The webinar covers:
• ISO 27001 worldwide today
• Why ISO 27001?
• Roadmap to implement it
Presenter:
This webinar was presented by PECB Certified Trainer Paulo Porfirio, who has more than 15 years of experience in information security related to banking, telecommunication and utilities. He has been part of the development for few organizations in Europe and US. Mr. Porfirio has also audited many companies in Europe, South America, and US.
Link of the recorded session published on YouTube: https://youtu.be/bE-l5EQYXM8
5. 5
ISO 27001 worldwide
Source: ISO Annual Survey
Number of Certificates
Year 2006 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 5797 7732 9246 12935 15626 17355 19620 22349 23972
Africa 6 10 16 47 46 40 64 99 81
Central / South America 18 38 72 100 117 150 203 272 277
North America 79 112 212 322 329 435 552 712 836
Europe 1064 1432 2172 3563 4800 5289 6379 7952 8710
East Asia and Pacific 4210 5550 5807 7394 8788 9665 10422 10861 11303
Central and South Asia 383 519 839 1303 1328 1497 1668 2002 2253
Middle East 37 71 128 206 218 279 332 451 512
Regional share - in %
Year 2006 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 100% 100% 100% 100% 100% 100% 100% 100% 100%
Africa 0.1% 0.1% 0.2% 0.4% 0.3% 0.2% 0.3% 0.4% 0.3%
Central / South America 0.3% 0.5% 0.8% 0.8% 0.7% 0.9% 1.0% 1.2% 1.2%
North America 1.4% 1.4% 2.3% 2.5% 2.1% 2.5% 2.8% 3.2% 3.5%
Europe 18.4% 18.5% 23.5% 27.5% 30.7% 31.1% 32.5% 35.6% 36.3%
East Asia and Pacific 72.6% 71.8% 62.8% 57.2% 56.2% 55.2% 53.1% 48.6% 47.2%
Central and South Asia 6.6% 6.7% 9.1% 10.1% 8.5% 8.5% 8.5% 9.0% 9.4%
Middle East 0.6% 0.9% 1.4% 1.6% 1.4% 1.6% 1.7% 2.0% 2.1%
6. 6
ISO 27001 worldwide
Annual growth - absolute numbers
Year 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 1935 1514 3689 2691 1883 2265 2729 1623
Africa 4 6 31 -1 -6 24 35 -18
Central / South America 20 34 28 17 33 53 69 5
North America 33 100 110 7 104 117 160 124
Europe 368 740 1391 1237 646 1090 1573 758
East Asia and Pacific 1340 257 1587 1394 876 757 439 442
Central and South Asia 136 320 464 25 169 171 334 251
Middle East 34 57 78 12 61 53 119 61
Annual growth - in %
Year 2007 2008 2009 2010 2011 2012 2013 2014
TOTAL 33% 20% 40% 21% 12% 13% 14% 7%
Africa 67% 60% 194% -2% -13% 60% 55% -18%
Central / South America 111% 89% 39% 17% 28% 35% 34% 2%
North America 42% 89% 52% 2% 32% 27% 29% 17%
Europe 35% 52% 64% 35% 13% 21% 25% 10%
East Asia and Pacific 32% 5% 27% 19% 10% 8% 4% 4%
Central and South Asia 36% 62% 55% 2% 13% 11% 20% 13%
Middle East 92% 80% 61% 6% 28% 19% 36% 14%
Source: ISO Annual Survey
7. 7
ISO 27001 worldwide
Top 10 countries for ISO/IEC 27001 growth - 2014
1 United Kingdom 338
2 China 292
3 India 239
4 Australia 101
5 United States of America 98
6 Ireland 77
7 Italy 69
8 Germany 59
Source: ISO Annual Survey
8. 8
ISO 27001 worldwide
Top five industrial sectors for ISO/IEC 27001 certificates 2014
1 Information technology 4933
2 Other Services 867
3 Construction 454
4 Transport, storage and communication 327
5 Electrical and optical equipment 287
Source: ISO Annual Survey
9. 9
ISO 27001 worldwide
Top 10 countries for ISO/IEC 27001 certificates - 2014
1 Japan 7181
2 United Kingdom 2261
3 India 2170
4 China 2002
5 Italy 970
6 Romania 893
7 Taipei, Chinese 781
8 Spain 701
9 United States of America 664
10 Germany 640
Source: ISO Annual Survey
11. 11
Why ISO 27001
• Sony Pictures - a major online attack that
resulted in employees’ personal data and
corporate correspondence being leaked
• JPMorgan Chase & Co. a data breach that
affected 76 million households and seven million
small businesses
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
12. 12
Why ISO 27001
Global study at a glance
• 350 companies in 11 countries
• $3.79 million is the average total cost of a data breach
• 23% increase in total cost of data breach since 2013
• $154 is the average cost per lost or stolen record
• 12% percent increase in per capita cost since 2013
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
13. 13
Why ISO 27001
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
The three major reasons contributing to a higher cost of
data breach in 2015:
• Cyber attacks have increased in frequency and in the cost to
remediate the consequences
• The consequences of lost business are having a greater impact on
the cost of data breach
• Data breach costs associated with detection and escalation increased
14. 14
Why ISO 27001
• Hackers and criminal insiders cause the most data breaches
• Forty-seven percent of all breaches in this year’s study were
caused by malicious or criminal attacks
• The loss of customers increases the cost of data breach
• Business continuity management plays an important role in
reducing the cost of data breach
2015 Cost of Data Breach Study: Global Analysis – IBM & Ponemon Institute
15. 15
Why ISO 27001
• Cyber Terrorism
• Cyber Wars
• Cyber Crime
(surpasses “old” weapons and drugs)
17. 17
Why ISO 27001
What about Compliance???
International
encryption laws
Legal/Regulatory
requirements
18. 18
Why ISO 27001
Why ISO 27001?
• It is the only internationally recognized standard
• Powerful framework/tool to manage information security
• Must have for global presence and demanding market
• Improves processes and reduces costs
• Allows better management decisions
• Manages risks proactively
• Improves resilience and business continuity
• Increases competitiveness
19. 19
Roadmap to implement ISO 27001
ISO 27001 is a management system so it follows the PDCA approach
20. 20
Roadmap to implement ISO 27001
1 - Define scope
• Most important step
• Narrow enough but still adds value
21. 21
Roadmap to implement ISO 27001
Don’t know the scope?
• What information to protect?
• Who owns it?
22. 22
Roadmap to implement ISO 27001
2 – Get Commitment and Leadership
• Upper and middle management
• Define Infosec Policy
31. 31
Roadmap to implement ISO 27001
ISMS Manager Software
• Section 4-10 Navigation Tabs & Cross-Reference
• GRC - Annex A Mapping & Compliance
• Task Management
• Risk Assessment
• All modules included in a Low Cost affordable software!
• Free 15 day trial
32. 32
Roadmap to implement ISO 27001
ISO Manager is an international Software as a Service (SaaS) product
that provides the most comprehensive management of ISO 27001
Sections 4-10.
• Created by ISO 27001 Experts
• Section 4-10 Navigation Tab
• Annex A Mapping to Statement of Applicability
• Governance, Risk & Compliance (GRC) mapping
• Task Management
• Risk Assessment
• Low Cost affordable software!
• Free 15 day trial
• Become a Reseller in your Country/Region!
www.ISOmanager.com
33. 33
Questions
Paulo Porfirio
Cell: +1 651 253 3612
Paulo.Porfirio@securastar.com
www.limkedIn.com/ln/paulop
PECB Certified Trainer
PECB Certified ISO 27001 Master
PECB ISO 27001 Lead Risk Manager
IRCA certified ISO 27001:2013 Lead Auditor
CISA – Certified Information Systems Auditor
CISM – Certified Information Security Manager
AMBCI – Associate Member of the Business Continuity Institute
ISO/IEC 27001 Lead Implementer
Certified ISO 20000 Consultant (itSMF)