Download - Using vsRisk to carry out a risk assessment
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Phil Hare
Information Risk Consultant and
Vigilant Software Product Manager Friday March 15th
PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.
Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE
Using vsRisk to carry out a risk
assessment
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Phil Hare
• An information security professional with many years’ experience of
information security risk assessments
• Heavily involved in the specification and creation of one of the
leading software tools for ISO27001 compliant risk assessments
available today.
• A broad knowledge of the technical, procedural, methodological and
theoretical aspects of Information Security Risk Assessment.
• Instrumental in successful ISMS development projects across a
wide range of organisations. Currently the architect and product
manager for the Vigilant Software product suite, focusing on
incorporating a broad range of compliance objectives into a usable
and efficient software suite.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Webinar in Context
• Today’s webinar is #3 in a series of 4 educational
webinars.
• The 4 webinars are designed to take you on a learning
journey:
• Webinar 1 - Why IS027001?
• Webinar 2 – The Importance of risk management.
• Webinar 3 (Today) – Using vsRisk to carry out a risk
assessment.
• Webinar 4 – Maintaining/updating your risk assessment.
Registration details of future webinars at the end.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Agenda
• A short 20-30 minutes educational and informative talk:
• Quick recap of last 2 week’s webinar – Why ISO27001 and the
importance of risk management.
• What is a risk assessment?
• Carrying out a risk assessment using vsRisk - software
demonstration.
• Ample time for Q&A at the end
• Next steps including 1 upcoming educational webinar.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Recap – last 2 webinars
In the last 2 webinars we covered:
• What is information security?
• What is an information security management system (ISMS)?
• What is ISO27001?
• Why should I and my organisation care about ISO27001?
• The importance of risk management.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is a risk assessment?
• A risk assessment is the core competence of
information security management.
• ISO27001 explicitly asks for:
• a risk assessment to be carried out before any controls are
selected and implemented.
• every control to be justified by a risk assessment.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is a risk assessment?
• The risk assessment must:
• Identify the threat/vulnerability combinations that have a
likelihood of impacting the confidentiality, availability or integrity
of each asset within a scope.
• This must be done from a business, compliance or contractual
perspective.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is a risk assessment?
• From completing a risk assessment:
• Spend on controls is balanced against business harm, likely to
result from security failures.
• Information security management decisions are entirely made by the outcomes from a risk assessment.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
How do I carry out a risk assessment?
• Modern software tools take the pain out of risk
assessment.
• vsRisk is the industry-leading ISO27001-compliant risk
assessment tool.
• vsRisk has simplified and automated the information
security risk assessment process for many organisations
across the globe, both large and small.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What can vsRisk do for you?
• Simplification: minimises the manual hassle and
complexity from carrying out an ISO27001 risk
assessment, saving time and resources.
• Replication: risk assessments can be repeated easily in
a standard format year after year.
• Generates Reports: for sharing across the business and
with auditors.
• Automation: the best and most efficient way to carry out
a risk assessment.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
vsRisk - Demo
Software demonstration – carrying out a risk assessment
using vsRisk.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Questions – we welcome them all!
Please type your questions into the Webex chat window –
responses will generally be verbal and shared with all
delegates.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Upcoming Educational Webinar
• Maintaining and Updating your Risk Assessment -
Thursday March 21st, 4pm UK Time
• Register at www.vigilantsoftware.co.uk/webinars.aspx
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Before the next webinar…
Read a book…
Read the world's first practical e-book
guidance on achieving ISO27001
certification and the nine
essential steps to an effective ISMS
implementation.
Available for £29.95 at
http://www.vigilantsoftware.co.uk/pr
oduct/1651.aspx
Download a free trial of vsRisk
The cyber security risk assessment
tool compliant to ISO 27001 that
automates and accelerates the risk
management process.
15-day free trial at
http://www.vigilantsoftware.co.uk
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Special March offer of risk
assessment software vsRisk
• Purchases of vsRisk in March will include for free the information
security risk management standard, ISO 27005 (worth £100) and a
copy of the book Information Security Risk Management for ISO
27001/ISO 27002 (worth £39.95).
• To claim this offer, please visit www.vigilantsoftware.co.uk.
• Offer valid until Thursday March 28th.
“The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Want to know more?
• If you would like to know more about IS027001, including
how to carry out an ISO27001-compliant risk
assessment using vsRisk, please visit
http://www.vigilantsoftware.co.uk or email
• Free trial of vsRisk available at
http://www.vigilantsoftware.co.uk