BSidesNoVA 2021 | Rose Songer | Crash Course - Information Security Management System Implementation

Implementation of an Information Security Management System can seem like a daunting task. Often companies attempt to implement programs with lack of resources and availability, limited tooling, aggressive timelines, etc. The implementation of an ISMS does not need to be overly complicated or difficult, but security professionals do have to be creative with their solutioning. With proper planning, companies can successfully implement their ISMS to support their security objectives. Additionally, companies must consider the implications of implementation of a program and how to maintain it afterwards. As we all know, these programs are not once and done. They require ongoing upkeep to remain in compliance. This presentation will cover my own lessons learned on multiple ISO 27001:2013 implementations and ongoing management of the ISMS. We will discuss ISMS 101, the must haves of your program, not skimping where it counts, less is more, and how to put a bow on your program. Take my challenges and turn them into your successes.