Charles Gillman
Chief Information Security Officer
This webinar covered changes, adoption benefits, implementation guidelines and how to get the most from your updated ISMS.
The ISO/IEC 27002 standard, which serves as a reference for establishing controls for information risk management, has introduced significant changes in ISO/IEC 27001:2022. These changes reflect the concern of organisations globally around new risks that have emerged in a more digitised world, thus facilitating the continuation of your digital transformation plans and adoption of new cybersecurity strategies. Most likely your organisation will need to refresh the controls that have been adopted around your management system and information security best practices.
Webinar Recording
Materials
If you encounter any issues accessing materials or need a PDF copy emailed to you, please reach out to hello@dspanz.org.
Key Takeaways:
The changes to ISO/IEC27001 and ISO/IEC 27002 in 2022 represents a leap forward in the effectiveness of Information Security Management Systems (ISMS). Quick and effective adoption of the latest global best practice is essential to ensure trust in your organisation’s ability to protect information. Aside from the name change there has been a consolidation of controls, 11 newly introduced control objectives and a shake-up to the broader control framework - marking major differences to the prior version (ISO/IEC 27001:2013).
Key Changes:
- Updated controls aligned with current business practices and associated threats
- New “attributes” to enable alignment with different risk management methodologies including global cybersecurity frameworks
- Simplified and streamlined grouping of controls
-
Greater clarity on management requirements in line with ISO harmonised structure
About the Host and Presenters
Belinda is a dedicated Business Engagement Manager, with a strong dedication to compliance and data security. With a focus on scoping, project management, consultation, and customized solutions, she has successfully led projects like Superstream, STP Phase 1 & 2, and Jobkeeper.
Belinda collaborates with businesses of all sizes to optimise Payroll, Time & Attendance, and HR processes, ensuring efficiency and compliance. Her impressive track record includes ISO 27001 & ISO 9001 Certification, Superstream rollout, project lead on STP Phase 1 & 2 and Consultant and implementation for Pluto LNG Project. Belinda's expertise extends in her roles as DSPANZ Director and Director for GNGB.
His diverse experience has equipped him with a well-rounded view of the security landscape and the skills to implement practical solutions to address current and emerging cybersecurity threats.
Dushyant plays a pivotal role in steering BSI's growth strategy for digital trust solutions across the Asia-Pacific region. Under his guidance, BSI has established itself as a reliable partner, empowering businesses to navigate the intricate landscape of cybersecurity with unwavering confidence.
Drawing on his extensive background in e-business and business management, Dushyant brings a distinctive perspective to the convergence of technology and GRC (Governance, Risk, and Compliance). He is widely recognized for his capacity to craft innovative solutions that enhance outcomes and propel business achievements. Over the course of his tenure at BSI, Dushyant has assumed diverse leadership positions, with a notable emphasis on technology, governance, risk management, and compliance.
Lucas is an Information Security professional with over 15 years’ experience assessing and proposing practical security strategies and capabilities, pragmatically aligning advice to better practice security Standards. Lucas has experience leading security advisory services at an insurance broker after leading security architecture and associated remediation efforts for the Retail and Wealth functions of the Commonwealth Bank of Australia. Before joining CBA Lucas worked for PwC’s Cyber & Forensics team and was the Information Security Officer at an Australian wholesale telecommunications company.
Working with clients and teams of all shapes and sizes Lucas specialises in security architecture and advisory services, offering practical solutions to clients to help effectively buy down security risk. Lucas aims to share his knowledge and experience designing, implementing, and managing effective cybersecurity programs.