Board and Senior Management commitment and support is a critical success factor for the effective implementation of a best practice Information Security Management System (ISMS) or the ISO27001 standard.
ISMS and risk assessment is a fairly straightforward concept but it is so often overlooked, or worse, deliberately ignored. Management often consider information security to be purely an IT issue but this is fundamentally wrong; IT are the custodians of information and systems, not the owners of it. Control of information is a business task and understanding ownership of that information across the business is critical.
It is critical that Senior Management are fully supportive of the initiative and committed to it as part of the business plan; it is therefore an essential starting point to ensure that the Executive are fully informed about ISMS and/or ISO27001, the implications for the organisation and their responsibilities.
Our Executive Briefings are delivered by one of our Senior Management team and are fully tailored to each client’s specific requirements, our sessions typically include:
- A description of the “nuts and bolts” of ISO27001;
- An explanation of the asset ownership and risk management requirements;
- How an implementation project would “feel” to the business;
- A description of management responsibilities;
- How an ISMS should be implemented to extract the maximum business benefit;
- How an ISMS can underpin other governance requirements;
- An explanation of the various assurance benefits that a best practice security management system will achieve;
- A review of the likely internal resources required;
- A discussion around the typical remediation activities required; nad
- “Demystifying” ISMS and ISO27001 and challenging the common misconception that it is overly bureaucratic and difficult to implement.
It should be noted that this is not training, it is a facilitated executive session to address and talk through the topics described above in an interactive “workshop” style format; typically in a 1-2 hour session.