The "RISKY BUSINESS" Blog

Last week I spoke to a group of senior Information Security professionals at the CSO Breakfast Club Event held in Philadelphia PA. The topic 'Data Protection' was chosen specifically by the CSO Breakfast Club's founder, William Sieglein, 'to focus on the challenges our executive members face in trying to decide what data requires protection, where that data resides and how best to protect that data in a cost-effective manner.'

The meeting ended up as a spirited discussion of the challenges of securing data and determining which point solutions are best to address the most vexing issues. I recommended that they consider ISO 27001, as short of divine intervention, there is no 'silver bullet' for data protection. So having a 'road map' (like ISO 27001) is more and more critical.  I think that the 6K+ companies that have been certified over the last few years are a testament to the challenges we all face and the value of a road-map.

The benefits of 27001 are numerous but can be simplified to:

• It is a certifiable standard (you can prove you are secure to a known set of criteria).
• It simplifies information security into an overarching process (27001) and best practices (27002). No need to reinvent the wheel when thousands of folks have developed and vetted an approach and collection of controls.
• There is not a lot of new ground to learn - it is largely comprised of activities you are familiar with and your current control environment can easily be migrated into a 27001 ISMS.

Click on the image to download a copy of the presentation!