Risks to the Success of your ISMS
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
7 hours 52 minutes
risks to the success of your SMS.
In this video, we will cover a couple of risks that could jeopardize your ice mess.
This is something we've covered briefly in the previous sections, but it's worth coming back thio
before embarking on your ice mess journey and ideally around the same time that you're analyzing your internal and external needs,
as well as the requirements off internal and external parties during the context of your organization. Understanding.
Take the time to do an analysis off the risks that could stand in your way of achieving the objectives and results you want from your eyes. Mess.
So you want to be certified within six months.
A big risk here
There is the time factor,
depending on the size of your organization and the maturity of existing information, security controls and processes
that might not be enough time to get certified.
That, in itself is a risk.
How will admit risk be managed?
Will you reduce the certification scope
in other words, to mitigate the risk?
Or will you accept the risk and go ahead anyway?
These risks should be documented some way and tracked so that you can ensure that these air being managed
and that these risks mind suddenly jump out arbitrarily and affect your progress.
Let's look at a couple of examples.
One of the biggest risks to a nice amaze being successful
is the lack of top management support and commitment.
budgetary or financial constraints,
implementing an icy mess and especially getting it certified against the ice. A 27,001 standard
is not the cheapest process to go through.
There will be ordered costs involved,
as well as costs of ensuring that your team is appropriately trained, skilled
as well as the time
investment from the various resource is participating in the miss across the organization.
Another is to consider is resource constraints.
How busy are your current resource is? Will they be able to dedicate sufficient time
to the ice Ms Project?
Or will this be setting them up for failure both in the ice, um, s as well as in their existing job roles?
Consider the current ordered load on your organization.
Does your organization have multiple orders happening throughout the year for various compliance and regulatory reasons?
implementing an ice miss and especially getting it certified against the standard
will add additional orders.
Be careful of going into an ordered overload
and make sure that these are managed appropriately
and spaced out with sufficient time to allow staff to recover from
in order it
and get their day to day work done,
I say Recover as orders can be quite intense on staff and take up a lot of their time.
They can get frustrated and feel like they're not getting the normal day to day duties completed.
So just bear that in mind and be supportive way possible.
Consider any skill set or expertise constraints that you may have.
Do you have anyone in the organization that has in depth? Knowledge? Off is a 27,001
as well as implementing an ice miss
or even just knowledge within information security in general.
Ensure that these skills exist to some level in your organization
and that you have a plan to maintain and specialized these skills where necessary
factor in any time constraints that you may have,
as mentioned in the earlier example,
ensure that you give yourself enough time
to properly implement
and operator I Smith's prior to going through any certification orders
another is to consider. Is your organizational culture and adaptability
or the level of change acceptance
organizations that have a low acceptance, too?
Changes and new ways of doing things will probably resist your eye. Smith's strongly in the beginning
ensure that you spend the time to make sure that they understand what the ice messes about
and what their role is in this,
as well as overall benefits that this will give to the organization.
Lastly, considered instances whether where there are any soul dependency risks
having key people responsible for key tasks
means that you run the risk off. If something happens to that person
who takes over,
does anyone else have the knowledge to pick up and continue where they left off
and show that these risks are appropriately managed
and that there is someone on standby for that person receiving the appropriate training and cross Skilling
on ensuring the documentation is lift
so that the knowledge is transferrable to anyone else that requires it
in this lesson recovered examples of risks that could impact the success of your items
and why it is important to identify and manage these risks