A recently published report by cyber security firm
IT Governance found that ensuring the organisation has the right level of competence is a major challenge for businesses when implementing the information security standard ISO 27001.
The
ISO 27001 Global Report 2015, based on a survey of 245 senior executives and practitioners, also revealed that organisations are not doing enough to address the ISO 27001 skills gap.
Only 23% of organisations employ a dedicated, full-time information security management system (ISMS) manager, and 44% of respondents admit that the person managing their ISMS doesn’t have a formal ISO 27001 ISMS qualification. Despite this lack of relevant training, 28% are not planning to train their ISMS manager, while 35% do not have control over that decision. Only 37% are planning to train their existing ISMS managers.
Alan Calder, founder and executive chairman of IT Governance, says, “The lack of relevant skills can affect the effectiveness and performance of the ISMS. Given the current shortage of cyber security skills, it is essential that businesses support professional staff in acquiring the necessary qualifications.”
Asked if they used external consultants to help them prepare for certification, 40% of respondents answered ‘yes’. The absence of a full-time ISMS manager as well as the lack of formal training for those tasked with ISMS management may contribute to this trend.
Calder adds, “In our more than 10 years’ experience with ISO 27001 implementation projects we have observed that most organisations prefer to complete the project themselves, but they inevitably need some external help during the process. This explains why the ISO 27001 Get A Lot Of Help package we launched last year has proved very popular with clients. It provides them with the tools, skills and knowledge they need, while leaving them in charge of the project.”
ISO 27001 Get A Lot Of Help combines core ISO 27001 standards and implementation guidance with key implementation tools, attendance at the Live Online ISO 27001 masterclasses, and IT Governance’s Mentor and Coach service – all at a fixed price. Moreover, it saves organisations the associated expenses of hiring a consultant to do all the work.
A copy of the full ISO 27001 Global Report 2015 report is available here:
www.itgovernance.co.uk/iso27001-global-report-2015.aspx.