1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ISO 27001 accreditation

Discussion in 'Computer Security' started by Notes_Bloke, Jul 19, 2010.

  1. Notes_Bloke

    Notes_Bloke Terabyte Poster

    Hi all,

    Just wondered if anyone had help manage or implement the ISO 27001 standard at the place you work(ed)?

    The reason I ask is; basically, the IT Manager has left our company leaving myself and one other guy running the show. Before he left he was working on the implementation, but it hadn't progressed very far.

    Anyway last week I was informed that it was now my project to get the company ISO 27001 accredited :rolleyes: ,but it is frying my brain just reading all the literature surrounding it!

    So I wondered if anyone had any tips/pointers etc?

    Certifications: 70-210, 70-215, A+,N+, Security+
  2. Consultant

    Consultant Bit Poster

    Firstly, please bear in mind that I'm talking about this with no understanding of your skill set or level of knowledge, so I'm answering this as it appears to me form your post.

    It's very important that security has top level buy-in, or it won't work as it should. To clarify, it's not sufficient to take the approach (as it seems your management have) to simply grab someone who can "do security" because they're somewhat technical.

    Security Policy should be implemented top down (with a domain expert and C Level buy-in), the bottom up approach simply doesn't work (find a techie and tell him he's now the security guy). The best thing I can do is tell you to read the first few chapters of the CISSP All in One book, which makes it really clear as to why and how improper security implementation can (and often will) fail.

    ISO 27001 is there to reassure the world that you're a safe and secure company to do business with, which means an overall change in approach to security, to me it seems like your management want take the "TestKings" approach to ISO 27001, and we all know how well that works!

    My recommendation would be to encourage them to put you through your CISSP (or similar) that gives you a good foundation to Security and to creating Security Policy, or if that's not your bag then they should be looking to hire a security professional with experience.

    Apols if you are qualified, etc, the original post didn't go into much detail.

    Hope this is helpful



    Certifications: ITIL v3 Foundation, MySQL OCA
  3. Eurocert

    Eurocert New Member

    benefits of operating with an ISO 27001 certified supplier include:
    Clearly outlined risk possession
    Prevention of harm to complete equity
    Consistent security policy across the organisation
    Continuous security improvement measures
    Minimal risk of knowledge loss through human error
  4. Thiru01

    Thiru01 Bit Poster

    First we understood the policy and objective of organization,
    Prepare ourselves a checklist to validate the organization to know the areas lacking.
  5. Thiru01

    Thiru01 Bit Poster

    ISO 27001 standard provides a systematic framework to effective security system and minimizing the risk of unknown users.

    ISO 27001 standards provide a structure for securing and managing information and relate to legal compliance, through this process which improves the performance of managing security information.
  6. Catalyic Consulting

    Catalyic Consulting New Member


    I believe you are quite petrified to go with the accreditation. it is indeed a difficult attempt as it has got a lot of documentation. I my view you should go for a training for Lead Implementer ISO 27001:2013 , the latest version. second option could be, you may hire a consultant that can help you with the completion of the accreditation process.

    Last edited by a moderator: Nov 11, 2013

Share This Page