ISO 27000 - A Basis for Business Security Strategies

Workshop

When:: 16 Feb 2012
(Past)
Ref:: W991

Event output

Presentation 1: Allen & Overy (Presentation)
Presentation 2: Bupa (Presentation)
ISO 27000 - A Basis for Business Security Strategies (Report)
ISO 27000 - A Basis for Business Security Strategies (Executive Summary)
ISO 27000 - A Basis for Business Security Strategies (Top Tips)

"ISO27001 is a useful tool in setting up a security strategy. It is not prescriptive, and can be adapted. Many organisations do not seek certification, but rather use a cut down version that meets the organisation's security objectives."
Security Strategy and Policy Reality Checker, July 2011

Summary:

The recent tISS Security Strategy and Policy Reality Checker revealed that the majority of Forum members use the ISO 27000 series of Information Security Standards as a basis or guideline for their approach to corporate security.

Though relatively few responding organisations were ISO 27000 certified, many were currently either working towards this (over 60%), or following the best practice offered (over 70%). Additionally, there is considerable interest in how businesses are managing to 'push', or enforce, compliance across suppliers and partners.

This workshop will enable members to share their adoption - and adaptation - journeys and experiences; find out how what, why and how modifications have been made; and justify why certification is the right route for some, impractical for others.

Note: References to ISO 27000 are intended to cover the series of information security standards.

Speakers:

Bupa

Allen & Overy

Objectives:

To share knowledge and learn from the experience of corporate IT peers in achieving certification with ISO 27000, or in the potential application of ISO 27000 in their organisation.

Who should attend:

Senior IT professionals with a responsibility for, or interest in, ISO 27000 and the success of security strategies in corporate IT.

Agenda:

The final agenda will be developed through consultation amongst delegates - provisional discussion areas include:

Identifying and prioritising elements of ISO 27000 for your business. How do you establish the case for return on investment?
Tailoring to align with business needs and requirements
To certify, or adopt as best practice
Successful advocation of ISO 27000 across partners and suppliers
Maintaining compliance

Related Future Workshops

Related Resources

Related Q&As

Service Areas