Maintaining and updating your risk assessment using vsRisk
0 likes1,345 views
The document discusses maintaining and updating risk assessments. It recaps previous webinars on information security and risk management. Regular risk assessment reviews are required by ISO 27001 to account for changes to the organization, technology, objectives and threats. The vsRisk software helps with automated and compliant reviews by storing past data, comparing reviews, and providing audit logs. It was demonstrated and allows easy maintenance of ISO 27001 documentation.
Maintaining and updating your risk assessment using vsRisk
- 1. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Phil Hare Vigilant Software Thursday May 30th PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH THE GOTOWEBINAR QUESTION FUNCTION Maintaining and updating your risk assessment using vsRisk™
- 2. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Phil Hare • An information security professional with many years’ experience of information security risk assessments. • Heavily involved in the specification and creation of one of the leading software tools for ISO 27001 compliant risk assessments available today. • A broad knowledge of the technical, procedural, methodological and theoretical aspects of Information Security Risk Assessment. • Instrumental in successful ISMS development projects across a wide range of organisations.
- 3. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Today’s Webinar in Context • Today’s webinar is #4 in a series of 4 educational webinars. • The 4 webinars are designed to take you on a learning journey: • Webinar 1 - Why IS027001 for my Organisation? • Webinar 2 – The Importance of risk management • Webinar 3 – Carrying out a risk assessment using vsRisk • Webinar 4 (Today) – Maintaining/updating your risk assessment using vsRisk.
- 4. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Today’s Agenda • A short 20-30 minutes educational and informative talk: • Quick recap of last 3 week’s webinar – Why ISO 27001, the importance of risk management, and using vsRisk to carry out a risk assessment. • Why maintain and update your risk assessment? • Maintaining and update your risk assessment using vsRisk - software demonstration. • Ample time for Q&A. • Next steps including a special offer for vsRisk.
- 5. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Recap – last 3 webinars In the last 3 webinars we covered: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • Why should I and my organisation care about ISO 27001? • The importance of risk management. • Carrying out a risk assessment using vsRisk.
- 6. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why maintain/update your risk assessment? Reason 1 – Required by ISO27001 (clause 4.2.3.d) Review risk assessments at planned intervals and review the residual risks and the identified acceptable levels of risks, taking into account changes to: 1. the organization; 2. technology; 3. business objectives and processes; 4. identified threats; 5. effectiveness of the implemented controls; and 6. external events, such as changes to the legal or regulatory environment, changed contractual obligations, and changes in social climate.
- 7. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why review your risk assessment? Reason 2 – Risks do actually change…. Any change to the environment within which the Organisation operates will mean the ISMS should be reviewed – e.g. change in risk environment, business growth, change in legislation, change in supply chain…
- 8. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why review your risk assessment? Management’s attitude to risk changes – which could reflect changes in the funding cycle, the business environment, or in management! The Organisation should review its risk acceptance criteria to confirm that they still reflect the Management’s Risk Appetite
- 9. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Why is vsRisk unique? vsRisk is the only tool in its price range that integrates out-of-the-box in to an ISO 27001 management system, allowing users to carry out an automated, robust and extensive cyber security risk assessment of their organisation’s assets compliant with ISO 27001.
- 10. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 How does vsRisk help with review and maintenance? 1. It’s a database – so it stores data exactly as created last time around; 2. It has an automated process, which makes it very easy for a risk review to produce results comparable to those achieved the last time; 3. It’s easy to compare and contrast pre- and post- review states; 4. There’s even a built-in comment capability and an audit log
- 11. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 What does vsRisk already do for you? Integrated, out-of-the-box, into an ISO 27001 management system – vsRisk employs a risk assessment methodology that complies with ISO 27001 and ISO 27005, reducing the risk of non-compliance at audit of an ISO 27001 ISMS. Produced key ISO 27001 documentation – Statement of Applicability and Risk Treatment Plan ensure consistency in documentation quality and transparency across the risk management process initially and over time.
- 12. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 vsRisk - Demo Software demonstration – maintaining and updating a risk assessment using vsRisk.
- 13. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Next Steps – Special May offer of risk assessment software vsRisk • Purchases of vsRisk in May will include 1 years support and upgrades for free (worth £150). • To claim this offer, please visit www.vigilantsoftware.co.uk. • Offer valid until Thursday May 31st.
- 14. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Next Steps – Want to know more? • If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment using vsRisk, please visit http://www.vigilantsoftware.co.uk or email servicecentre@vigilantsoftware.co.uk. • Free trial of vsRisk available at http://www.vigilantsoftware.co.uk
- 15. “Intelligent, simplified risk assessment” Copyright © Vigilant Software Ltd 2013 Questions – we welcome them all! Please type your questions into the Gotowebinar question box – responses will be verbal and shared with all delegates.