How to address the main concerns with ISO 27001 implementation
by Dejan Kosutic - Monday, 4 November 2013.
4. The resources required to maintain the certification

Im afraid this concern shows one of the main myths about ISO 27001 that the documents are written only for the purpose of certification. Let me give you an example if you develop a Backup policy because you implement ISO 27001, will you require additional resources just because you are now complying with this policy? Or, what about if you performed backup normally before writing that policy, and now you want to make it clear to everyone how it is done?

My point is you shouldnt write the documents because of the auditor you have to write them for yourself. And if you do so, there are no additional resources required because such rules become part of your daily routine; in some cases you will even have a smaller amount of work because some problems (i.e. security incidents) wont happen again.

5. How much time will ISMS take me away from my main duties?

The answer to this question is very similar to that of the previous one, but I would add this of course you will need someone who will coordinate all the information security effort in your company. But if you have, e.g. 50 employees, this will require perhaps a couple of hours of work per week, so this could be someones task in parallel to his or her normal job. Only when you pass the number of 1000 employees in a company should you consider a full-time CISO but such an information security professional will probably save you so much money because of prevented incidents that such a move will certainly pay off. Register for a free webinar - ISO 27001: An overview of ISMS implementation process.

Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals its our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //