NZ Information Security Forum - November 2023

Like ISO/IEC 27001 but backwards

As a consultant, Stephen Coates has witnessed a number of failed ISMS implementation projects. These are often due to a combination of focussing on the ISO/IEC 27001 mandatory clauses in sequence (from 4 to 10), treating these as a project plan and running out of steam, and trying to reimplement all of the Annex A controls at once. In this talk Stephen examines some of those failures and proposes working backwards, so that improvements, reviews, audits, metrics and operation are addressed earlier, rather than later or not at all.

Presenter - Stephen Coates

Stephen Coates is a pragmatic infosec consultant in the governance, risk management and compliance (GRC) space. He has come a long way since starting out as a software student apprentice, back in 1980's England. He now has many years of experience that cover information security, cloud, risk management, privacy, e-commerce, IT infrastructure and IT Service Management. Having worked in these fields for so long, he's accumulated a wealth of war stories and a treasure chest of badges and certifications, and he is also a PECB ISO/IEC 27001 Lead Auditor.