired.

Ifyouwantmoredetailedinformationorhelpinjumpstartingyouraccreditationprocessthengotoourwebsitewww.missingthelinq.comformoreinformationorsendusanemailatcontact@missingthelinq.com

Page 3: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 3

QUESTION1–ISYOURMANAGEMENTTEAMCOMMITTED?

Unlessyouhavethebackingoftheseniormanagementteamand/oramemberoftheseniorteammanagementleadingtheprojectitwillfail.

Theyshouldbethedrivingforcebehindtheprogramme,theyneedtocompletelyunderstandthestrategicissuesaroundITgovernanceandinformationsecurityandthevalueofsuccessfulcertification.Iftheseniormanagementarenotbehindthisproject,thereislittlepointinproceeding,certificationwillnotbeawardedwithoutclearevidenceofsuchcommitment.

ManagementsupportisveryimportantasanISMSprojectcutsacrossallpartsofanorganisation,andthereforeallkeyleadersneedtobeonside.

QUESTION2–DOYOUHAVEAGOODBUSINESSCULTURE?

WithoutStaffBuy-inyouwillnotachievetheoutcomesrequired,IS27001:2013isaboutbusinesschangeandthoseaffectedbychangeneedtobeon-board.

Everyonewillanswerthisquestionwithapositive,allpeoplebelievethattheyhaveagoodbusinesscultureandsomewillevenbelievetheyhavethebestbusinessculture.However,youhavetoanswerthisquestionhonestly.

Aprofessionalorganisationisonewhereeveryoneknowswhattheyareresponsiblefor,whytheydoitandwhatisexpectedfromthem.Anopennesstochangeisabenefitwhenadoptingstandardsaswellasgoodcommunicationandhighlevelsofstaffengagement.

Page 4: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 4

QUESTION3–AREYOUALREADYMEETINGTHEREQUIRMENTS?

Awellorganisedcompany,withgoodstructureandorganisationandsupportingprocessesandpeopleopentochangeandwilingtolearnmay

alreadybeonthepathtoaccreditation.

Inordertounderstandhowfaryourorganisationisfromaccreditationandhowmuchworkisrequiredtoachieveit,itisworthgettingholdofacopyofthestepbystepguidestoimplementingISO27001:2013thiswillgiveyouasimpleintroductiontotheStandardandaninsightofwhatisrequired.

Furthermore,itisrecommendedbeforecommittingyourselftothefullprojectthatagapanalysisisperformed.Atop-downapproachissuggestedasthiswillgettothecriticalloopholesquicklyandidentifygapsupfrontbeforeembarkingonacostlyproject.

ThiscanbedoneusingtheStatementofApplicability(SoA)asguidanceonwhichcontrolsneedtobeputinplaceandonwhichthemanagementsystemswillbebased.

QUESTION4–DOYOUHAVEAVAILABLEBUDGET&RESOURCES?

FailtoPlan,PlantoFail-ofcoursewhileitisnecessary,itisnotsufficienttojusthaveaplan,havingtherightlevelofresourceandbudgetiscriticalwhen

implementingtheproject.

NoteveryorganisationcanaffordtheluxuryofadedicatedInformationSecurityOfficer,oraSecurityManager,nordoeseveryorganisationhavetheskillsorcompetenciesin-housetodelivertheproject.

Likewise,somemayhaveimplementedtheISOstandardinapreviousrole,orhavebackgroundsincreatingmanagementsystems.

ThegoodnewsisthatpeopleofalltypeshavesuccessfullyimplementedISO27001:2013andachievedcertification,itmaytakealittlelongerdependingonexperience.

Page 5: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 5

QUESTION5–WHATARETHERISKS/COSTSOFNOTBEINGACCREDITED?

RiskassessmentisattheheartoftheStandardandmustbebusinessdriven,itshouldreflectlegal,regulatoryandcontractualrequirements,understanding

whattherisksaretothebusinessnotbeingaccreditedarecrucial.

Therequirementultimatelyisthattheriskassessmentshouldtakeintoaccountboththeorganisationscontextaswellasrequirementsofthirdpartieswhomayhaveaninterest.

Theorganisationneedstodetermineitscriteriaforacceptingrisksandidentifythelevelsofriskitiswillingtoaccept.Ariskassessmentisaprocessthatcombinesriskanalysisandriskevaluation.Riskanalysisistheuseofinformationtoestimaterisk.

Riskevaluationistheprocessofcomparingtheestimatedriskagainstgivenriskcriteriatodetermineitssignificance

Inotherwords;whatistherealisticlikelihoodofariskoccurring,andtheharmlikelytoresultfromtherisk.

QUESTION6–WILLITMAKEYOUABETTERBUSINESS?

Thefinalquestionyoushouldaskyourself,isgoingthroughallthehardwork,timeandeffortacrossallpartsoftheorganisation,implementingchangeand

controlsgoingtomakeyouabetterbusiness?

AlotofworkandcommitmentisgoingtoberequiredtoimplementISO27001:2013,alotofchangewillneedtobemanagedacrossalotoftheorganisationandthereforetherehastobeatangiblebusinessbenefit,whichismeasurableandquantifiable.

AcknowledgingthatISO27001:2013‘isagoodidea’,ordoingtheprojectforthetickintheboxisnotthereasontoputtheorganisationthroughthechangesrequired.Therewillbemorebeneficialprojectstoworkonwhichwillhavebiggerreturnsoninvestment,howeverdependingontheanswerstotheabove5questionsitwillgiveyouagoodindicationofwherethisprojectssitsintermsofprioritisationandwhetheritfitsinyourorganisationsstrategyornot.

Page 6: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 6

GLOSSARYOFTERMS

StatementofApplicability(SoA)–IsoneofthekeydocumentsintheISO27001:2013Standard.Itidentifiesthecontrolsrelevanttothebusinessandexplainswhythosecontrolshavebeenselectedtotreattheidentifiedrisks.

TheSoAdefineshowtheinformationsecurityprogrammewillbeimplementedandisthelinkbetweentheriskassessmentandimplementationoftheinformationsecurityprocesses.TheSoAexplainswhichofthesuggested114controlsfromAnnexAwillbeappliedandjustifiesanyexcludedcontrols.

RiskAssessment–Ariskassessmentcombinestwotechniquesariskanalysisandariskevaluation.

RiskAnalysis-Usesinformationtoidentifypossiblesourcesofrisk.Itusesinformationtoidentifythreatsoreventsthathaveaharmfulordetrimentalimpact.Itthenestimatestheriskbyaskingwhatistheprobabilityofthateventoccurring,andwhatimpactwouldithaveifitoccurred?

RiskEvaluation–Comparestheestimatedriskwithasetofriskcriteria.Thisisdonetodeterminehowsignificanttheriskreallyis.

RiskAcceptance–IspartoftheRiskTreatmentdecisionmakingprocess,meaningtheriskisacceptablegivencertaincontrolsareinplaceortheriskhasbeenmitigatedinsomeotherway.

Controls–Inthecontextofinformationsecuritymanagement,acontrolisanyadministrative,managerial,technical,orlegalmethodthatisusedtomodifyormanageinformationsecurityrisk.Controlscanincludethingssuchaspractises,processes,policiesandorganisationstructures.Controlsaresometimesreferredtoasksafeguardsorcountermeasures.

InformationSecurityManagementSystem(ISMS)–Includesallofthepolicies,procedures,documents,records,plans,guidelines,agreements,contracts,processes,practises,methods,activities,roles,responsibilities,relationships,tools,techniques,technologies,resourcesandstructuresthatareusedtoprotectandpreserveinformation,tomanageandcontrolinformationsecurityrisksandtoachievebusinessobjectives.

Page 7: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 7

MissingtheLinq9FarncombeLaneOakwoodDerbyDE212AYRegisteredinEnglandandWalesNo.9832076

WEB:www.missingthelinq.com EMAIL:[email protected]


The Missing LINQ - Captatorcaptator.dk/downloads/TheMissingLinq_cs_2013-11-28.pdfVisual Studio og .NET frameworket december 2013 The Missing LINQ 3 En platform i udvikling Juni 2000

ISO27001 Persian

Julián Enrique Verdezoto Celi. Conceptos Generales LINQ en objetosDEMO LINQ y XMLDEMO LINQ y SQLDEMO

ISO27001 - Awareness Presentation v1.2

ISO27001 Case Study

ISO27001 ProcessImplementation

Information security management iso27001

Eduardo Quintás. Guía Novedades en C# 3.0 Fundamentos de LINQ Linq To Objects Linq To XML Linq To Entities Recursos

BSi ISO27001 Transition Guide

ISO27001 - Checklist Capítulo9

Information Security & ISO27001

Complying ISO27001

O-ISM3 vs ISO27001

ISO27001 Introduction Basic

ISO27001 - Auditoria SI

29 iso27001 isms

BTRWatch ISO27001 GRC Software

Auditor Interno ISO27001

ISO27001 Checklist

ISO27001 - A Business View

Fra DS484 til ISO27001

ISO27001 compliance and Privileged Access Monitoring · ISO27001 compliance and Privileged Access Monitoring Author: Unknown Subject: ISO27001:2013 and activity monitoring for privileged

BSI ISO27001 Requirements R1

Iso27001(tieng anh)

Iso27001 sgsi

integracija - iso27001-iso20000

ISO27001 Español

© 2012 ISO27k Forum. ISO27001 - Roadmap © 2012 ISO27k Forum ISO27001 ISO27001 formally specifies how to establish an Information Security Management

Implementing ISO27001 2013

BSi ISO27001:2013 Rev1

Language Integrated Query: An introduction - … · Language Integrated Query: An introduction. What is LINQ? ... SQL LINQ to Objects LINQ to XML LINQ to Datasets LINQ to Enes LINQ

BSi ISO27001 Mapping Guide

GANPAT UNIVERSITY...LINQ to Objects: Introduction to LINQ, LINQ Query Syntax, LINQ Query Operators, LINQ Query Methods 2 ASP.NET Core ASP.NET Core Introduction, Razor Syntax, Create

LINQ - Krzysztof Stencelstencel.mimuw.edu.pl/sem/sbd1/linq.pdf · • Składnia zaczerpnięta z SQL. ... Uniwersalność • LINQ to Objects • LINQ to XML • LINQ to SQL • LINQ

1 LinQ Introduction. Outline Goals of LinQ Anatomy of a LinQ query More expression examples LinQ to Objects LinQ to XML LinQ to SQL 2