SlideShare une entreprise Scribd logo
1  sur  17
Télécharger pour lire hors ligne
Maintaining and updating your risk
   assessment using vsRisk™
          Alan Calder and Phil Hare
                         Vigilant Software
                              Thursday March 21st

    PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.
        Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE




 “The definitive risk assessment tool for ISO27001 certification”
                     Copyright © Vigilant Software Ltd 2013
Alan Calder
• CEO and founder of Vigilant Software
• Acknowledged information security/risk management
  thought leader
• Managed the world’s first successful ISO27001 (then
  BS7799) implementation project in 1996
• Frequent media commentator on risk management
  issues
• Co-author of vsRisk™ – the definitive cybersecurity risk
  assessment tool

       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
Today’s Webinar in Context
• Today’s webinar is #4 in a series of 4 educational
  webinars.
• The 4 webinars are designed to take you on a learning
  journey:
   •   Webinar 1 - Why IS027001 for my Organisation?
   •   Webinar 2 – The Importance of risk management
   •   Webinar 3 – Carrying out a risk assessment using vsRisk
   •   Webinar 4 (Today) – Maintaining/updating your risk assessment
       using vsRisk.



        “The definitive risk assessment tool for ISO27001 certification”
                            Copyright © Vigilant Software Ltd 2013
Today’s Agenda

• A short 20-30 minutes educational and informative talk:
   • Quick recap of last 3 week’s webinar – Why ISO 27001, the
     importance of risk management, and using vsRisk to carry out a
     risk assessment.
   • Why maintain and update your risk assessment?
   • Maintaining and update your risk assessment using vsRisk -
     software demonstration.


• Ample time for Q&A.
• Next steps including a special offer for vsRisk.

       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
Recap – last 3 webinars

In the last 3 webinars we covered:

   •   What is information security?
   •   What is an information security management system (ISMS)?
   •   What is ISO 27001?
   •   Why should I and my organisation care about ISO 27001?
   •   The importance of risk management.
   •   Carrying out a risk assessment using vsRisk.




        “The definitive risk assessment tool for ISO27001 certification”
                            Copyright © Vigilant Software Ltd 2013
Why maintain/update your risk assessment?

It is vitally important to maintain and update your ISMS for
two main reasons:

Reason 1 - Change of ISMS environment

Any change to the ISMS needs assessing – e.g. new job
roles, new equipment, business growth, change in
legislation, change in supply chain…


       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
Why maintain/update your risk assessment?
Reason 2 - ISO 27001 relies on the Plan-Do-Check-Act (PDCA)
approach.




        “The definitive risk assessment tool for ISO27001 certification”
                            Copyright © Vigilant Software Ltd 2013
Why maintain/update your risk assessment?

PDCA is a constant cycle of review and action.
Acceptance criteria (established before any actual assessment took
place) - should be reviewed.

It is wise to consider reducing the overall acceptance criteria of the
organisation before engaging in the next pass of the PDCA cycle,
updating the assessment as such and thus reducing the level of risk
overall.




         “The definitive risk assessment tool for ISO27001 certification”
                             Copyright © Vigilant Software Ltd 2013
Why is vsRisk unique?

vsRisk is the only tool in its price range that integrates
out-of-the-box in to an ISO 27001 management system,
allowing users to carry out an automated, robust and
extensive cyber security risk assessment of their
organisation’s assets compliant with ISO 27001.




       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
What can vsRisk do for you?

Automates assessment of information risk – the risk-
assessment wizard eliminates the opportunity for human
and spread sheet error, improving consistency across time,
and improving the robustness of risk management
decisions.

Accelerates the information risk assessment process –
vsRisk substantially reduces the time and cost required for
an ISMS project.

       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
What can vsRisk do for you? Contd.

Integrates, out-of-the-box, into an ISO 27001
management system – vsRisk employs a risk assessment
methodology that complies with ISO 27001 and ISO 27005,
reducing the risk of non-compliance at audit of an ISO
27001 ISMS.

Produces key ISO 27001 documentation – Statement of
Applicability and Risk Treatment Plan ensure consistency
in documentation quality and transparency across the risk
management process initially and over time.
       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
Phil Hare
• An information security professional with many years’ experience of
  information security risk assessments.

• Heavily involved in the specification and creation of one of the
  leading software tools for ISO 27001 compliant risk assessments
  available today.

• A broad knowledge of the technical, procedural, methodological and
  theoretical aspects of Information Security Risk Assessment.

• Instrumental in successful ISMS development projects across a
  wide range of organisations.
        “The definitive risk assessment tool for ISO27001 certification”
                            Copyright © Vigilant Software Ltd 2013
vsRisk - Demo

Software demonstration – maintaining and updating a risk
assessment using vsRisk.




       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
Next steps
Read a book…                                                   Buy and/or get a free trial of vsRisk




Read the world's first practical e-book                        The cyber security risk assessment
guidance on achieving ISO 27001                                tool compliant to ISO 27001 that
certification and the nine                                     automates and accelerates the risk
essential steps to an effective ISMS                           management process.
implementation.

Available for £29.95 at              Buy (£995 for Standalone) and/or
http://www.vigilantsoftware.co.uk/pr get a free trial at
oduct/1651.aspx                      http://www.vigilantsoftware.co.uk

          “The definitive risk assessment tool for ISO27001 certification”
                              Copyright © Vigilant Software Ltd 2013
Next Steps – Special March offer of risk
assessment software vsRisk
• Purchases of vsRisk in March will include for free a digital copy of
  the information security risk management standard, ISO 27005
  (worth £100) and a digital copy of the book Information Security Risk
  Management for ISO 27001/ISO 27002 (worth £39.95).

• To claim this offer, please visit www.vigilantsoftware.co.uk.

• Offer valid until Thursday March 28th.




         “The definitive risk assessment tool for ISO27001 certification”
                             Copyright © Vigilant Software Ltd 2013
Next Steps – Want to know more?


• If you would like to know more about ISO 27001,
  including how to carry out an ISO 27001-compliant risk
  assessment using vsRisk, please visit
  http://www.vigilantsoftware.co.uk or email
  servicecentre@vigilantsoftware.co.uk.

• Free trial of vsRisk available at
  http://www.vigilantsoftware.co.uk

       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013
Questions – we welcome them all!

Please type your questions into the Webex chat window –
responses will generally be verbal and shared with all
delegates.




       “The definitive risk assessment tool for ISO27001 certification”
                           Copyright © Vigilant Software Ltd 2013

Contenu connexe

Tendances

How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementLars Neupart
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security ServicesJad Bejjani
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 ImplementationPECB
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
Matteo Meucci Isaca Venice - 2017
Matteo Meucci  Isaca Venice - 2017Matteo Meucci  Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017Minded Security
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowDevOps.com
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
Cyber security service portfolio of Future Data Ltd
Cyber security service portfolio of Future Data LtdCyber security service portfolio of Future Data Ltd
Cyber security service portfolio of Future Data LtdSabrina Chan
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery  of ISO-27000 Se.(ISMS)Reporting about Overview Summery  of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 

Tendances (20)

How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk Management
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Data Consult - Managed Security Services
Data Consult - Managed Security ServicesData Consult - Managed Security Services
Data Consult - Managed Security Services
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
Matteo Meucci Isaca Venice - 2017
Matteo Meucci  Isaca Venice - 2017Matteo Meucci  Isaca Venice - 2017
Matteo Meucci Isaca Venice - 2017
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
Container Security: What Enterprises Need to Know
Container Security: What Enterprises Need to KnowContainer Security: What Enterprises Need to Know
Container Security: What Enterprises Need to Know
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
Cyber security service portfolio of Future Data Ltd
Cyber security service portfolio of Future Data LtdCyber security service portfolio of Future Data Ltd
Cyber security service portfolio of Future Data Ltd
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Protecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero ToleranceProtecting Critical Infastrucutre: Zero Tolerance
Protecting Critical Infastrucutre: Zero Tolerance
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in india
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery  of ISO-27000 Se.(ISMS)Reporting about Overview Summery  of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
 

En vedette

Balancing cost and risk migrating from windows server 2003 to the cloud
Balancing cost and risk  migrating from windows server 2003 to the cloud Balancing cost and risk  migrating from windows server 2003 to the cloud
Balancing cost and risk migrating from windows server 2003 to the cloud AppZero Inc
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Servicesmcloete
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Iso27001 Risk Assessment Approach
Iso27001   Risk Assessment ApproachIso27001   Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...Sebastiano Panichella
 
Gi Ambassadors workshops - Intro to blogging 2011
Gi Ambassadors workshops - Intro to blogging 2011Gi Ambassadors workshops - Intro to blogging 2011
Gi Ambassadors workshops - Intro to blogging 2011James Aspin
 
Nerea en londres
Nerea en londresNerea en londres
Nerea en londresPASCUAL1977
 
Production log
Production logProduction log
Production loghalo4robo
 
Catalogo Gicaballoons
Catalogo GicaballoonsCatalogo Gicaballoons
Catalogo Gicaballoonsgicaballoons
 
Social justice presentation
Social justice presentationSocial justice presentation
Social justice presentationmsilberberg
 
Com.epost.psf.szi
Com.epost.psf.sziCom.epost.psf.szi
Com.epost.psf.szismartepost
 
Grammar verb be
Grammar verb beGrammar verb be
Grammar verb bealemati
 
Struktur dan fungsi sel
Struktur dan fungsi selStruktur dan fungsi sel
Struktur dan fungsi seldwi_alam
 
Xd '13 april lc day review
Xd '13 april lc day reviewXd '13 april lc day review
Xd '13 april lc day reviewaiesechyderabad
 
Black Tea Testing #2 - Performance testing: why? when? how?
Black Tea Testing #2 - Performance testing: why? when? how?Black Tea Testing #2 - Performance testing: why? when? how?
Black Tea Testing #2 - Performance testing: why? when? how?Antonina_Burlachenko
 

En vedette (20)

Balancing cost and risk migrating from windows server 2003 to the cloud
Balancing cost and risk  migrating from windows server 2003 to the cloud Balancing cost and risk  migrating from windows server 2003 to the cloud
Balancing cost and risk migrating from windows server 2003 to the cloud
 
Iso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence AcquisitionIso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence Acquisition
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
Iso27001 Risk Assessment Approach
Iso27001   Risk Assessment ApproachIso27001   Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...How Developers’ Collaborations Identified from Different Sources Tell us Abou...
How Developers’ Collaborations Identified from Different Sources Tell us Abou...
 
Gi Ambassadors workshops - Intro to blogging 2011
Gi Ambassadors workshops - Intro to blogging 2011Gi Ambassadors workshops - Intro to blogging 2011
Gi Ambassadors workshops - Intro to blogging 2011
 
Vistaar
VistaarVistaar
Vistaar
 
Nerea en londres
Nerea en londresNerea en londres
Nerea en londres
 
Production log
Production logProduction log
Production log
 
Catalogo Gicaballoons
Catalogo GicaballoonsCatalogo Gicaballoons
Catalogo Gicaballoons
 
Chair pdf
Chair pdfChair pdf
Chair pdf
 
Social justice presentation
Social justice presentationSocial justice presentation
Social justice presentation
 
Com.epost.psf.szi
Com.epost.psf.sziCom.epost.psf.szi
Com.epost.psf.szi
 
Grammar verb be
Grammar verb beGrammar verb be
Grammar verb be
 
Struktur dan fungsi sel
Struktur dan fungsi selStruktur dan fungsi sel
Struktur dan fungsi sel
 
The ascent
The ascentThe ascent
The ascent
 
Chapter08
Chapter08Chapter08
Chapter08
 
Xd '13 april lc day review
Xd '13 april lc day reviewXd '13 april lc day review
Xd '13 april lc day review
 
Black Tea Testing #2 - Performance testing: why? when? how?
Black Tea Testing #2 - Performance testing: why? when? how?Black Tea Testing #2 - Performance testing: why? when? how?
Black Tea Testing #2 - Performance testing: why? when? how?
 

Similaire à Maintaining and updating your risk assessment using vsRisk

The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
vsRisk - features and benefits.ppt
vsRisk - features and benefits.pptvsRisk - features and benefits.ppt
vsRisk - features and benefits.pptscribdJobAN
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...PECB
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NA Putra
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity ServerProfesia Srl, Lynx Group
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...KMD
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 

Similaire à Maintaining and updating your risk assessment using vsRisk (20)

The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
vsRisk - features and benefits.ppt
vsRisk - features and benefits.pptvsRisk - features and benefits.ppt
vsRisk - features and benefits.ppt
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
Cloud Application Security Service
Cloud Application Security ServiceCloud Application Security Service
Cloud Application Security Service
 
Iso 27001 isms
Iso 27001 ismsIso 27001 isms
Iso 27001 isms
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001  Isaca Seminar (23 May 08)Iso27001  Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
#4 WSO2 masterclassitalia - ISO27000 compliant grazie a wso2 Identity Server
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Iso 27001 isms - white paper
Iso 27001   isms -   white paperIso 27001   isms -   white paper
Iso 27001 isms - white paper
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Qsys Profile
Qsys ProfileQsys Profile
Qsys Profile
 

Dernier

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Dernier (20)

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Maintaining and updating your risk assessment using vsRisk

  • 1. Maintaining and updating your risk assessment using vsRisk™ Alan Calder and Phil Hare Vigilant Software Thursday March 21st PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING. Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 2. Alan Calder • CEO and founder of Vigilant Software • Acknowledged information security/risk management thought leader • Managed the world’s first successful ISO27001 (then BS7799) implementation project in 1996 • Frequent media commentator on risk management issues • Co-author of vsRisk™ – the definitive cybersecurity risk assessment tool “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 3. Today’s Webinar in Context • Today’s webinar is #4 in a series of 4 educational webinars. • The 4 webinars are designed to take you on a learning journey: • Webinar 1 - Why IS027001 for my Organisation? • Webinar 2 – The Importance of risk management • Webinar 3 – Carrying out a risk assessment using vsRisk • Webinar 4 (Today) – Maintaining/updating your risk assessment using vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 4. Today’s Agenda • A short 20-30 minutes educational and informative talk: • Quick recap of last 3 week’s webinar – Why ISO 27001, the importance of risk management, and using vsRisk to carry out a risk assessment. • Why maintain and update your risk assessment? • Maintaining and update your risk assessment using vsRisk - software demonstration. • Ample time for Q&A. • Next steps including a special offer for vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 5. Recap – last 3 webinars In the last 3 webinars we covered: • What is information security? • What is an information security management system (ISMS)? • What is ISO 27001? • Why should I and my organisation care about ISO 27001? • The importance of risk management. • Carrying out a risk assessment using vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 6. Why maintain/update your risk assessment? It is vitally important to maintain and update your ISMS for two main reasons: Reason 1 - Change of ISMS environment Any change to the ISMS needs assessing – e.g. new job roles, new equipment, business growth, change in legislation, change in supply chain… “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 7. Why maintain/update your risk assessment? Reason 2 - ISO 27001 relies on the Plan-Do-Check-Act (PDCA) approach. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 8. Why maintain/update your risk assessment? PDCA is a constant cycle of review and action. Acceptance criteria (established before any actual assessment took place) - should be reviewed. It is wise to consider reducing the overall acceptance criteria of the organisation before engaging in the next pass of the PDCA cycle, updating the assessment as such and thus reducing the level of risk overall. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 9. Why is vsRisk unique? vsRisk is the only tool in its price range that integrates out-of-the-box in to an ISO 27001 management system, allowing users to carry out an automated, robust and extensive cyber security risk assessment of their organisation’s assets compliant with ISO 27001. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 10. What can vsRisk do for you? Automates assessment of information risk – the risk- assessment wizard eliminates the opportunity for human and spread sheet error, improving consistency across time, and improving the robustness of risk management decisions. Accelerates the information risk assessment process – vsRisk substantially reduces the time and cost required for an ISMS project. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 11. What can vsRisk do for you? Contd. Integrates, out-of-the-box, into an ISO 27001 management system – vsRisk employs a risk assessment methodology that complies with ISO 27001 and ISO 27005, reducing the risk of non-compliance at audit of an ISO 27001 ISMS. Produces key ISO 27001 documentation – Statement of Applicability and Risk Treatment Plan ensure consistency in documentation quality and transparency across the risk management process initially and over time. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 12. Phil Hare • An information security professional with many years’ experience of information security risk assessments. • Heavily involved in the specification and creation of one of the leading software tools for ISO 27001 compliant risk assessments available today. • A broad knowledge of the technical, procedural, methodological and theoretical aspects of Information Security Risk Assessment. • Instrumental in successful ISMS development projects across a wide range of organisations. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 13. vsRisk - Demo Software demonstration – maintaining and updating a risk assessment using vsRisk. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 14. Next steps Read a book… Buy and/or get a free trial of vsRisk Read the world's first practical e-book The cyber security risk assessment guidance on achieving ISO 27001 tool compliant to ISO 27001 that certification and the nine automates and accelerates the risk essential steps to an effective ISMS management process. implementation. Available for £29.95 at Buy (£995 for Standalone) and/or http://www.vigilantsoftware.co.uk/pr get a free trial at oduct/1651.aspx http://www.vigilantsoftware.co.uk “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 15. Next Steps – Special March offer of risk assessment software vsRisk • Purchases of vsRisk in March will include for free a digital copy of the information security risk management standard, ISO 27005 (worth £100) and a digital copy of the book Information Security Risk Management for ISO 27001/ISO 27002 (worth £39.95). • To claim this offer, please visit www.vigilantsoftware.co.uk. • Offer valid until Thursday March 28th. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 16. Next Steps – Want to know more? • If you would like to know more about ISO 27001, including how to carry out an ISO 27001-compliant risk assessment using vsRisk, please visit http://www.vigilantsoftware.co.uk or email servicecentre@vigilantsoftware.co.uk. • Free trial of vsRisk available at http://www.vigilantsoftware.co.uk “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013
  • 17. Questions – we welcome them all! Please type your questions into the Webex chat window – responses will generally be verbal and shared with all delegates. “The definitive risk assessment tool for ISO27001 certification” Copyright © Vigilant Software Ltd 2013