Más contenido relacionado Using vsRisk to carry out a Risk Assessment1. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Alan Calder and Phil Hare
Vigilant Software
Friday May 23rd 2013
PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING.
Q&A IS HANDLED THROUGH A COMBINATION OF WEBEX CHAT/TEXT AND VOICE
Carrying out a risk assessment using
vsRisk™
2. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Alan Calder
• CEO and founder of Vigilant Software
• Acknowledged information security/risk management
thought leader
• Managed the world’s first successful ISO 27001 (then
BS 7799) implementation project in 1996
• Frequent media commentator on risk management
issues
• Co-author of vsRisk™ – the definitive information
security risk assessment tool
3. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Webinar in Context
• Today’s webinar is #3 in a series of 4 educational
webinars.
• The 4 webinars are designed to take you on a learning
journey:
• Webinar 1 - Why ISO 27001?
• Webinar 2 – The Importance of risk management.
• Webinar 3 (Today) – Carrying out a risk assessment using
vsRisk
• Webinar 4 – Maintaining/updating your risk assessment using
vsRisk.
Registration details of future webinars at the end.
4. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Today’s Agenda
• A short 20-30 minutes educational and informative talk:
• Quick recap of last 2 week’s webinar – Why ISO 27001 and the
importance of risk management.
• What is an information security risk assessment?
• Carrying out an information security risk assessment using
vsRisk - software demonstration.
• Ample time for Q&A at the end (all attendees are on
mute to provide a clear line – please ask questions via
the Gotowebinar question panel).
• Next steps including 1 upcoming educational webinar.
5. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Recap – last 2 webinars
In the last 2 webinars we covered:
• What is information security?
• What is an information security management system (ISMS)?
• What is ISO 27001?
• Why should I and my organisation care about ISO 27001?
• The importance of risk management.
6. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is a risk assessment?
• A risk assessment is the core competence of
information security management.
• ISO 27001 explicitly asks for:
• a risk assessment to be carried out before any controls are
selected and implemented.
• every control to be justified by a risk assessment.
7. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is a risk assessment?
• The risk assessment must:
• Identify the threat/vulnerability combinations that have a
likelihood of impacting the confidentiality, availability or integrity
of each asset within a scope.
• This must be done from a business, compliance or contractual
perspective.
8. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What is a risk assessment?
• From completing a risk assessment:
• Spend on controls is balanced against business harm, likely to
result from security failures.
• Information security management decisions are entirely made
by the outcomes from a risk assessment.
9. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
How do I carry out a risk assessment?
• Modern software tools take the pain out of risk
assessment.
• vsRisk is the industry-leading ISO 27001-compliant risk
assessment tool.
• vsRisk has simplified and automated the information
security risk assessment process for many organisations
across the globe, both large and small.
10. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
What can vsRisk do for you?
• Simplification: minimises the manual hassle and
complexity from carrying out an ISO 27001 risk
assessment, saving time and resources.
• Replication: risk assessments can be repeated easily in
a standard format year after year.
• Generates Reports: for sharing across the business and
with auditors.
• Automation: the best and most efficient way to carry out
a risk assessment.
11. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Phil Hare
• An information security professional with many years’ experience of
information security risk assessments
• Heavily involved in the specification and creation of one of the
leading software tools for ISO 27001 compliant risk assessments
available today.
• A broad knowledge of the technical, procedural, methodological and
theoretical aspects of Information Security Risk Assessment.
• Instrumental in successful ISMS development projects across a
wide range of organisations. Currently the architect and product
manager for the Vigilant Software product suite, focusing on
incorporating a broad range of compliance objectives into a usable
and efficient software suite.
12. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
vsRisk - Demo
Software demonstration – carrying out a risk assessment
using vsRisk.
13. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Questions – we welcome them all!
Please type your questions into the Gotowebinar chat
window – responses will generally be verbal and shared
with all delegates.
14. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Upcoming Educational Webinar
• Maintaining and Updating your Risk Assessment using
vsRisk - Thursday May 30th, 4pm UK Time
• Register at www.vigilantsoftware.co.uk/webinars.aspx
15. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Before the next webinar…
Read a book…
Read the world's first practical e-book
guidance on achieving ISO27001
certification and the nine
essential steps to an effective ISMS
implementation.
Available for £25.95 (usually £29.95)
at
http://www.vigilantsoftware.co.uk/pr
oduct/1651.aspx
Download a free trial of vsRisk
The information security risk
assessment tool compliant to ISO
27001 that automates and
accelerates the risk management
process.
15-day free trial at
http://www.vigilantsoftware.co.uk
16. “The definitive risk assessment tool for ISO27001 certification”
Copyright © Vigilant Software Ltd 2013
Next Steps – Want to know more?
• If you would like to know more about IS027001, including
how to carry out an ISO27001-compliant risk
assessment using vsRisk, please visit
http://www.vigilantsoftware.co.uk or email
servicecentre@vigilantsoftware.co.uk.
• Free trial of vsRisk available at
http://www.vigilantsoftware.co.uk