SlideShare a Scribd company logo

ISO 27001 Certification - The Benefits and Challenges

C
Certification Europe

The document discusses the benefits and challenges of implementing ISO 27001:2005, focusing on management commitment, budgeting, and securing peer buy-in. Challenges include conducting thorough risk assessments, managing changes in behavior, and determining the complexity of implementation for SMEs versus corporate environments. Benefits of successful implementation include enhanced security awareness, competitive advantages, potential cost reductions, and improved documentation and evaluation of security processes.

Technology
Related topics:
Information SecurityISO 27001 Overview
1 of 11
Downloaded 168 times
1
2
3
4
5
6
7
8
9
10
11
ISO27001:2005 Implementation: Benefits and Challenges 22 November 2011 Han van Thoor
Subjects discussed: Challenges Managing management and peers Risk Assessment Statement of Applicability Post certification Benefits
Challenges Manage managers Commitment : Is the implementation done because we have to due to our customers/legal reasons or is there a real security awareness within management ? Finance : Is there a real budget, is there a provision for unforseen costs ? Implementation times: how long do you have ?
Challenges Manage peers Buy-in : Translate security policies into accepted work practices Managing change : People might have to change behaviour and procedures
Challenges Risk Assessment Know your assets! Methodology
Challenges Risk Assessment Methodology What are your Key Business Processes (KBP) What information assets are being used by the KPB's How valuable are the assets Score risks against assets to identify highest risks
Challenges Example of a methodology (Integrity+Confidentiality+Availability)*(Likelihood)*(Value)
Challenges Statement of applicability The less the better ?
Challenges Post- certification Maturing the ISMS
SME versus Corporate Implementation Cost Complexity Time SME < 6 months € 0 - ?? Simple, few systems, people, direct lines Corporate < 18 months € 0 - ?? More complex, more systems,more people longer decision times
Benefits Proof of security to third parties (for clients, partners and legal purposes) Competitive advantage: ‘documented quality’ by an independent authority Cost reductions through transparent, optimised structures. Security becomes an integral part of business processes Knowledge and monitoring of the IT risks and residual IT risks Documentation of structures and processes Increased employee awareness of security Evaluation of the organisation’s processes from a security point of view. Prioritising the security of the business operations: business continuity management Globally recognised standard Potential reduction in insurance premiums Referencing the IT process management standard (ITIL) to ISO 27001 Seamless transition from ISO 27001 in management systems to ISO 9000

More Related Content

PPT
ISO 27001 Benefits
Dejan Kosutic
 
PPTX
27001 awareness Training
Dr Madhu Aman Sharma
 
PDF
Isms awareness presentation
Pranay Kumar
 
PDF
What is ISO 27001 ISMS
Business Beam
 
PPTX
Basic introduction to iso27001
Imran Ahmed
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
PDF
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001 Benefits
Dejan Kosutic
 
27001 awareness Training
Dr Madhu Aman Sharma
 
Isms awareness presentation
Pranay Kumar
 
What is ISO 27001 ISMS
Business Beam
 
Basic introduction to iso27001
Imran Ahmed
 
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 

What's hot (20)

PDF
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
PPTX
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
PPTX
What is iso 27001 isms
Craig Willetts ISO Expert
 
PPTX
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
PDF
A to Z of Information Security Management
Mark Conway
 
PPTX
ISO_ 27001:2022 Controls & Clauses.pptx
foram74
 
PPTX
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
PDF
ISO 27001
n|u - The Open Security Community
 
PDF
Why ISO27001 For My Organisation
Vigilant Software
 
PDF
ISO 27005:2022 Overview 221028.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Iso 27001 awareness
Ãsħâr Ãâlâm
 
DOCX
Iso 27001 2013 Standard Requirements
Uppala Anand
 
PPT
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PPS
ISO 27001 2013 isms final overview
Naresh Rao
 
PDF
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
PDF
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
PDF
Information security management system (isms) overview
Julia Urbina-Pineda
 
PDF
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
What is iso 27001 isms
Craig Willetts ISO Expert
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
A to Z of Information Security Management
Mark Conway
 
ISO_ 27001:2022 Controls & Clauses.pptx
foram74
 
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
ISO 27001
n|u - The Open Security Community
 
Why ISO27001 For My Organisation
Vigilant Software
 
ISO 27005:2022 Overview 221028.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Iso 27001 2013 Standard Requirements
Uppala Anand
 
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001 2013 isms final overview
Naresh Rao
 
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
Information security management system (isms) overview
Julia Urbina-Pineda
 
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Ad

Viewers also liked (9)

PDF
Managing Contract Obligations and Milestones with SharePoint
Optimus BT
 
PPTX
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
PDF
ISO 27001
jcfarit
 
PPTX
Types of Information Resources
hisled
 
PPTX
Ims (integrated Management system )
Ascent World
 
PPT
Working with students and ISO27001
Jisc
 
PPT
Information Resources Management
Achmad Solichin
 
PDF
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
PPTX
Iso 27001 isms presentation
Midhun Nirmal
 
Managing Contract Obligations and Milestones with SharePoint
Optimus BT
 
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
ISO 27001
jcfarit
 
Types of Information Resources
hisled
 
Ims (integrated Management system )
Ascent World
 
Working with students and ISO27001
Jisc
 
Information Resources Management
Achmad Solichin
 
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
Iso 27001 isms presentation
Midhun Nirmal
 
Ad

Similar to ISO 27001 Certification - The Benefits and Challenges (20)

PDF
Unlocking the Benefits of ISO 27001 Certification for Information Security.pdf
udyam registration
 
PPT
ISO 27001 Certification-The Gold Standard for Information Security-IAS-GULF-UAE
sm0096157
 
PPT
ISO 27001 Certification-The Gold Standard for Information Security
sm0096157
 
PPT
The Business Of Identity, Access And Security V1.0
theonassiokas
 
PDF
Riskpro Information Risk Management
Manoj Jain
 
PPT
4 System For Information Security
Ana Meskovska
 
PPT
Identity Management: Risk Across The Enterprise
Perficient, Inc.
 
PDF
Riskpro information risk management
Rahul Bhan (CA, CIA, MBA)
 
PDF
Riskpro Information Risk Management
Rahul Bhan (CA, CIA, MBA)
 
PDF
Riskpro Information Risk Management
Rahul Bhan (CA, CIA, MBA)
 
PPTX
Unlocking the Benefits of ISO 27001 Certification for Information Security.pptx
udyam registration
 
PDF
G12: Implementation to Business Value
HyTrust
 
PPTX
iso-27001-compliance-framework-cybersecurity-india-defenderrabbit-2025.pptx
defencerabbit Team
 
PDF
CQI-IRCA 27001:2013 Lead Auditor Course
Desmond Muchetu
 
PDF
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
Tromenz Learning
 
PDF
CV jagroop jagpal
JagroopSinghJagpal
 
PPT
ClockworkISMS
Delaney
 
PDF
Bpo risk management
Rahul Bhan (CA, CIA, MBA)
 
PDF
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
proaxissolutions
 
PDF
ISO 27001 Certification What You Need to Know to Get Started.pdf
OFFICE
 
Unlocking the Benefits of ISO 27001 Certification for Information Security.pdf
udyam registration
 
ISO 27001 Certification-The Gold Standard for Information Security-IAS-GULF-UAE
sm0096157
 
ISO 27001 Certification-The Gold Standard for Information Security
sm0096157
 
The Business Of Identity, Access And Security V1.0
theonassiokas
 
Riskpro Information Risk Management
Manoj Jain
 
4 System For Information Security
Ana Meskovska
 
Identity Management: Risk Across The Enterprise
Perficient, Inc.
 
Riskpro information risk management
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Information Risk Management
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Information Risk Management
Rahul Bhan (CA, CIA, MBA)
 
Unlocking the Benefits of ISO 27001 Certification for Information Security.pptx
udyam registration
 
G12: Implementation to Business Value
HyTrust
 
iso-27001-compliance-framework-cybersecurity-india-defenderrabbit-2025.pptx
defencerabbit Team
 
CQI-IRCA 27001:2013 Lead Auditor Course
Desmond Muchetu
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
Tromenz Learning
 
CV jagroop jagpal
JagroopSinghJagpal
 
ClockworkISMS
Delaney
 
Bpo risk management
Rahul Bhan (CA, CIA, MBA)
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
proaxissolutions
 
ISO 27001 Certification What You Need to Know to Get Started.pdf
OFFICE
 

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
A Presentation on Artificial Intelligence
memembruh336
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Cloud computing and distributed systems.
kkkkkhan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 

ISO 27001 Certification - The Benefits and Challenges

  • 1. ISO27001:2005 Implementation: Benefits and Challenges 22 November 2011 Han van Thoor
  • 2. Subjects discussed: Challenges Managing management and peers Risk Assessment Statement of Applicability Post certification Benefits
  • 3. Challenges Manage managers Commitment : Is the implementation done because we have to due to our customers/legal reasons or is there a real security awareness within management ? Finance : Is there a real budget, is there a provision for unforseen costs ? Implementation times: how long do you have ?
  • 4. Challenges Manage peers Buy-in : Translate security policies into accepted work practices Managing change : People might have to change behaviour and procedures
  • 5. Challenges Risk Assessment Know your assets! Methodology
  • 6. Challenges Risk Assessment Methodology What are your Key Business Processes (KBP) What information assets are being used by the KPB's How valuable are the assets Score risks against assets to identify highest risks
  • 7. Challenges Example of a methodology (Integrity+Confidentiality+Availability)*(Likelihood)*(Value)
  • 9. Challenges Post- certification Maturing the ISMS
  • 10. SME versus Corporate Implementation Cost Complexity Time SME < 6 months € 0 - ?? Simple, few systems, people, direct lines Corporate < 18 months € 0 - ?? More complex, more systems,more people longer decision times
  • 11. Benefits Proof of security to third parties (for clients, partners and legal purposes) Competitive advantage: ‘documented quality’ by an independent authority Cost reductions through transparent, optimised structures. Security becomes an integral part of business processes Knowledge and monitoring of the IT risks and residual IT risks Documentation of structures and processes Increased employee awareness of security Evaluation of the organisation’s processes from a security point of view. Prioritising the security of the business operations: business continuity management Globally recognised standard Potential reduction in insurance premiums Referencing the IT process management standard (ITIL) to ISO 27001 Seamless transition from ISO 27001 in management systems to ISO 9000