jueves, 11 de octubre de 2018

ISO 27001 Global Report 2018

Over the past ten years, the popularity of ISO 27001, the international standard that describes best practice for an ISMS (information security management system), has increased significantly.
As a global expert on ISO 27001, IT Governance has conducted research to explore the challenges and drivers behind the Standard’s increased adoption.
The findings provide useful insights for lead implementers, auditors, consultants and heads of security teams, and justify the continued growth and adoption of the Standard globally.

Download the report now to discover:

  • The relationship between ISO 27001 and the EU GDPR (General Data Protection Regulation), and why an increasing number of organisations are using the Standard to maintain compliance with the Regulation’s information security requirements;
  • The key drivers and benefits for implementing ISO 27001;
  • The main challenges and struggles encountered by organisations when implementing ISO 27001;
  • The average duration and cost of an ISO 27001 implementation project; 
  • How vulnerable organisations feel about coping with cyber attacks in an evolving threat landscape; and 
  • What other popular cyber security control sets are being used in addition to those provided by ISO 27001. 
The ISO 27001 Global Report 2018 is based on research carried out between 1st November 2017 and 30th March 2018 and presents the responses from 128 professionals around the world who have implemented, are implementing or intend to implement an ISO 27001-compliant ISMS. 

ISO 27001 Global Report 2018: top 3 key takeaways:

1) ISO 27001 aids GDPR compliance

ISO 27001 provides an excellent starting point for meeting the technical and operational requirements of the EU GDPR (General Data Protection Regulation). So, it’s no surprise that nearly half (48%) of respondents cited GDPR compliance as their key motivation for adopting the Standard.
Implementing a documented, ISO 27001-aligned ISMS (information security management system) can help your organisation achieve GDPR compliance, while providing unquestionable evidence that you have taken reasonable measures to address information security risks, which will be looked upon favourably by regulators.

2) Improving information security is the biggest driver for implementing ISO 27001

Respondents acknowledged the ease with which the Standard’s framework enables organisations to manage, monitor and improve their information security in one place, with 70% of respondents saying that improving their information security posture was the biggest driver for implementing ISO 27001.
Other key drivers included gaining a competitive advantage (57%), ensuring legal and regulatory compliance (52%), industry requirements to align with information security best practice (49%) and tendering for new business (46%).

3) Obtaining employee buy-in is a key challenge for organisations

You are only as strong as your weakest link, and an organisation’s biggest security risk is often its own employees. When it comes to improving your ability to guard against cyber threats, the best defensive strategy is creating a strong cyber security culture – from the executive boardroom to the reception desk.
So, it’s concerning that 51% of respondents cited obtaining employee buy-in and raising staff awareness as the “main challenge” when implementing ISO 27001.
The solution? Change your culture to generate tangible and lasting organisation-wide security awareness with a comprehensive staff awareness programme.

Fuente: www.itgovernance.co.uk

No hay comentarios: