ISO27001 Overview – Vital Advisory

ISO 27001 Information Security Management System

ISO 27001 provides a structured governance approach to protecting your critical assets

As security risks become evermore sophisticated, and customer expectations around data protection influence their decisions on who to do business with, it’s clear that unstructured approaches to information security cannot address the realities of doing business toady.

ISO 27001 offers a coherent approach to information security which ensures response is tied to real security concerns. ISO 27001 considers your whole-of-business context: business drivers, security imperatives, customer expectations and regulatory requirements.

The benefits of ISO 27001

The aim of security is to ensure outcomes for business and customers. A well-structured ISO 27001 Information Security Management System (ISMS) focuses upon achieving genuine business value:

Risk Management

An ISMS provides a continual, cyclic approach to understanding, evaluating and addressing risk. More than just technical responses, ISO 27001 encourages examination of your organisation’s full risk landscape.

Regulatory Compliance

The growing complexity in meeting national and international information security and privacy regulations – whether directly, or as a supplier for an organisation with compliance requirements – is best addressed through the structured security of an ISMS framework.

Tailored Security

Instead of piecemeal reactions to threats which have already hurt your business, an ISMS organises security so that you firstly understand what you have to protect, the genuine risks those assets face, and what treatments are called for. An ISMS means you focus security spend only on the areas where it is needed.

Reputation

Instead of piecemeal reactions to threats which have already hurt your business, an ISMS organises security so that you firstly understand what you have to protect, the genuine risks those assets face, and what treatments are called for. An ISMS means you focus security spend only on the areas where it is needed.

Whole of Enterprise Approach

Security is only effective when it embraces the totality of an organisation’s activities.

We don’t focus on technology-based solutions – we develop organisational capabilities to address genuine security challenges. Vital Advisory work in partnership with your business to build a complete understanding of your security requirements, capabilities and the change needed to accomplish your security goals. Our methodology for a typical engagement takes clients through four stages:

1

+ Understand the Business
Firstly we construct a clear picture of your business situation: your strategic goals; the functions organisational units perform; the information assets they manage; the systems they rely upon; the stakeholders they interact with; external compliance obligations; and more.

2

+ Understand the Risks
Having built a clear map of your business processes, we use this information to identify risks your information assets face, who has responsibility, and potential impacts. This allows us to construct a prioritised image of the risks you face and where security investment and process changes can best protect your goals.

3

+ Build Your Security Strategy
We document and action processes to uplift your security practice. This includes:
• business processes for information security
• IT and Security strategy
• security control implementation
• structures for monitoring, review and improvement of security practice
Our unique approach to documentation distills knowledge – using a “One Page” approach – so that the outcomes are easily understood and adopted by business teams to become an active part of BAU.

4

+ Put Security Practice into Operation
Ongoing security improvement underpins successful business. We put in place the elements to make security a core component of business operations, which strengthen over time. These elements include:
• commitment of the Board and senior management
• staff security training and engagement
• monitoring of risk and the effectiveness of security controls
• audit of security organisation and practice
• regular programme updates to reaffirm security effectiveness

By applying these four strategies, we ensure that the totality of your information security requirements are identified, addressed, and managed efficiently. Security aligns with your core business goals and becomes a tool to win new business, not remain a cost and complexity burden. Talk with a security adviser to find out how to reach your security objectives: call us on +61 420 978 258.

Learn more about Vital Advisory ISO 27001 Services

Vital Advisory has a range of ISO 27001 related services designed to either assist you directly, or provide you with the capabilities to build your ISMS in-house. Learn more with the following options:

ISO 27001 Pathways

Right Fit for Risk

ISO 27001 Training

DIY ISO 27001 Webinars

Contact Vital Advisory

If you’d like to discus how we can help you with your security and governance objectives Contact Vital Advisory today.

Security Strategy & Architecture

Strategic planning and review
Information security risk and opportunities mapping
Security investment planning and improvement prioritisation
Architecture review and documentation
Security technology research, trend, analysis and recommendation

ISMS - ISO/IEC 27001

End-to-end ISMS implementation
Capability assessment & gap analysis
Project planning & roadmap documentation
Certification advisory & assistance
Information security risk assessment
Security policies, procedures documentation
Internal ISMS audit
ISMS training and awareness

Security Compliance

ISO 27001
CPS 234
Privacy
PCI DSS
ISM/PSPF
NIST
STAR certification

Security Advisory or Implementation

Build an information security strategy
Hire or develop a world-class CISO
Improve security practices
Implement a governance, risk, and compliance (GRC) framework
Design and implement a vulnerability management program
Develop and implement a security incident management program