Based on responses from 250 information security professionals worldwide, the ISO 27001 Global Report 2016 reveals that more than half of all information security teams rely on external skills to implement an ISO 27001-compliant information security management system (ISMS).
When asked about the services and tools that organizations use to help achieve and maintain certification to ISO 27001, the report discovered that:
- 54% use penetration testing services to identify potential vulnerabilities within their network and systems.
- 39% outsource their e-learning staff awareness training programs though external tool and resources.
- 34% depend on external resources to conduct vulnerability assessments.
- 51% rely on external consultants to help with the implementation process.
- 32% use documentation toolkits to produce ISO 27001-compliant policies and procedures.
- 23% depend on risk assessment software.
- 8% depend on an ISMS managed service.
These statistics highlight the increased need of upskilling and empowering ISMS managers to be able to fulfil their key duties and help their organizations achieve and maintain certification to the best-practice information security standard, ISO 27001.
Organizations wishing to implement an ISO 27001-compliant ISMS and upskill their information security staff can take advantage of IT Governance’s ISO 27001 Certified ISMS Lead Implementer training course.
The course equips individuals involved in ISO 27001 ISMS projects to lead an implementation and help their organization mitigate cyber risks and deliver information security.
In addition, IT Governance can help organizations achieve compliance with their range of ISO 27001 packaged solutions. Each packaged solution is designed to complement the specific internal information security skills of an organization so that it can implement ISO 27001 in a cost- and time-effective way.