Embed Size (px)
DESCRIPTION
ISO 27001 is an internationally recognized standard that addresses information security. Implementing a well-known standard as a measure of effectiveness will greatly improve the effectiveness of your information security program. It can also provide guidance in the development of a security strategy. Earning certification can make information security audits less difficult, too. Take a look at the infoGraphic below to see how ISO 27001 can help you.
Citation preview
A SYSTEMATIC APPROACH WHICH YOUR AUDITORS USE, HELPS TO ANTICIPATE THREATS TO YOUR ORGANIZATION'S INFORMATION ASSETS, AND DEVELOP PLANS TO MITIGATE THEM. THE BEST POLICY IS TO ADOPT
ISO 27001, THE MOST UNIVERSALLY ACCEPTED STANDARD FOR INFORMATION SECURITY THE WORLD OVER.
For more infoContact us @ [email protected]
REGISTER FOR A 2 DAY FREE ISO-27001 GAP ANALYSIS- DIP STICK ASSESSMENT : http://www.intigrow.com/free-information-security-assessment-offer.html
1 GAP ANALYSIS INTIGROW SECURITY PROFESSIONALS WILL CONDUCT AN ANALYSIS OF GAPS IN YOUR CURRENT SYSTEM AGAINST THE REQUIREMENTS OF ISO 27001 INCLUDING A PHYSICAL SECURITY REVIEW.
2 RISK ASSESSMENT THIS IS THE MOST CRUCIAL PHASE OF THE IMPLEMENTATION, WHEREIN AN ASSET REGISTER CONTAINING ALL THE INFORMATION ASSETS OF THE ORGANIZATION IS BUILT.
3 RISK TREATMENT DURING THIS PHASE INTIGROW WILL FORMULATE A STRATEGY FOR THE IMPLEMENTATION OF THE CONTROLS SELECTED IN THE PREVIOUS PHASE.
4 CONTROL IMPLEMENTATION THE IMPLEMENTATION ROADMAP, WHICH IS THE OUTCOME OF THE PREVIOUS PHASE WILL GUIDE YOUR ORGANIZATION'S TEAM IN THE IMPLEMENTATION OF THE IDENTIFIED CONTROLS.
5 ISMS READINESS REVIEW THIS PHASE WILL REVIEW YOUR READINESS TO ACHIEVE ISO 27001 CERTIFICATION.
6 CERTIFICATION AUDIT FINALLY, YOU WILL FACE THE CERTIFICATION BODY'S TEAM OF AUDITORS WITH OUR ASSISTANCE.
ISO 27001 IS THE ONLY AUDITABLE INTERNATIONAL STANDARD WHICH DEFINES THE REQUIREMENTS FOR AN INFORMATION SECURITY MANAGEMENT SYSTEM ISMS.
ISO27001 IMPLEMENTATION STRATEGY IS BASED ON A PHASED APPROACH:
UNDERSTANDING AND COMMUNICATING THE RISKS IS KEY TO EFFECTIVE SECURITY
93%42%
33%
26%
OF LARGE ORGANISATIONS DON’T PROVIDE ANY ONGOING SECURITY AWARENESS TRAINING TO THEIR STAFF AND 10% DON’T EVEN BRIEF STAFF
ON INDUCTION
OF RESPONDENTS HAVEN’T BRIEFED THEIR BOARD ON SECURITY RISKS IN THE LAST YEAR AND 19% HAVE NEVER DONE SO
OF LARGE ORGANISATIONS SAY RESPONSIBILITIES FOR ENSURING DATA IS
PROTECTED AREN’T CLEAR AND ONLY 22% SAY THEY ARE VERY CLEAR
OF COMPANIES WHERE THE SECURITY POLICY WAS POORLY UNDERSTOOD HAD STAFFRELATED BREACHES VERSUS 47% WHERE THE POLICY WAS WELL UNDERSTOOD
SECURITY BREACHES REACH HIGHEST EVER LEVELS IN 2012
93% 87%
OF LARGE ORGANISATIONS HAD A SECURITY BREACH
OF SMALL BUSINESSES HAD A SECURITY BREACHUP FROM 76% A YEAR AGO
OVERVIEW OF INFORMATION SECURITY BREACHES IN 2012 AND HOW ISO 27001 AUDIT CAN HELP
OF THE WORST SECURITY BREACHES IN THE YEAR WERE CAUSED BY INADVERTENT HUMAN ERROR AND A FURTHER 10% BY DELIBERATE MISUSE OF SYSTEMS BY STAFF
OF THESE
36% 57% 17%
OF SMALL BUSINESSES KNOW THEIR STAFF BROKE DATA PROTECTION REGULATIONS IN THE LAST YEAR UP FROM 11% A YEAR AGO
OF SMALL BUSINESSES SUFFERED STAFFRELATED SECURITY BREACHES IN THE LAST YEAR UP FROM 45% A YEAR AGO
