Professional Documents
Culture Documents
I m p l e m e n t a t i o n Ro a d m a p
Vulnerability Assessment/Penetration Test of Key Applications/Systems
Provides substantiative evidence that the net security objectives (e.g., ensuring the confidentiality of information) are being achieved. * Cost Effective * Well Regarded * Early Identification of Critical Risks
F o r c o n s u l t i n g o n I S O 2 7 0 0 1 , v i s i t u s a t w w w. p i v o t p o i n t s e c u r i t y. c o m o r c a l l 1 . 8 8 8 . P I V O T P O I N T ( 8 8 8 . 7 4 8 . 6 8 7 6 )
<1 Month
Assess Gaps
Optimally scoping and understanding the current gap between the desired and current state are integral to appropriately allocating the resources (personnel, third party support, expenditures, and time) necessary to ensure the project achieves objectives on time and on budget.
Logically/physically limit the scope of the ISMS to the maximum extent possible consistent with initiative objectives. Optimizes likelihood of project success (prevents boil the ocean exercises).
1- 3 Months
3-18 Months
Respond to Incidents
Integral to 27001 is demonstrable Incident Response. Tune Incident Response processes to facilitate ISMS improvements.
1-12 Months
Certify
While there are many significant advantages to implementing 27001, most notably demonstrably reducing risk and simplifying Information Security, for most entities certification is the most important.
Pre-Certification Audit
"Friendly" pre-audit structured in accordance with certification audit (Tabletop Review then Compliance Review).
Certification Audit
27001 Certification Audit conducted by Certification Body resulting in issuance of ISO 27001 Certificate
and Beyond