A Practical Approach to Information Security and ISO 27001

Date/Time: Wednesday 19 January 2011, tbc
Venue: City of Chester University, Chester | Map

Information is at the core of most businesses and recent cases of high profile data loss has highlighted how critical it is to protect information within organisations. Implementing information security policies or ISO 27001 compliance is often over-complicated or is avoided as it is viewed as a waste of time. This leaves organisations vulnerable to both accidental or malicious incidents that can damage reputation, customer confidence and result in large fines.

This talk will look at how information security can be introduced in any organisation. It will discuss the potential pitfalls to avoid, the importance of management engagement and the most practical approaches to take. The presentation will include cases from real audits and information security projects giving examples of both good and bad practices.

Many public bodies and large businesses now require suppliers to be at least working towards ISO 27001 compliance. Unfortunately many view ISO standards as being an abstract paper exercise with no relevance to how things are actually done. This is only true if the standard has been implemented incorrectly! Whether you are going for full compliance or not, the standard provides an excellent framework to work with. This talk will explain how the standard can be used as a starting point for any information security project without it stopping day-to-day business.

Speaker Profile

Dr Les Pritchard, MBCS CITP Fiasa Ltd

Les is a qualified ISO 27001 lead auditor working in the area of IT security and forensics. He has conducted information security and ISO 27001 audits for small companies to multimillion pound corporations. Having also worked as a network administrator Les realises the 'real world challenges' faced by organisations so is keen to develop realistic solutions that will bring benefits, not problems.