isms implementation workshop adaptive processes consulting pvt. ltd
TRANSCRIPT
ISMS Implementation Workshop
Adaptive Processes Consulting Pvt. Ltd.
© Adaptive Processes Consulting
Experience World Class Processes!
Contents
• Planning• Gap Analysis and
System Definition• Risk Assessment and
Business Continuity Planning
• Implementation• Internal Audits• Stage 1 Audit• Preparations for Stage
2 Audit• Certification Audit
© Adaptive Processes Consulting
Experience World Class Processes!
Benefits of ISMS Implementation
• Provides confidence to Clients on the organization’s ability to maintain information security
• Helps in being prepared for disasters
• Secures companies information assets
• Reduced insurance costs• Better management of
incidents• Better legal compliance• Safer work place• Aware workforce• Provides for a market
differentiator
© Adaptive Processes Consulting
Experience World Class Processes!
ISMS Implementation Road Map
Obtain Commitment
Analyze Technical
Infrastructure
Analyze Gaps
Plan Tech Infrastructur
e
Update Processes
Initial Trainings
Role Based Trainings
Implementations
Review
Improvements
Plan for Implementation
Planning, Review and Communication
Analyze Implement Audit Implement Stage 1Implement Sponsor Stage 2
Planning Phase
© Adaptive Processes Consulting
Experience World Class Processes!
ISMS PDCA Cycle
Interested Parties
Information Security
Requirements And
Expectations
Establish the ISMS
Implement and operate the ISMS
Monitor and review the ISMS
Maintain and improve the
ISMS
Plan
Do Act
Check
Development, Maintenance &
Improvement Cycle
Interested Parties
Managed Information
Security
Plan: Establish security policy, objectives, targets, processes and procedures relevant to managing risk, and improving information security to deliver results in accordance with an organization’s overall policies and objectives
Do: Implement and operate the security policy, controls, processes and procedures
Check: Asses and, where applicable, measure process performance against security policy, objectives and practical experience and report the results to management for review
Act: Take corrective and preventative actions, based on the results of the management review, to achieve continual improvement of the ISMS
© Adaptive Processes Consulting
Experience World Class Processes!
© Adaptive Processes Consulting
Experience World Class Processes!
Initiation and Planning• Kick-off meeting • Project Plan Finalization • Formation of Steering
Committee • Formation of Security Forum • Finalization of External Audit
Agency • Finalization of VAPT agency • Finalize documentation
standard • Establish ISMS Policy and
Objectives • Prepare Statement of
Applicability • Key person orientation training • Define Risk Assessment
Approach
ISMS Implementation Plan
© Adaptive Processes Consulting
Experience World Class Processes!
Challenges of Planning Phase
• Making Information Security an IT Group initiative – A sure recipe for disaster
• Slow Decision Making Process
• Underestimation of the effort needed
• “Not Invented Here” Syndrome
• Big Bang Approach• Inadequate effort planned
for internal communication• No governance mechanism
to involve Senior / Delivery Management
© Adaptive Processes Consulting
Experience World Class Processes!
3 Key Elements of Successful Change Management
• 1st : Communicate• 2nd : Communicate• 3rd : Communicate
© Adaptive Processes Consulting
Experience World Class Processes!
Key Aspects to be Communicated
• How Information Security is critical to business survival and success
• How Information Security is every one’s responsibility
• Individual’s role and responsibility towards Information Security
• Develop a detailed plan and action item tracker
• Consider this as a project and follow good project management practices
© Adaptive Processes Consulting
Experience World Class Processes!
Best Practices for Planning Phase
• Involve all functions in the organization
• Be creative in Business Continuity Planning
• Have adequate resources
• Pilot in one unit• Develop Governance
Mechanism• Consider automation
for ISMS
Gap Analysis and
ISMS System Definition Phase
© Adaptive Processes Consulting
Experience World Class Processes!
Gap Analysis Phase
• Conduct gap analysis wrt existing policies and procedures
• Develop and review ISMS policies
• Risk Identification and Treatment
• Initiate Business Continuity Plan
• Conduct VAPT• Develop and review ISMS
Processes• Develop Awareness
Training Material• Conduct Awareness
Trainings• Finalize dates for
Document Review and Certification Audit