Showing posts with label ISO 27001. Show all posts
Showing posts with label ISO 27001. Show all posts

Monday, 16 June 2014

4 Vital reasons why you need the ISO27001 standard

Information security management systems provide the basis for policies and procedures covering all legal, physical and technical aspects of an organisations information security. Information is an extremely valuable asset. It is therefore crucial that an organization design implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets.

ISO27001 is the internationally recognised standard for information security management systems. It’s one of the most highly regarded security specifications and is considered the best practice for IT security management. But why should you comply with it?

1. Control risk within the organisation

It’s hard to quantify your organisations security risk and even harder to validate it. Frank Ohlhorst, a regular contributor to TechRepublic describes how, “…the primary risk of risk management comes in the form of bad data, or more specifically, data resulting from incorrect intelligence.” Bad data can lead to bad decisions. But ‘bad’ doesn’t even begin to describe the consequences that these decisions can have on your organisation.

The ISO27001 standard ensures that you can identify and manage risk in a structured, methodical and ultimately effective manner.

'"Keep your information secure with ISO27001"
Image courtesy of  jscreationzs /

2. Avoid security catastrophes

According to the Online Trust Alliance, over 740 million online records were exposed in 2013, identifying it as the worst year ever for data breaches. Just a quick glance at this infographic from Information is Beautiful quickly illustrates the explosion in data breaches over the last decade. And whilst the proliferation of electronically stored data has a part to play in this, it is abundantly clear that even the world’s largest (and most technologically able) companies aren’t doing enough.

Information security breaches can shatter customer trust and devalue your business. ISO27001 operation helps your organisation to prevent incidents occurring as well as providing strategies to manage incidents if they do occur.

3. Get the competitive edge

You’re always going to have to compete with other organisations for business. Get the edge over them by proving that you comply with ISO27001; you’ll differentiate yourself from the competition. Prospective clients and customers will recognise this and often choose a supplier that holds an ISO27001 certificate over one that doesn’t.  

4. Grow your business

ISO27001 compliant recommends organisations maintain supply chain relationships with equally compliant suppliers. If you want to create and build long-lasting trade relationships with larger ISO27001 certified enterprises, you’ll need to comply with the standard too.  

"A webinar from Vigilant Software CEO - Alan Calder"

Get ISO27001 Certified

It takes skilled and experienced professionals to ensure that organisations meet the demanding ISO27001 requirements. Demonstrate leadership in your field by learning to plan, implement and monitor an ISO27001 standard, within your organisation or for others, with the ISO27001 Lead Implementer certification

Having an ISO27001 certified implementer within your organisation is a brilliant way to achieve that ISO27001 standard and ensure your ISMS remains secure.

If you’re already an experienced auditor, now might be a great time to make the leap and get the ISO27001 Lead Auditor cert . In only 3 days, you’ll gain the skills needed to plan and perform audits in compliance with the ISO27001 standard.

Wednesday, 8 May 2013

What is ISO 27001 and information security?


What is your data worth?

ISO 27001 logo 
Information is one of the most valuable assets in any organisation. Data loss costs companies millions, not to mention the damaged reputation. The Audit Commission has recently stated that 50% of all detected frauds are found by accident. Poor supervision of staff and lack of proper authorisation procedures are a major cause of security incidents.

Any information collected, stored, managed and transferred is an asset. It adds value to the business and must be protected. It can be your customers’ personal details or confidential financial data and can be printed or written on paper, electronically stored, etc…

What is information security?

Because of the increasing dependence of information systems, shared networks and distributed services like cloud computing, organisations are increasingly more vulnerable to security threats.

The Chartered Management Institute did a recent survey where 72% of businesses admitted that they were worried about the financial impact of cybercrime. Over 35% said they have had experienced with such attacks in 2010.

One of the major causes of security incidents is due to poor supervision of staff and a lack of proper authorisation procedures.

There are several ways companies try to prevent breaches. Some set heavy restrictions on all information, making ordinary tasks difficult. While others are laidback and permit access to all, making the company much more likely to suffer from security breaches cyber-crime and fraud.

For a business to run efficiently with low risk, they need the right balance between the two: this is where ISO 27001 comes in, the international standards for information security management.

Why your company needs ISO 27001

The purpose of information security management and auditing is to ensure business continuity and reduce business damage by preventing and minimising the impact of security incidents.

Strong information security is only possible when the security objectives are set out specifically for an organisation so they can be identified and addressed.

The framework, also known as the information security management system (ISMS) - that ISO 27001 identifies, requires that senior management:
  • Examine security risks, taking account of the threats, vulnerabilities and impacts;
  • Implement a logical and effective information security controls 
  • Create a reliable management process to ensure that the information security controls continue to keep the organisation secure

The PwC Information Security Breaches survey in 2010 found that “Two fifths of large organizations have been asked by customers to comply to ISO/IEC 27001” which continues to state that is is “increasingly becoming the lingua franca of information security”. Following the frameworks identified in ISO 27001 ensures your company that you are following the globally-agreed good practice with regard to the protection of information.

In another report by BSI, it was found that 87% of organisations implementing ISO 27001 confirming that the standard had ‘positive’ or ‘very positive’ outcomes, including an increased ability to respond to tenders.

Secure your data and information

We have two accelerated ISO 27001 courses - Lead Auditor and Lead Implementer. You'll learn how to plan and execute audits on your Information Security Management Systems.

These three-day courses are twice as fast as traditional training, and we're accredited by the PECB (Professional Evaluation and Certification Board).

Or get the latest ISO 22301 certifications - Lead Auditor and Lead Implementer.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.