Archive | At Work RSS feed for this section

Planning & Implementing ISO 27001

3 Aug

In Today’s modern era security is still a big challenge for any sized organizations until you don’t have some form of control in place. These controls are necessary as information is one of the most valuable assets that a business owns. If you are IT services Provider and handling customers information then you must have to use security techniques such as Information Security Management System (ISMS).

What is ISMS?

In Layman term, ISMS is a framework of policies and procedures that include all legal, physical and technical controls involved in overall organization’s information risk management processes. Let us now move to the main focus area of this post which is planning & implementing ISO 27001.

Planning the Implementation 

Before implementation of ISO 27001, one needs to consider the cost of implementation, duration of the project, understanding of the model. In today’s time, every organization who wants to cut the cost without compromising the information security are looking at ISO 27001 certification as a promising means to provide knowledge about their IT security. The major cost involved in ISMS can be categorized as :

  • Internal Cost, such as resource cost including HR function, IT function, and support functions.
  • External Cost, such as consultants cost and this would be again to minimize the efforts required and reduce the cost.
  • Certification Cost, this is one of the costs which cannot be reduced as there are few companies providing certification and one has to pay the certification cost certifying bodies.
  • Implementation Cost, this can be analyzed by gap analysis and risk assessment procedure.

Another question may arise in your mind, how much time is required to complete this certification? On an average, the time four to nine months is required depending on how mature an organization is in term of Information security, and size & nature of the organizations.

As any standard practice, ISO 27001 requires a company to establish, implement and maintain a continuous improvement approach to manage its ISMS and it follows Plan-do-check-act (PDCA) Cycle.

PDCA

  1. Phase 1—Identify Business Objectives.
  2. Phase 2—Obtain Management Support.
  3. Phase 3—Select the Proper Scope of Implementation.
  4. Phase 4—Define a Method of Risk Assessment.
  5. Phase 5—Prepare an Inventory of Information Assets to Protect, and Rank Assets According to Risk and Classification Based on Risk Assessment.
  6. Phase 6—Manage the Risks, and Create a Risk Treatment Plan.
  7. Phase 7—Set Up Policies and Procedures to Control Risks.
  8. Phase 8—Allocate Resources, and Train the Staff.
  9. Phase 9—Monitor the Implementation of the ISMS.
  10. Phase 10—Prepare for the Certification Audit.
  11. Phase 11—Conduct Periodic Reassessment Audits

Conclusion: The success of ISO 27001 is its alignment with the business objectives and effectiveness in realizing those objectives. IT and other departments/functions play an important role in the implementation phase. An organization also needs to have the detailed understanding of PDCA implementation phases.

In the next article in the same series, I’ll try to explain each phases mentioned in PDCA Cycle and highlights on the importance of ISO 27001.

Thanks for reading this article, share your views.

Blog Shifted

13 Sep

Dear Friends,

I got lot of support from you and I am very happy to let you know that Finally I have migrated from WordPress Hosting to own hosted Blog.

Yes, I believe WordPress is the best blogging platform available in market. So I have used wordpress again for my blog.

Here is a link for my New Blog :- http://mukundtechie.com

I request all my followers to visit my site and suggest me, What can be done to make it more interactive and pleasing to see posts.

All your feedback and suggestions are welcomed.

Thanks,

Mukund Chaudhary

New Blog : http://mukundtechie.com

 

What is Happiness?

5 Sep

According to Deepak Chopra, when you really get down to it, people say they want peace, harmony, laughter and love. He defines happiness as a subjective state of well-being, joy, and ease when you seem to be in the flow and things just happen as they are supposed to.

If you’re happy, he said, you’re going to be healthier, have better relationships, do good/meaningful work and be successful and abundant — not the other way around.

deepak-featured

 

 

 

 

 

 

 

 

 

 

Scientists, Deepak said, have found a “formula” for happiness. According to their research, happiness depends on 3 things:

Our brain’s set point for happiness. One person sees a problem where another sees an opportunity — some scientists say this is genetically determined. Researchers have shown that practicing meditation can change this biological set-point, along with cognitive therapy (changing your false beliefs that are making you depressed).

Our life situation. Are you healthy, do you have a nice house, did you win the lottery? This has actually found to be a very minor determinant of our happiness. These things can make us happy in the short-term, but down the road we will go back to the happiness set point. 15% of our happiness quotient, Deepak says, is actually based on our life situation.

Our voluntary actions – the choices we make. Making choices that lead to fulfillment, a deeper gratification, really makes us happy. Having a sense of accomplishment, making a difference in the lives of others or in the world, feeling inspired, intuitive, conscious. This can bring great happiness, and research has shown that making other people happy is what makes us the most happy.

transformation

%d bloggers like this: