Alan Calder on IT Governance, information security & ISO 27001

I agree entirely with John Verry’s description of today’s drivers for the adoption of ISO27001, which we expect to become more widely adopted over the next 15 years than ISO9001 is today (there are currently about 1 Million ISO9001 certifications worldwide).

“Driven to ISO 27001 … Driven by ISO 27001″ – presented by John Verry, principal consultant at Pivot Point Security (Hamilton, NJ) to the Unisys Community of Practice Group on June 15, 2010, focuses on three “pain” points driving organizations to the ISO-27001 framework as a simple and logical response. Verry cites the “cloud economy”, a “flatter world” and the growth of increasingly ambiguous and overlapping information security regulations as the main factors – and then explores how and why ISO 27001 is poised to change information security.

We’ve been working on ISO27001 since its inception and our unique, and uniquely comprehensive and integrated range of ISO27001 books, tools and resources is designed to help organisations around the world use this standard in their businesses – drawing on advice, tools, guidance, training or consultancy as required.

Cloud computing has tremendous potential for organisations of all sizes; it also brings with it a specific set of risks, ranging from access management and business continuity through to data protection compliance. Cloud computing risk was very much on the agenda at this year’s RSA conference; we’ve also recently published a book which focuses very specifically on managing risk in the cloud. Titled ‘Above the Cloud: Managing RIsk in the World of Cloud Computing’, it seems to be hitting the spot in terms of providing specific guidance to security and IT professionals about this specific area of risk. It is also available from our US site.