Security Standards ISO 27001 and 27002: What they are and how to use them

ISO/IEC standards 27001 and 27002 are complementary publications designed to help organizations create effective and repeatable information security systems and deploy appropriate controls. 27001 lay out the processes and methodologies for creating information security management systems and can be used for certification for adherence by organizations; 27002 provide a code of practice and specific security controls. In this webinar, ISO certified lead auditor for 27001, Ed Moyle, and Diana Kelley, Partner at Security Curve, will explain how organizations can use the ISO standards as a baseline for their security and risk management program.

Areas Covered in the seminar:

• 27001 and 27002: What are they and what’s the difference?
• Why certify? Benefits of certification and deciding if certification is right for you.
• Preparing for certification: setting the scope.
• What you need: minimum deliverables required for certification.
• Using 27002 in your program (e.g. compliance frameworks and control categories).
• Using the standards for new programs/systems.
• Using the standards for existing programs/systems.

Who will benefit:

This webinar will provide valuable assistance to all companies are building and maintaining information security management systems.

• CIOs, CSOs, and CISOs
• Internal audit professionals
• External auditors
• IT Security Architects
• IT Risk Managers
• IT Security Administrators

Instructor Profile:
Ed Moyle, is a certified 27001 Lead Auditor. He is currently a Manager with CTG’s Information Security Solutions practice, providing strategy, consulting, and solutions to clients worldwide. Ed has served as the Information Security Office for Merrill Lynch Investment Managers and worked within the federal sector for Computer Science Corporation (CSC) where he consulted to the Department of Defense JCALs program. He is the co-author of the book, "Cryptographic Libraries for Developers."

Diana Kelley,has been working in IT for eighteen years. She is a founding Partner at Security Curve an independent consulting and advisory company. She was the Vice President and Service Director for the Security and Risk Management Strategies team at Burton Group, the Executive Security Advisor for CA (Computer Associates) and a General Manager at Symantec. She was a Manager in the financial services consulting group for KPMG and the Senior Security Analyst at Hurwitz Group. She is the co-author of the book "Cryptographic Libraries for Developers."