Upload File

Download - Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

Transcript
Page 1: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADY

FOR

ISO27001:2013ASimpleGuide

ABSTRACTIfyou’rethinkingaboutimplementingISO27001:2013,thenthisguidewillhelpyoumakeanassessmentofwhetheryou’rereadytofacethechallengesahead

MISSINGTHELINQ2016

Page 2: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 2

AREYOUREADYFORISO27001:2013?

ASIMPLEGUIDE

INTRODUCTION

Ifyou’rethinkingaboutimplementingISO27001:2013,thenthisguidewillhelpyoumakeanassessmentofwhetheryouarereadyforISO27001:2013.

Byaskingafewsimplequestions,itwillenableyoutomaketherightdecisionforyouandyourbusinessandhelpyouavoidmakingacostlymistake.

FollowtheAreYouReadyforISO27001:2013–ASimpleGuidetolearnwhatisrequired.

Ifyouwantmoredetailedinformationorhelpinjumpstartingyouraccreditationprocessthengotoourwebsitewww.missingthelinq.comformoreinformationorsendusanemailatcontact@missingthelinq.com

Page 3: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 3

QUESTION1–ISYOURMANAGEMENTTEAMCOMMITTED?

Unlessyouhavethebackingoftheseniormanagementteamand/oramemberoftheseniorteammanagementleadingtheprojectitwillfail.

Theyshouldbethedrivingforcebehindtheprogramme,theyneedtocompletelyunderstandthestrategicissuesaroundITgovernanceandinformationsecurityandthevalueofsuccessfulcertification.Iftheseniormanagementarenotbehindthisproject,thereislittlepointinproceeding,certificationwillnotbeawardedwithoutclearevidenceofsuchcommitment.

ManagementsupportisveryimportantasanISMSprojectcutsacrossallpartsofanorganisation,andthereforeallkeyleadersneedtobeonside.

QUESTION2–DOYOUHAVEAGOODBUSINESSCULTURE?

WithoutStaffBuy-inyouwillnotachievetheoutcomesrequired,IS27001:2013isaboutbusinesschangeandthoseaffectedbychangeneedtobeon-board.

Everyonewillanswerthisquestionwithapositive,allpeoplebelievethattheyhaveagoodbusinesscultureandsomewillevenbelievetheyhavethebestbusinessculture.However,youhavetoanswerthisquestionhonestly.

Aprofessionalorganisationisonewhereeveryoneknowswhattheyareresponsiblefor,whytheydoitandwhatisexpectedfromthem.Anopennesstochangeisabenefitwhenadoptingstandardsaswellasgoodcommunicationandhighlevelsofstaffengagement.

Page 4: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 4

QUESTION3–AREYOUALREADYMEETINGTHEREQUIRMENTS?

Awellorganisedcompany,withgoodstructureandorganisationandsupportingprocessesandpeopleopentochangeandwilingtolearnmay

alreadybeonthepathtoaccreditation.

Inordertounderstandhowfaryourorganisationisfromaccreditationandhowmuchworkisrequiredtoachieveit,itisworthgettingholdofacopyofthestepbystepguidestoimplementingISO27001:2013thiswillgiveyouasimpleintroductiontotheStandardandaninsightofwhatisrequired.

Furthermore,itisrecommendedbeforecommittingyourselftothefullprojectthatagapanalysisisperformed.Atop-downapproachissuggestedasthiswillgettothecriticalloopholesquicklyandidentifygapsupfrontbeforeembarkingonacostlyproject.

ThiscanbedoneusingtheStatementofApplicability(SoA)asguidanceonwhichcontrolsneedtobeputinplaceandonwhichthemanagementsystemswillbebased.

QUESTION4–DOYOUHAVEAVAILABLEBUDGET&RESOURCES?

FailtoPlan,PlantoFail-ofcoursewhileitisnecessary,itisnotsufficienttojusthaveaplan,havingtherightlevelofresourceandbudgetiscriticalwhen

implementingtheproject.

NoteveryorganisationcanaffordtheluxuryofadedicatedInformationSecurityOfficer,oraSecurityManager,nordoeseveryorganisationhavetheskillsorcompetenciesin-housetodelivertheproject.

Likewise,somemayhaveimplementedtheISOstandardinapreviousrole,orhavebackgroundsincreatingmanagementsystems.

ThegoodnewsisthatpeopleofalltypeshavesuccessfullyimplementedISO27001:2013andachievedcertification,itmaytakealittlelongerdependingonexperience.

Page 5: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 5

QUESTION5–WHATARETHERISKS/COSTSOFNOTBEINGACCREDITED?

RiskassessmentisattheheartoftheStandardandmustbebusinessdriven,itshouldreflectlegal,regulatoryandcontractualrequirements,understanding

whattherisksaretothebusinessnotbeingaccreditedarecrucial.

Therequirementultimatelyisthattheriskassessmentshouldtakeintoaccountboththeorganisationscontextaswellasrequirementsofthirdpartieswhomayhaveaninterest.

Theorganisationneedstodetermineitscriteriaforacceptingrisksandidentifythelevelsofriskitiswillingtoaccept.Ariskassessmentisaprocessthatcombinesriskanalysisandriskevaluation.Riskanalysisistheuseofinformationtoestimaterisk.

Riskevaluationistheprocessofcomparingtheestimatedriskagainstgivenriskcriteriatodetermineitssignificance

Inotherwords;whatistherealisticlikelihoodofariskoccurring,andtheharmlikelytoresultfromtherisk.

QUESTION6–WILLITMAKEYOUABETTERBUSINESS?

Thefinalquestionyoushouldaskyourself,isgoingthroughallthehardwork,timeandeffortacrossallpartsoftheorganisation,implementingchangeand

controlsgoingtomakeyouabetterbusiness?

AlotofworkandcommitmentisgoingtoberequiredtoimplementISO27001:2013,alotofchangewillneedtobemanagedacrossalotoftheorganisationandthereforetherehastobeatangiblebusinessbenefit,whichismeasurableandquantifiable.

AcknowledgingthatISO27001:2013‘isagoodidea’,ordoingtheprojectforthetickintheboxisnotthereasontoputtheorganisationthroughthechangesrequired.Therewillbemorebeneficialprojectstoworkonwhichwillhavebiggerreturnsoninvestment,howeverdependingontheanswerstotheabove5questionsitwillgiveyouagoodindicationofwherethisprojectssitsintermsofprioritisationandwhetheritfitsinyourorganisationsstrategyornot.

Page 6: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 6

GLOSSARYOFTERMS

StatementofApplicability(SoA)–IsoneofthekeydocumentsintheISO27001:2013Standard.Itidentifiesthecontrolsrelevanttothebusinessandexplainswhythosecontrolshavebeenselectedtotreattheidentifiedrisks.

TheSoAdefineshowtheinformationsecurityprogrammewillbeimplementedandisthelinkbetweentheriskassessmentandimplementationoftheinformationsecurityprocesses.TheSoAexplainswhichofthesuggested114controlsfromAnnexAwillbeappliedandjustifiesanyexcludedcontrols.

RiskAssessment–Ariskassessmentcombinestwotechniquesariskanalysisandariskevaluation.

RiskAnalysis-Usesinformationtoidentifypossiblesourcesofrisk.Itusesinformationtoidentifythreatsoreventsthathaveaharmfulordetrimentalimpact.Itthenestimatestheriskbyaskingwhatistheprobabilityofthateventoccurring,andwhatimpactwouldithaveifitoccurred?

RiskEvaluation–Comparestheestimatedriskwithasetofriskcriteria.Thisisdonetodeterminehowsignificanttheriskreallyis.

RiskAcceptance–IspartoftheRiskTreatmentdecisionmakingprocess,meaningtheriskisacceptablegivencertaincontrolsareinplaceortheriskhasbeenmitigatedinsomeotherway.

Controls–Inthecontextofinformationsecuritymanagement,acontrolisanyadministrative,managerial,technical,orlegalmethodthatisusedtomodifyormanageinformationsecurityrisk.Controlscanincludethingssuchaspractises,processes,policiesandorganisationstructures.Controlsaresometimesreferredtoasksafeguardsorcountermeasures.

InformationSecurityManagementSystem(ISMS)–Includesallofthepolicies,procedures,documents,records,plans,guidelines,agreements,contracts,processes,practises,methods,activities,roles,responsibilities,relationships,tools,techniques,technologies,resourcesandstructuresthatareusedtoprotectandpreserveinformation,tomanageandcontrolinformationsecurityrisksandtoachievebusinessobjectives.

Page 7: Are you ready for ISO27001 - Missing the Linq€¦ ·  · 2017-06-06ARE YOU READY FOR ISO27001:2013 MISSING THE LINQ 2016 6 GLOSSARY OF TERMS Statement of Applicability (SoA) –

AREYOUREADYFORISO27001:2013

MISSINGTHELINQ2016 7

MissingtheLinq9FarncombeLaneOakwoodDerbyDE212AYRegisteredinEnglandandWalesNo.9832076

WEB:www.missingthelinq.com EMAIL:[email protected]


Top Related

29 iso27001 isms
29 iso27001 isms
1 LinQ Introduction. Outline Goals of LinQ Anatomy of a LinQ query More expression examples LinQ to Objects LinQ to XML LinQ to SQL 2
1 LinQ Introduction. Outline Goals of LinQ Anatomy of a LinQ query More expression examples LinQ to Objects LinQ to XML LinQ to SQL 2
Introduction Linq to objects Expressions Linq to Sql Linq to Xml
Introduction Linq to objects Expressions Linq to Sql Linq to Xml
Fra DS484 til ISO27001
Fra DS484 til ISO27001
Iso27001 sgsi
Iso27001 sgsi
ISMS ISO27001:2005
ISMS ISO27001:2005
MEE T THE FUTURE - Caesars Forum · linq lane linq lane linq lane escalators to sky bridge (harrah's, linq, monorail) linq promenade linq promenade valet high roller winnick avenue
MEE T THE FUTURE - Caesars Forum · linq lane linq lane linq lane escalators to sky bridge (harrah's, linq, monorail) linq promenade linq promenade valet high roller winnick avenue
BSi ISO27001 Transition Guide
BSi ISO27001 Transition Guide