What is it that ISO 27001 does?
As a CxO of any kind, you have the business. The business has a touch of you to it. Through what your business ultimately sells, it puts out that touch to the world.
For example, your business may be a purveyor of network services. But then, those network services will be according to you. And that makes them unique to the world.
This has an impact upon the kind of architecture your business needs in order to be your business in the true sense.
I'll give you an example. A network services provider used software to control the network that they came to own. This network served their customers, and also their offices separated by geographical barriers. Their version of networking dictated the kind of architecture found across the company.
The kind of architecture that comes to be due to the flavour of your business in turn influences the kind of risks that the business faces.
For example, at this networks company there was a kind of coupling between various routers and other devices scattered across the globe. This brought with it certain network points which could attract DDoS attackers more than the others.
ISO 27001 lets you take a fuller view of the whole of your business architecture at a time and also think of how the various parts of it work with each other. This helps you see where your business architecture possesses loopholes and how vulnerable they make your whole business.
When you know how and where you are likely to fail, you can always take precautionary measures beforehand, rather than letting your business deal with what it can after the loopholes have been exploited.
Case in point
The senior leaders at that network service provider were initially not in favour of adopting an international standard such as ISO 27001 because they perceived it to be a venture involving many more costs and effort.
Piles of documents mounting year after year, mixed with a bottomless pit of costs of surveying a whole host of people, all to get a certification that would only help them with a couple of competitive tenders, was what put them off the whole idea.
However, one of their clients turned out to be an ISO 27001 practitioner, and was concerned about the well being of the company. The client helped them understand that if attackers took advantage of the vulnerabilities of their network, the company would have to struggle to save their business, not to mention the trouble that would be stirred up with some customers suing them for the damage that an attack could have caused.
The company had a unique way of providing their services, and that had to be protected, was what the leadership came to conclude. To that very end, they kicked off a project that educated them about their business architecture.
ISO 27001 soon turned into a fun learning activity for teams across the whole company, with several staff members even completing courses that helped the company implement their learning to maintain quicker, easier ways of protecting the business from falling into traps.
ISO 27001 would certainly be the start of a journey for your business. In this world that brings with it much uncertainty, it is a must to find your own method behind the madness and learn things about the architecture of your business, that you would otherwise have missed out on.
Get going with our ISO 27001 courses!