SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30
  • (0)
    ISO-27001-ISO-22301-blog

    ISO 27001 & ISO 22301 Blog

    4 reasons why ISO 27001 is useful for techies


    Very often when I start ISO 27001 consulting job in a company I hear complaints from system administrators, IT managers, and other IT staff like, “Oh no, now we’re going to get swamped with a bunch of documents,” and, “Great, we’ll have to work overtime now”, etc.

    But the fact is, ISO 27001 can make their job easier if they knew how to get benefits from it; if they approach it negatively, then sure – the documentation will become overhead, and they will work longer.

    In my experience, here are the four main areas where you can benefit the most from the ISO 27001 project:

    Save your time. Do you ever think about those things that cost you the most time in your regular work? Is it because the users of your information system are making all kinds of mistakes (not to use some heavier word here), so you have to spend endless hours correcting them? Well, ISO 27001 is all about defining clear rules – who can do what, how, and who is responsible. Yes, you’ll have to invest time to set these rules properly, but once they are in place the chances are your users will create fewer problems.

    Get the attention of your senior management. You have probably been in a situation where you proposed some changes in your work, or proposed some new technology in order to increase the level of security. Very often the answer to this kind of initiative is “Is this really necessary?” If you start implementing ISO 27001, one of the things you’ll need to do is so-called risk assessment – this basically means you’ll have to systematically go through all potential problems and choose which ones are the most likely and which ones might hurt your company the most. Then you can present these results to convince your management that some issues really are top priority.

    Protect yourself. When a security incident occurs, usually the IT department is to blame: “Why didn’t you prevent that?” or “Why didn’t you react more quickly?” First of all, with ISO 27001 implementation you define roles and responsibilities very clearly – therefore, if someone has made a mistake because he or she didn’t comply with the procedure, the management won’t be able to blame you. Secondly, during this kind of project you will have to propose changes toward your management in a formal way – if they reject them, then you have a documented trace that you did your best to prevent incidents.

    Enhance your career prospects. You may consider information security as being a drag, but the fact is – the security industry is growing very quickly, even quicker than the IT industry. Therefore, with the experience both in IT and in information security (you can also ask to attend some security courses), you can advance even quicker.

    So, rather than resisting ISO 27001, start thinking about how to use it to make your job easier.

    To learn more about ISO 27001 implementation project, see this free online training ISO 27001 Foundations Course.

     

    Advisera Dejan Kosutic
    Author
    Dejan Kosutic
    Leading expert on cybersecurity/information security and author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become certified against ISO 27001 and other ISO standards. He believes that making ISO standards easy-to-understand and simple-to-use creates a competitive advantage for Advisera's clients.

    As an ISO 27001 expert, Dejan is sought out to help companies find the best way to obtain certification by eliminating overhead and adapting the implementation to the specifics of their size and industry.
    Connect with Dejan: