![Page 1: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/1.jpg)
1
ISO 27001 Trends and Developments
Michael BrophyCEO
Certification Europe
![Page 2: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/2.jpg)
2
![Page 3: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/3.jpg)
3
Glo
ba
l take-u
p o
f ISO
27001
0
10
00
20
00
30
00
40
00
50
00
60
00
70
00
80
00
Apr-99
Jan-02
Jan-04
Dec-04
Nov-05
Jan-06
Oct-06
Jan-07
Feb-07
Mar-07
Apr-07
Aug-07
Oct-07
Dec-07
Aug-08
Dec-08
Sep-09
Nov-09
Dec-09
Dec-11
To
tal N
o. o
f ISO
27001 C
ertific
atio
ns
Tota
l
![Page 4: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/4.jpg)
4
Top Ten Countries with ISO 27001
0
500
1000
1500
2000
2500
3000
3500
4000
4500
Certificates
![Page 5: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/5.jpg)
5
Which sectors are prominent?
IT & IT Services (Security)
Financial Services
Government & Semi-State (extensive)
Telecoms
Printing
Software
Consultancy
Healthcare
Online Gambling & Betting *
Infrastructure *
![Page 6: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/6.jpg)
6
Why are organisations getting certified?
• First mover advantage still a factor, but not in the
ten major categories
• Tendering requirements
• Supply chain pressure
• In some sectors it is virtually a market requirement
(E.g. hosting and datacentres)
![Page 7: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/7.jpg)
7
What Standards or Guidelines have your customers required you to comply with?
Not aware of any such demands
Other
PCI (payment Card Industry)
Government related requirements
A recognised standard like ISO 27001
38%
32%
6%
16%
6%
30%
26%
37%
31%
41%
Large Organisations
Small Organisations
Source: PWC Information Security Breaches Survey 2010 fig 15
Why are organisations getting certified?
![Page 8: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/8.jpg)
8
![Page 9: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/9.jpg)
9
Recent Trends (1)
• High Profile Data Breaches
![Page 10: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/10.jpg)
10
Recent Trends (1)
• High Profile Data Breaches
![Page 11: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/11.jpg)
11
Recent Trends (2)
• Supply Chain Pressure
Security Policy Guidelines (Telefónica O2 UK only)O2 attaches particular importance to the security of its own, its employees’ and its customers’ data.The reference standard for O2’s security policies is ISO27001 and the suppliers shall comply with the principles of that standard at all times.
![Page 12: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/12.jpg)
12
Recent Trends (3)
• Major incidents
![Page 13: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/13.jpg)
13
Recent Trends (3)
• Major incidents
![Page 14: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/14.jpg)
14
Office of the Australian Information Commissioner:
“noted that the company had a wide range of security
safeguards in place for the protection of personal
information including physical, network,
communications security and maintained security
standards… ISO 27001”
Recent Trends (3)
• Major incidents
![Page 15: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/15.jpg)
15
![Page 16: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/16.jpg)
16
What is coming down the line (1)
• Expect to see ISO 27001 (& BS 25999)
featuring in many more tendering
requirements
• Particularly when IT services are
outsourced
![Page 17: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/17.jpg)
17
What is coming down the line (2)
• ISO 27001 used as a basis to address
the risks associated with Cloud
Computing
![Page 18: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/18.jpg)
18
What is coming down the line (3)
• Increasing reliance being placed upon
ISO 27001 by regulatory bodies
![Page 19: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/19.jpg)
19
What is coming down the line (3)
• APACS & Standard 55
![Page 20: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/20.jpg)
20
What is coming down the line (3)
• "Outsourcing requires not only a
written contract but also active
measures to ensure data is secure in
the “cloud”. If a cloud provider has
taken the trouble to certify to
recognised security standards such as
ISO 27001… this provides significant
reassurance about data security."
Irish Data Protection Commissioner Annual Report 2010
![Page 21: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/21.jpg)
21
What is coming down the line (3)
• Financial Services Authority (UK)
• "FSA Handbook" in SYSC 3A.7.8 that
"firms should have regard to
established security standards such as
ISO17799 (Information Security
Management)."
![Page 22: ISO 27001 Information Security Management Systems Trends and Developments](https://reader033.vdocuments.us/reader033/viewer/2022051323/54803f69b4af9faa158b5c8f/html5/thumbnails/22.jpg)
22
What is coming down the line (3)
• In essence evolving to become a key
tool in overall risk management as
opposed to an isolated activity