Worried about the impacts of Cyber Crime? – What level of information risk is acceptable to your organisation?
Do you know how to conduct a ‘Gap Analysis’ against ISO27001 to identify the weak spots in your cyber defences?
Before your hard-earned business reputation hits the buffers, come to STEAM, the Museum of the Great Western Railway, Swindon, on the 18th of April, meet information security compliance experts from IT Governance and Certification International, and find out what ISO27001 can do to help you to assess the risks and plug the gaps in your system defences.
Join cyber security guru, Alan Calder, and learn more about the risk-based ISO27001 approach to securing your data.
Did you know that…
In ISO27001, an information security risk assessment is used to identify the security requirements of the organisation, and to then identify the security controls needed to bring that risk within an acceptable level for the organisation.
Once the security controls have been identified, ISO 27001 defines processes to ensure that a) these controls are implemented and are effective; and b) that the controls continue to meet the organisation’s developing security needs.
The key points here are that:
• The organisation decides what level of security it needs. The level of risk acceptable to the organisation is a management decision – ISO 27001 does not impose an acceptable level of risk. If management decides that a high risk of compromise of personal information is acceptable to the organisation, then ISO 27001 will provide a management framework to implement that.
• A risk assessment is used to identify the controls required by the organisation. However, ISO 27001 does not define the risk assessment method to be used. All that the standard requires is that you document the method, and use it.
• It is up to the organisation to select the security controls it needs, based on the risk assessment and the organisation’s acceptable level of risk (its ‘risk appetite’).
Are you ready to meet this challenge, become ISO27001 compliant and achieve certification through an accredited Certification Body such as Certification International?
Register online or call: 0845 070 1750. This is a day of highly-informative talks, practical workshops and one-to-one advice sessions to learn how your organisation will benefit from ISO27001 information security and the steps that you need to take to implement/maintain your ISMS – don’t miss out!
“As ISO27001 novices, Stuart and I found the day very informative and what we learned will certainly help shape our future plans.” [Delegate response from the first ISO27001 Information Security: Practical Guidance for Senior Managers, held on 26th February 2013].
For more information on how to plan your cyber security defences based on ISO27001 and keeping your business safe, download our free ‘green paper’ here >>