ISO 27001 accreditation

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

Just wondered if anyone had help manage or implement the ISO 27001 standard at the place you work(ed)?

The reason I ask is; basically, the IT Manager has left our company leaving myself and one other guy running the show. Before he left he was working on the implementation, but it hadn't progressed very far.

Anyway last week I was informed that it was now my project to get the company ISO 27001 accredited ,but it is frying my brain just reading all the literature surrounding it!

So I wondered if anyone had any tips/pointers etc?

Cheers
NB

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Firstly, please bear in mind that I'm talking about this with no understanding of your skill set or level of knowledge, so I'm answering this as it appears to me form your post.

It's very important that security has top level buy-in, or it won't work as it should. To clarify, it's not sufficient to take the approach (as it seems your management have) to simply grab someone who can "do security" because they're somewhat technical.

Security Policy should be implemented top down (with a domain expert and C Level buy-in), the bottom up approach simply doesn't work (find a techie and tell him he's now the security guy). The best thing I can do is tell you to read the first few chapters of the CISSP All in One book, which makes it really clear as to why and how improper security implementation can (and often will) fail.

ISO 27001 is there to reassure the world that you're a safe and secure company to do business with, which means an overall change in approach to security, to me it seems like your management want take the "TestKings" approach to ISO 27001, and we all know how well that works!

My recommendation would be to encourage them to put you through your CISSP (or similar) that gives you a good foundation to Security and to creating Security Policy, or if that's not your bag then they should be looking to hire a security professional with experience.

Apols if you are qualified, etc, the original post didn't go into much detail.

Hope this is helpful

Cheers

T.

 

benefits of operating with an ISO 27001 certified supplier include:
Clearly outlined risk possession
Prevention of harm to complete equity
Consistent security policy across the organisation
Continuous security improvement measures
Minimal risk of knowledge loss through human error

 

First we understood the policy and objective of organization,
Prepare ourselves a checklist to validate the organization to know the areas lacking.

 

ISO 27001 standard provides a systematic framework to effective security system and minimizing the risk of unknown users.

ISO 27001 standards provide a structure for securing and managing information and relate to legal compliance, through this process which improves the performance of managing security information.

 

Hi,

I believe you are quite petrified to go with the accreditation. it is indeed a difficult attempt as it has got a lot of documentation. I my view you should go for a training for Lead Implementer ISO 27001:2013 , the latest version. second option could be, you may hire a consultant that can help you with the completion of the accreditation process.



Regards