Risks to the Success of your ISMS

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:01
Listen, 10.3
00:03
risks to the success of your SMS.
00:09
In this video, we will cover a couple of risks that could jeopardize your ice mess.
00:18
This is something we've covered briefly in the previous sections, but it's worth coming back thio
00:23
before embarking on your ice mess journey and ideally around the same time that you're analyzing your internal and external needs,
00:31
as well as the requirements off internal and external parties during the context of your organization. Understanding.
00:39
Take the time to do an analysis off the risks that could stand in your way of achieving the objectives and results you want from your eyes. Mess.
00:48
So you want to be certified within six months.
00:51
A big risk here
00:53
There is the time factor,
00:55
depending on the size of your organization and the maturity of existing information, security controls and processes
01:02
that might not be enough time to get certified.
01:06
That, in itself is a risk.
01:07
How will admit risk be managed?
01:10
Will you reduce the certification scope
01:12
in other words, to mitigate the risk?
01:15
Or will you accept the risk and go ahead anyway?
01:19
These risks should be documented some way and tracked so that you can ensure that these air being managed
01:26
and that these risks mind suddenly jump out arbitrarily and affect your progress.
01:33
Let's look at a couple of examples.
01:37
One of the biggest risks to a nice amaze being successful
01:40
is the lack of top management support and commitment.
01:46
Next
01:47
budgetary or financial constraints,
01:49
implementing an icy mess and especially getting it certified against the ice. A 27,001 standard
01:57
is not the cheapest process to go through.
02:00
There will be ordered costs involved,
02:02
as well as costs of ensuring that your team is appropriately trained, skilled
02:07
as well as the time
02:10
investment from the various resource is participating in the miss across the organization.
02:19
Another is to consider is resource constraints.
02:23
How busy are your current resource is? Will they be able to dedicate sufficient time
02:29
to the ice Ms Project?
02:31
Or will this be setting them up for failure both in the ice, um, s as well as in their existing job roles?
02:39
Consider the current ordered load on your organization.
02:45
Does your organization have multiple orders happening throughout the year for various compliance and regulatory reasons?
02:53
If Sir
02:54
implementing an ice miss and especially getting it certified against the standard
03:00
will add additional orders.
03:02
Be careful of going into an ordered overload
03:05
and make sure that these are managed appropriately
03:07
and spaced out with sufficient time to allow staff to recover from
03:13
in order it
03:15
and get their day to day work done,
03:16
I say Recover as orders can be quite intense on staff and take up a lot of their time.
03:23
They can get frustrated and feel like they're not getting the normal day to day duties completed.
03:28
So just bear that in mind and be supportive way possible.
03:34
Consider any skill set or expertise constraints that you may have.
03:38
Do you have anyone in the organization that has in depth? Knowledge? Off is a 27,001
03:45
as well as implementing an ice miss
03:49
or even just knowledge within information security in general.
03:53
Ensure that these skills exist to some level in your organization
03:58
and that you have a plan to maintain and specialized these skills where necessary
04:04
factor in any time constraints that you may have,
04:08
as mentioned in the earlier example,
04:11
ensure that you give yourself enough time
04:14
to properly implement
04:15
and operator I Smith's prior to going through any certification orders
04:23
another is to consider. Is your organizational culture and adaptability
04:28
or the level of change acceptance
04:32
organizations that have a low acceptance, too?
04:36
Changes and new ways of doing things will probably resist your eye. Smith's strongly in the beginning
04:45
ensure that you spend the time to make sure that they understand what the ice messes about
04:49
and what their role is in this,
04:53
as well as overall benefits that this will give to the organization.
05:00
Lastly, considered instances whether where there are any soul dependency risks
05:06
having key people responsible for key tasks
05:11
means that you run the risk off. If something happens to that person
05:15
who takes over,
05:15
does anyone else have the knowledge to pick up and continue where they left off
05:21
and show that these risks are appropriately managed
05:25
and that there is someone on standby for that person receiving the appropriate training and cross Skilling
05:31
on ensuring the documentation is lift
05:34
so that the knowledge is transferrable to anyone else that requires it
05:45
in this lesson recovered examples of risks that could impact the success of your items
05:50
and why it is important to identify and manage these risks
Up Next
ISO 27001:2013 - Information Security Management Systems

The ISO 27001:2013 - Information Security Management Systems course provides students with insights into the detail and practical understandings meant by the various clauses in the ISO 27001 Standard.

Instructed By