ISO 27001 Breakfast Seminar

Posted on September 21, 2011 by brian

Ensuring your systems remain secure is an ongoing challenge for every business, even more so in the current business climate where budgets have remained static or cut. So how can you get more bang for your infosec euro? BH Consulting and Certification Europe are partnering to host a breakfast seminar on November 22nd at 8:00 a.m. in the Conrad Hotel, Earlsfort Terrace, Dublin 2.

The purpose of the seminar is two-fold. The first is to identify how to implement measures in a cost-effective way to improve your security, while the second is to highlight the business benefits and cost savings a structured Information Security Management System can bring.

The Agenda

08.00-08.30 Registration & Buffet Breakfast
08.30-08.40 Introduction & Welcome – Padraig White, Chairman, Certification Europe Ltd.
08.40-09.10 Implementing Information Security Best Practice’s in a Cost Effective Way – Brian Honan, CEO, BH Consulting
09.10-09.40 Certification – The Benefits & Challenges – Han Van Thoor, MD, Jumper Consulting Ltd.
09.40-10.10 ISO 27001 Trends & Developments Internationally – Michael Brophy, CEO, Certification Europe Ltd.
10.10-10.30 Closing Remarks & Networking
Who Should Attend:

Anyone with responsibility for sensitive data
CEO’s & MD’s
CTO’s
Senior Management
IT Managers
Compliance Officers

There is a €50 fee to attend the seminar but if you Book Now you get €15 off!

"ISO 27001 In A Windows Environment" Book of the Year Award

Posted on June 22, 2011 by brian

I was pleasantly chuffed to find out at Infosecearlier this year that my book “ISO 27001 In a Windows Environment” came runner up in the IT Governance Book of The Year Award. The awards were based on a combination of the number of copies sold and the votes received in an online poll. Thank you to everyone who has bought the book and to those of you who voted for it.

If you are planning to roll implement ISO 27001 in your organisation I think you will find the book of interest. The purpose of the book is to provide you with insight into how you can implement many of the controls outlined in the standard by using many of the inbuilt features of Windows and other Microsoft tool. Given that many organisations have a substantial Windows footprint this could result in your being able to implement ISO 27001 in a cost effective way.

Here is a picture of me receiving my award from Alan Calder of IT Governance;

It's Official – BH Consulting is ISO 27001 Certified

Posted on July 15, 2009 by brian

This arrived the other day and is now proudly sitting on the office wall.

iso27001 cert

Somehow it makes our certification to the ISO 27001 Information Security Standard seem more real.

BH Consulting Achieves ISO 27001 Certification

Posted on June 10, 2009 by brian

Following an independent audit of our Information Security Management System by Certification Europe, BH Consulting has been awarded accreditation to the ISO 27001:2005 Information Security Standard. This independent certification recognises that BH Consulting has in place an Information Security Management System that meets the requirements of this highly regarded standard.

Achieving this accreditation means that our customers can be confident their information is being dealt with by a company who takes the matter of information security seriously. As a consulting company it also shows that we practise what we preach. BH Consulting has achieved this certification for all of its consulting services.

We also believe that BH Consulting is the smallest company in the world to achieve this certification, so size does not matter after all !

First Review of My Book

Posted on March 26, 2009 by brian

I recently became aware of the first review of my book, “Implementing ISO 27001 in a Windows Environment“. The review, by J Oquendo, is available on the IT Governance website.

I must admit that I have been nervously waiting the reviews. After spending many long days, and indeed long nights, writing the book and going through the editing process, you wait in expectation hoping that your work will be appreciated by others.

I am happy to say my apprehension was misplaced as J Oquendo provides some excellent feedback and observations, which I will take onboard should the demand be there for another edition. If you are wondering should you purchase the book you should note that “Overall the book accomplished exactly what the title eludes to and is a definite must have book for anyone from an Information Security Manager, to a Windows system administrator or infrastructure architect” and “I’ll definitely have this book on call in my information library.”

If you have purchased the book, thank you, and if you have any feedback or suggestions please let me know.

Upcoming ISSA Meeting

Posted on January 30, 2009 by brian

Venue & Schedule
The next ISSA Ireland chapter meeting will be held on Tuesday February 17th at the Westbury Hotel in Dublin. This will be a half-day seminar covering a range of topics and will run from 1 PM to approx 5 PM followed by drinks in the hotel bar.

Attendance Fees
Since this is a more substantial event than a typical evening or lunchtime seminar ISSA Ireland will be charging a registration fee and registration is required. Members will be charged €30 (payable by cash or cheque on the day) while the non-member fee will be €130, with €100 of this covering ISSA membership for those who wish to join following the event.

Agenda
The agenda for this half-day seminar is as follows:
Ensuring Security of In-house Applications
Colin Bell is an application security expert within IBM’s Rational Appscan team (formerly Watchfire) where he manages the “AppScan onDemand” security testing service. Colin has over 22 years IT experience, primarily in application development roles, and for the past 8 years he has specialised in application security testing. Prior to joining IBM Colin developed and managed a service within Sun Life Financial which was globally responsible for their internal security testing services. At our February meeting Colin’s presentation will address the security of in-house applications with a comprehensive discussion of application security focusing on how security testing can be built into internal development processes.

Legal Issues in Information Security
Philip Nolan is a partner in the commercial department of Mason Hayes & Curran, one of Ireland’s leading commercial law firms. Philip’s knowledge and experience in technology, communications and privacy law have made him one of the top Irish solicitors in these areas and the perfect speaker to address legal issues in information security. On February 7th Philip will discuss the legal issues that affect information security professionals in Ireland, from privacy issues such as employee monitoring to contract questions and updates on relevant HR and data protection legislation.

Implementing ISO27001 in a Windows Environment
Brian Honan is an Irish security professional who runs BH Consulting, a specialist IT and information security consultancy, and is a regular speaker on information security issues. Brian’s particular area of expertise is the ISO 27001 standard for information security management systems and at our February meeting Brian will outline how 27001 can be implemented using Windows technology. Drawing on his recent book, “Implementing ISO 27001 in a Windows Environment”, Brian’s presentation will explain the standard’s technical control requirements and show what they mean for the secure configuration and management of a typical Windows systems.

Effective Security Awareness Programmes
Mike Harris is one of Ireland’s most senior security professionals and a popular speaker who has contributed to several past ISSA events. As Director of Risk Advisory Services with Ernst & Young Mike has worked with many organisations to improve their security and on several occasions has filled security management roles on an interim basis. Mike’s presentation on February 17th will address one of the most difficult management challenges in information security: building effective security awareness programmes. Drawing on his experience of both consulting assignments and in-house roles Mike will explain how to structure an effective programme, how to select appropriate messages, how to develop or source content and how to measure effectiveness over time.
�
Registration
Advance registration for this event is required, to register please go to the ISSA Ireland website

I look forward to meeting some of you there.

Implementing ISO 27001 In A Windows Environment

Posted on January 15, 2009 by brian

9781905356782_-_large One of the biggest projects I worked on last year was writing my first book. The book is called “Implementing ISO 27001 in a Windows Environment“. I wrote this book in response to the many questions clients have asked me on how best to put in place the various controls and goals outlined in the ISO 27001 Informration Security Standard (formerly BS 7799).

Very often these people were IT Managers who were mandated by their senior management to implement the standard in order to provide the business that they were using recognised best practises to secure their information assets.

However these managers suddenly faced a number of major challenges.;

They had to first become familiar with the ISO 27001 Information Security Standard and understand how it works.
Identify what controls were applicable to their organisation based on their risk assessment and resultant required controls.
How to ensure that the controls that required technical configurations were being properly implement
Last but not least how to do all the above in the most effective and cost efficient manner possible.

As someone who has a lot of experience with implementing the standard, and also a strong technical background, I decided to write this book to help address those issues. I also decided to focus on how to leverage some of the existing Microsoft technology, such as Microsoft Windows Server 2008, Microsoft Windows Vista and various other Microsoft secruity tools, that most organisations have employed.

So last summer my journey as an author began. It is been a long and at times challenging journey but I am happy to say that it is coming to an end.

My book “Implementing ISO 27001 In a Windows Environment” will be published on February the 3rd 2009 and is now available for pre-order at the IT Governance website. If you are considering rolling out ISO 27001 in your organisation, I would recommend that you purchase the book as it may save you a lot of time, money and frustration.

Managing Information Security with ISO 27001

Posted on September 23, 2008 by brian

In partnership with the Centre for Software Engineering we are running a two day course on “Managing Information Security with the ISO 27001 Information Security Standard”. The course is scheduled to run on the 20th and 21st of October 2008 and you can book your place on the course by contacting the Centre for Software Engineering.

The “Managing Information Security with the ISO 27001 Information Security Standard” course provides a framework that will enable those responsible for securing sensitive information assets using a quality based approach to identify key assets and how best to manage the associate threats and risks.The subjects covered include:

Overview of information security
Introduction to the ISO 27001 Information Security Standard
Identifying key information assets
Identifying risks
Strategies for mitigating and managing risk
Implementing appropriate security controls
Monitoring the effectiveness of security controls.

The course materials are supported with a number of practical exercises, tips and case studies to illustrate and give experience in applying the techniques described. More details of the course are available from the Centre for Software Engineering

Keeping Data safe at work

Posted on September 7, 2008 by brian

Today’s Sunday Independent ran a piece in their business supplement on what companies should be doing to protect the data stored on various devices such as PCs and laptops. I am quoted in the article and highlight that companies need to develop their data classification and handling policy and educate their staff in same before rushing out to solve the problem using technology alone. I have said it before and I will say it again, technology is only part of the solution, people and processes are equally, if not, more important.

By the way in case you read the article and are wondering what document I am holding in the picture, it is the ISO 27001 Information Security Standard. Quite appropriate for the topic being discussed.

Staff Issues Regarding Data Leakage

Posted on August 21, 2008 by brian

Today’s Irish Independent has an article “The Perils of Identity Theft” citing me on some of the issues that staff need to be aware of when dealing with sensitive personal information belonging to the customers of their employer. We all need to be careful with the data we access in order to do our job and we need to handle that data accordingly.

When it comes to cash companies are quick to ensure staff know exactly what they are and are not supposed to do when handling that cash. Unfortunately when it comes to data many companies do not take the time to either identify what data is sensitive, how they should protect that data, who should have access to it and how those with access should treat that data. Very often companies rely on employees to “do the right thing” or that IT will have that covered.

Without a comprehensive, unambiguous and well communicated data handling and classification policy your company will be doomed to have a data breach at some stage. If you are a manager reading this and your company does not have such a policy in place then I recommend you look into this as soon as possible. Take it one step further and consider implementing the ISO 27001 Information Security Standard in your organisation. A key element of the standard is data classification and handling. By implementing the standard you will also have the confidence that your company has taken appropriate steps to make that data more secure.

If you are an employee and you are not sure what your company’s data classification and handling policy is then you should ask. If there is not one in place then insist that you are told exactly what you are supposed to do with the information you are working with.

Remember that some industries have regulatory and/or legal requirements for certain types of data and in any event the Data Protection Act places certain obligations on how companies deal with data.

SecurityWatch

BH Consulting's Security Watch Blog

Category Archives: ISO 27001