ISO 27001 in the world today 1
Agenda ISO 27001 worldwide Why ISO 27001 Framework to implement ISO 27001 2
ISO 27001 worldwide Source: ISO Annual Survey 3
ISO 27001 worldwide Number of Certificates Year 2006 2007 2008 2009 2010 2011 2012 2013 2014 TOTAL 5797 7732 9246 12935 15626 17355 19620 22349 23972 Africa 6 10 16 47 46 40 64 99 81 Central / South America 18 38 72 100 117 150 203 272 277 North America 79 112 212 322 329 435 552 712 836 Europe 1064 1432 2172 3563 4800 5289 6379 7952 8710 East Asia and Pacific 4210 5550 5807 7394 8788 9665 10422 10861 11303 Central and South Asia 383 519 839 1303 1328 1497 1668 2002 2253 Middle East 37 71 128 206 218 279 332 451 512 Regional share - in % Year 2006 2007 2008 2009 2010 2011 2012 2013 2014 TOTAL 100% 100% 100% 100% 100% 100% 100% 100% 100% Africa 0.1% 0.1% 0.2% 0.4% 0.3% 0.2% 0.3% 0.4% 0.3% Central / South America 0.3% 0.5% 0.8% 0.8% 0.7% 0.9% 1.0% 1.2% 1.2% North America 1.4% 1.4% 2.3% 2.5% 2.1% 2.5% 2.8% 3.2% 3.5% Europe 18.4% 18.5% 23.5% 27.5% 30.7% 31.1% 32.5% 35.6% 36.3% East Asia and Pacific 72.6% 71.8% 62.8% 57.2% 56.2% 55.2% 53.1% 48.6% 47.2% Central and South Asia 6.6% 6.7% 9.1% 10.1% 8.5% 8.5% 8.5% 9.0% 9.4% Middle East 0.6% 0.9% 1.4% 1.6% 1.4% 1.6% 1.7% 2.0% 2.1% Source: ISO Annual Survey 4
ISO 27001 worldwide Annual growth - absolute numbers Year 2007 2008 2009 2010 2011 2012 2013 2014 TOTAL 1935 1514 3689 2691 1883 2265 2729 1623 Africa 4 6 31-1 -6 24 35-18 Central / South America 20 34 28 17 33 53 69 5 North America 33 100 110 7 104 117 160 124 Europe 368 740 1391 1237 646 1090 1573 758 East Asia and Pacific 1340 257 1587 1394 876 757 439 442 Central and South Asia 136 320 464 25 169 171 334 251 Middle East 34 57 78 12 61 53 119 61 Annual growth - in % Year 2007 2008 2009 2010 2011 2012 2013 2014 TOTAL 33% 20% 40% 21% 12% 13% 14% 7% Africa 67% 60% 194% -2% -13% 60% 55% -18% Central / South America 111% 89% 39% 17% 28% 35% 34% 2% North America 42% 89% 52% 2% 32% 27% 29% 17% Europe 35% 52% 64% 35% 13% 21% 25% 10% East Asia and Pacific 32% 5% 27% 19% 10% 8% 4% 4% Central and South Asia 36% 62% 55% 2% 13% 11% 20% 13% Middle East 92% 80% 61% 6% 28% 19% 36% 14% Source: ISO Annual Survey 5
ISO 27001 worldwide Top 10 countries for ISO/IEC 27001 growth - 2014 1 United Kingdom 338 2 China 292 3 India 239 4 Australia 101 5 United States of America 98 6 Ireland 77 7 Italy 69 8 Germany 59 Source: ISO Annual Survey 6
ISO 27001 worldwide Top five industrial sectors for ISO/IEC 27001 certificates 2014 1 Information technology 4933 2 Other Services 867 3 Construction 454 4 Transport, storage and communication 327 5 Electrical and optical equipment 287 Source: ISO Annual Survey 7
ISO 27001 worldwide Top 10 countries for ISO/IEC 27001 certificates - 2014 1 Japan 7181 2 United Kingdom 2261 3 India 2170 4 China 2002 5 Italy 970 6 Romania 893 7 Taipei, Chinese 781 8 Spain 701 9 United States of America 664 10 Germany 640 Source: ISO Annual Survey 8
ISO 27001 worldwide Why only 664 In the USA? Local Frameworks & Control Catalogues Few Frameworks or Control Catalogues 9
Why ISO 27001 Sony Pictures - a major online attack that resulted in employees personal data and corporate correspondence being leaked JPMorgan Chase & Co. a data breach that affected 76 million households and seven million small businesses 2015 Cost of Data Breach Study: Global Analysis IBM & Ponemon Institute 10
Why ISO 27001 Global study at a glance 350 companies in 11 countries $3.79 million is the average total cost of a data breach 23% increase in total cost of data breach since 2013 $154 is the average cost per lost or stolen record 12% percent increase in per capita cost since 2013 2015 Cost of Data Breach Study: Global Analysis IBM & Ponemon Institute 11
Why ISO 27001 The three major reasons contributing to a higher cost of data breach in 2015: Cyber attacks have increased in frequency and in the cost to remediate the consequences The consequences of lost business are having a greater impact on the cost of data breach Data breach costs associated with detection and escalation increased 2015 Cost of Data Breach Study: Global Analysis IBM & Ponemon Institute 12
Why ISO 27001 Hackers and criminal insiders cause the most data breaches Forty-seven percent of all breaches in this year s study were caused by malicious or criminal attacks The loss of customers increases the cost of data breach Business continuity management plays an important role in reducing the cost of data breach 2015 Cost of Data Breach Study: Global Analysis IBM & Ponemon Institute 13
Why ISO 27001 Cyber Terrorism Cyber Wars Cyber Crime (surpasses old weapons and drugs) 14
Why ISO 27001 Some other threats out there... Ransomware Worms Spyware Trojan horses 15
Why ISO 27001 What about GRC Compliance??? Legal/Regulatory requirements International encryption laws 16
Why ISO 27001 Why ISO 27001? It is the only internationally recognized standard Powerful framework/tool to manage information security Must have for global presence and demanding market Improves processes and reduces costs Allows better management decisions Manages risks proactively Improves resilience and business continuity Increases competitiveness 17
ISO 27001 is a Framework of processes and procedures 18
4 Context of the Organization 4 - CONTEXT OF THE ORGANIZATION SCOPE & BOUNDARIES LEGAL REGULATORY CONTRACTUAL 19
5 Leadership & Commitment 20
6 Planning 21
7 Support 22
8 Operation 23
9 Performance Evaluation 24
10 Improvement 25
26
Roadmap to implement ISO 27001 Get Certified!!! 27
Questions? 28