Define Objectives

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
module Titan
00:03
putting it all together with a plan.
00:09
Listen, 10.1
00:11
Define objectives
00:15
in this lesson. We will cover
00:17
have to define your objectives for undertaking your Isom s journey
00:22
and we'll give you some tips for planning.
00:29
So, yes, we have already defined information security objectives.
00:33
The objectives we're talking about here are basically serving toe. Answer the following questions.
00:38
Why do you want to implement a nice miss?
00:42
Why do you want to become? I saw 27,001 compliant.
00:46
You can still implement a nice limits and become my so 27,001 compliant without going down the certification route.
00:54
Knowing why you are doing this will also help you to decide whether or not becoming certified is worth it for your organization.
01:03
Here are some of the benefits of having a nice mess
01:06
as well as if you were to get it certified.
01:08
If top management wants to become certified purely because of the potential sales boost, that is fine as long as top management fully understand their role with regards to being actively involved and demonstratively supportive off uncommitted to the ice mess and its success.
01:26
If your organization is purely looking to put structures in place to have better information security throughout the organization.
01:33
That is also valid reason.
01:36
And if you have no external parties that are requiring a formal certification,
01:40
then you would probably not be rushing to be certified and would just enjoy the benefits off being ice 0 27,001. Compliant
01:49
surveillance orders will take place, usually on an annual basis.
01:53
Once your certification has been obtained,
01:57
these will repeat themselves until it's time for your re certification ordered,
02:00
which is usually within three years after being certified.
02:05
So bear in mind that when you make a decision to become certified, it's not a once or certification, and you get to end it there and let things slide back to the way they were before the ice. Amir's.
02:15
This is a continuous journey where you will have audits every year and you will always be improving on your ice mess.
02:25
So what are some of the benefits off a nice miss?
02:30
It helps with improved security posture.
02:34
It can improve risk management processes,
02:37
which can also lead to reduce risk, likelihood and impact.
02:42
It can help provide clear structures and objectives,
02:46
which increases efficiency and provides opportunities for cost savings.
02:51
It can also streamline controls while maintaining protection of assets.
02:58
So one of the benefits of certification
03:00
formal independent certification provides trust to customers and other stakeholders.
03:09
It can provide cost and time saving.
03:13
For example,
03:15
third parties can rely on the certification as opposed to having to do their own assessments.
03:22
Certification can provide a brand value boost,
03:25
and it clearly demonstrates top management commitment to information, security and governance within the organization.
03:46
As we mentioned previously,
03:47
the first and most important part of your SMS journey is to get top management, buy in and support
03:53
your face constant obstacles and have extremely slow progress without the full weight of top management. Behind you
04:00
and I SMS involves a lot of change within an organization
04:04
most people don't like change.
04:08
You will face resistance during the implementation process.
04:12
Top management support is important to help drive this cultural change within your organization.
04:17
Top management also needs to approve everything produced by the ice miss
04:21
and see the benefits it has to the organization.
04:26
And of course there is also the cost component.
04:29
Your expense requests relating to your Isom is probably won't be approved. If top management doesn't understand why these expenses are being incurred and what the return will be.
04:39
Putting all of the pros and cons in a business case and presenting this to your top management teams is often one of the most effective ways to get the buying that you need.
04:48
There are plenty of resource is online that give you the benefits of a nice mess and sample business cases that you can leverage off.
04:58
Your Isom s team is going to be responsible for doing the bulk of the implementation process.
05:02
This means coordinating the teams to get things done, working with top management to set and approved policies and procedures, as well as planning the or it's and so forth.
05:15
Let's go over some of the tips.
05:17
Get top management, buy, buy in and support
05:21
Establish your Eyes Mist team, as well as the roles and responsibilities for each one in the team.
05:28
Establish what your budget and timelines are for certification.
05:32
For example, you want to aim for certification in December 2021
05:39
train and include personal in other departments to assist,
05:44
create a project, plan off deliverables,
05:47
create and maintain a documentary positive
05:50
to ensure that your work is backed up as well as that is available to the team.
05:57
Start with Clark close form and spend enough time on it.
06:01
This frames and assists all the other areas within your ice. Amis
06:11
to summarize
06:12
in this lesson we covered defining some of the objectives and understanding why you are embarking on a nice 0 27,001 journey
06:20
as this will help you in your planning efforts.
06:24
We also covered some tips and tricks which may be useful in planning.
Up Next
ISO 27001:2013 - Information Security Management Systems

The ISO 27001:2013 - Information Security Management Systems course provides students with insights into the detail and practical understandings meant by the various clauses in the ISO 27001 Standard.

Instructed By