Full width home advertisement

Post Page Advertisement [Top]

Hi Guys, recently I graduated from university where I focused mainly on IT Consulting with a big interest in the cybersecurity branch. Right after graduation, I started a business with a classmate of mine. With the business were a providing IT Consultancy related services.

Recently a company with around 40 - 50 employees in the software development branch asked us if we could help his company get ISO27001 certified. For my business partner and me, this sounded like a real opportunity as it spiked our interest! So we started to do some digging (also purchased the ISO/NEN27001 Norm) and currently following a course on ISO from Aron Lange on Udemy. But there are still a few topics that I'm not certain about.

* I know that ISMS is not a 'tool', but there are tools that can help you build your ISMS. As I'm fairly new to the 'ISO world' is it recommendable to advise the company to purchase a tool like Vanta, Drata, ISMS Online (or do you have any recommendations), or is looking up templates online and build a hierarchy in Github or SharePoint just fine?
* What is a typical price for a third-party ISMS, is between 5 - 10k a year a good estimation?
* Do you have any recommended places to learn more about how to get a company ISO27k1 certified? (I already found the
https://www.iso27001security.com/ toolkit)
* From a high overview standpoint is this a 'good order' on how to get started?




* Make sure management is onboard
* Determine Scope
* Take a null measurement by performing a risk assessment and write down the risk treatments.

* Initiate ISMS

* Setting up processes around Information Security within the organization
* Setting up the IS policy (making sure this is aligned with the business goals)


* Do a GAP-analysis between the as-is and to-be situation.
* Implement the processes and IS policy.
* Train employees on these changes and processes
* Monitor the current situation
* Do an internal audit
* Improvement; process the output of the internal audit.
* Time to get certified!!




I know it's a lot of questions, but I hope one of you guys could steer me in the right direction!

EDIT: During my time in Uni I worked at an IT company for four years that got certified each year during my time there. So I did have my fair share of time on the sideline.
Apart from that the customer is well aware that there will be a steep learning curve for my business partner and me. submitted by /u/maarten20012001
[link] [comments]


http://dlvr.it/T5XrMB

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib