1 / 18

ISO/IEC27001 Implementation

ISO/IEC27001 Implementation. Lecturer : Prof. Robert Dale. Department of Computing Hooran Mahmoudinasab Student ID : 41455398. Overview. What is International Organization for Standardization (ISO)?

waldemar-buckminster
Download Presentation

ISO/IEC27001 Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISO/IEC27001 Implementation Lecturer : Prof. Robert Dale • Department of Computing • Hooran Mahmoudinasab • Student ID : 41455398

  2. Overview • What is International Organization for Standardization (ISO)? The International Organization for Standardization (ISO) is an international organization that gives measurable quality to products and services which should increase reliability and operationality.

  3. International Standardization Organizations European Committee for Standardization (CEN) German Institute for Standardization (DIN) British Standards Institution (BSI) Austrian Standard Institute (ON) Switzerland Standardization Institution (SNV)

  4. ISO/IEC27001 • What is ISO/IEC27001? ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. Source : http://www.iso.org

  5. Benefits of ISO27001 • use within organizations to formulate security requirements and objectives • use within organizations as a way to ensure that security risks are cost effectively managed • use within organizations to ensure compliance with laws and regulations • use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met • definition of new information security management processes • identification and clarification of existing information security management processes • use by the management of organizations to determine the status of information security management activities • use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization • use by organizations to provide relevant information about information security policies directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons • implementation of business-enabling information security • use by organizations to provide relevant information about information security to customers Source : http://www.iso.org

  6. Statement of the Problem This research tries to find answer to the below question: Why is the distribution of ISO27001 holders different among the countries that hold the standard?

  7. ISO27001 To use or not to use

  8. ISO27001 Worldwide The Number of ISO27001 Holders Iceland 11 Sweden 7 Czech 66 Russia 10 Canada 3 UK 368 Bulgaria 2 Germany 108 Japan 2779 China 161 USA 77 Spain 25 Turkey 15 Italy 54 Korea 58 Morocco 2 Taiwan 183 Mexico 8 UAE 15 Bangladesh 1 Vietnam 3 India 426 Malaysia 26 Sri Lanka 4 Brazil 20 South Africa 5 Chile 3 Australia 28 New Zealand 1

  9. Reasons for Using ISO27001

  10. Research Model and Analysis What? • What International Standardization Organizations state about the benefits of the standard • What companies state about ISO27001 Implementation • Factors that affect number of ISO27001 holders : • Population • Total Number of Companies • Volume of Trade-Import and Export

  11. Analysis and Model of Research Where? ISO27001 Switzerland Germany UK Austria

  12. ISO7001 in Different Categories of Business

  13. Statistical Analysis (Population) Number of Registrations Population Total 1 366 60776238 60776604 193.11 60776410.89 154.774 0.000 2 110 82400996 82401106 261.83 82400844.17 88.040 0.000 3 24 8199783 8199807 26.05 8199780.95 0.162 0.000 4 5 7554661 7554666 24.00 7554642.00 15.046 0.000 Total 505 158931678 158932183 Chi-Sq = 258.023, DF = 3, P-Value = 0.000

  14. Statistical Analysis (Total Number of Companies) Number of Number of Registrations Companies Total 1 366 2016334 2016700 188.42 2016511.58 167.375 0.016 2 110 2915372 2915482 272.39 2915209.61 96.809 0.009 3 24 161708 161732 15.11 161716.89 5.230 0.000 4 5 311319 311324 29.09 311294.91 19.946 0.002 Total 505 5404733 5405238 Chi-Sq = 289.387, DF = 3, P-Value = 0.000

  15. Statistical Analysis (Export) Number of Number of Registrations Companies Total 1 366 2016334 2016700 188.42 2016511.58 167.375 0.016 2 110 2915372 2915482 272.39 2915209.61 96.809 0.009 3 24 161708 161732 15.11 161716.89 5.230 0.000 4 5 311319 311324 29.09 311294.91 19.946 0.002 Total 505 5404733 5405238 Chi-Sq = 289.387, DF = 3, P-Value = 0.000

  16. Statistical Analysis (Import) Number of Registrations Population Total 1 366 461076 461442 166.95 461275.05 237.334 0.086 2 110 718150 718260 259.86 718000.14 86.425 0.031 3 24 104489 104513 37.81 104475.19 5.045 0.002 4 5 111603 111608 40.38 111567.62 30.998 0.011 Total 505 1395318 1395823 Chi-Sq = 359.933, DF = 3, P-Value = 0.000

  17. Conclusion Factors that may not contribute to the discrepancy : • Total number of companies • Population • Volume of trade Factors that may contribute to the discrepancy : • Nature of activities of companies ? • Social factors ? • Government regulations and policies ? • Technology ? • Crime and Hacking ? • Other factors ?

  18. THE END

More Related