577 words, 2.1 minutes read.

ISO 27001 1 big thing: Partner with operations and product teams with respect to business initiative developments.

The big picture: Work with the IS leadership to develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled or processed by the organization.

Why it matters: Lead customer, partner, and vendor InfoSec audits and risk assessments, communicate results to information security stakeholders or business partners, and ensure remediation of outstanding issues.

Be smart: Be able to use common regulations and standards as inputs into IT security and compliance policy creation and updates including NIST, ISO 27001, CobIT, SOX and PCI.

Meanwhile: Perform information security operational tasks and day to day follow up of actions with the overall objective of ensuring the operational effectiveness of existing security controls, improve the overall control environment and reduce risk exposure.

The backdrop: Be confident that your organization oversees and provides direction to the wargaming team to design a scenario to achieve identified goals, including scenario storyline, inject timeline, delivery structure.

How it works: Make certain that your organization is developing and maintaining information security policies, standards, guidelines and oversee the dissemination of security policies and practices.

On the flip side: Make headway so that your process analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.

Go deeper: Ensure staff development is an ongoing focus of this operation including having team members work with each other to ensure the distribution of skill sets.

What to watch: Ensure there is a strong knowledge and hands on involvement implementing various cloud technologies including networking, security and compliance, compute, storage, and databases.

What they’re saying: “Present assessment findings to impacted stakeholders and recommend mitigation strategies including updating technology, compensating controls, or policy modifications to improve overall security posture., Brooklyn H. – PCI Risk Manager

State of play: Make sure your company controls operating and capital budget, and participates in the recommendation, evaluation, and selection of new corporate hardware and software systems.

Under the hood: Perform training to the sales organization enhancing the knowledge regarding your security and privacy practices, and architecture, applying existing security and compliance material.



Through using your assessment book and toolkit you know now that this is the better way to learn, assess and implement.

Top thinkers are using The Art of Service Critical Capabilities Analysis, the report that’s helping leaders stay ahead of what’s next.

Here’s how: now that you own your assessment, stay one step ahead with the ISO 27001 Critical Capabilities Analysis.

This Analysis will help you plan your roadmap. This Critical Capabilities report enables leaders to shortlist hundreds of appropriate results across the seven RDMAICS typical use cases.


Get started: store.theartofservice.com/ISO-27001-critical-capabilities/


Between the lines: Ensure your group is involved in securing industrial wireless networks and industrial internet of things (iiot) and monitoring packages as siem, soc and noc.

The bottom line: Automate and orchestrate the process of Cloud software deployment (CI/CD) to integrate enterprise security standards, policies, configurations, and architectures, for applications, platforms, and infrastructure.

What’s next: Make sure your process manages and leads the design and operation of the Information Security program and policies along with compliance monitoring and improvement activities to ensure compliance both with internal security policies etc.

ICYMI: Engage in irm program for the key accounts: define control framework; identify and evaluate risks; understand business context and prepare reports and recommendations.



Get started: store.theartofservice.com/ISO-27001-critical-capabilities/


Trusted by: Stream, RADcube, Lloyds Register Group, SkyePoint Decisions, McKinsey and Company, Ping Identity, KITTY HAWK TECHNOLOGIES, Siemens, Blue Cross and Blue Shield of Minnesota, The Cadence Group, COMPQSOFT, General Dynamics Information Technology, Amazon Web Services, Inc., Link Solutions, Inc., Kelmar Associates, LLC, Splunk, King and Spalding, Bank of the West, Garmin, Opendoor, J. J. Keller and Associates, Inc., NTT Ltd, GRSi, Adtran, RainFocus, Vistra Corporate Services Company, f5, Sparksoft Corporation, NSSPlus, Edgewater Federal Solutions, Inc., Delta, CHOISYS TECHNOLOGY INC, Super Micro Computer, Inc., Weave HQ, KLDiscovery, Synoptek, Verizon, Google, BSI, Fisher Investments, Imagine One Technology and Management, Ltd., Coalfire, Johnson Controls, Chamberlain Group Inc, EBI, Inc, Highspot, Semtech, Cigna, M3 Global Research, Kellogg Company, University of California – Irvine, Ciena, Dell Technologies, University of Alaska, CALNET INC., University of California, Santa Barbara, Inflection, PTC, Centene Corporation, Deloitte, Inserso, Data Innovations, LLC, APV, Trapp Technology, Ensono, Simon-Kucher and Partners, TeleTracking Technologies, Abbott Laboratories, DXC Technology, Simmons Bank, Sutherland, Pinnacle Group, Power Integrations, amdocs, Microsoft, Rockwell Automation, Sony Corporation of America, TÜV SÜD, Blackwatch International Corporation, ServiceNow, Lucid, iPipeline, T-Mobile

Categories: Articles