How to Succeed in ISO 27001 Information Security Certification

Urpo Kaila
SpeakerUrpo Kaila
TrackLightning Talks -- Main Conference Auditorium
DescriptionNREN providers and sites are vulnerable for many kinds of technical and operational risks but risk mitigation is often implemented ad hoc or in a vague manner.  Perhaps the network providers, who have been pioneers in network and computer security, might have become somewhat arrogant in terms of ensuring security?
For efficient and effective security,  a systematic but yet agile approach is needed.  International standards provide guidance to implement best information security practices on both technical level and in management. The most well known international standard for information security is ISO/IEC 27001.
In this lightning talk, we will present how CSC, The Finnish IT Center for Science, has successfully implemented ISO 27001 Information Security Certification.

Our presentation will cover how to design a layered management system, how to support continuous improvement and how to pass a certification audit.  In the discussion we will reflect on the pros and cons of certifications, on how to implement compliance in both policies and operations,  and on how to ensure required controls but still be agile and support usability.

Presentation documents

All talks