In the beginning, I (Former Chairman, HKSQ; Manager, Quality System, TSC-HKSTP) introduced some background of ISO 27001 and ISO 9001. Our ISO 27001 has certified since 2008. So I briefed many security incidents which had happened in 2008 initially.
Then I classified different Control Objectives and Controls into five groups and they were “Policy”, “Process & Procedure”, “Organization Structure”, “Hardware” and “Software”.
The comparison of company registration on ISO 9001 and ISO 27001, it was found that number of ISO 9001 certified companies were much higher than number of ISO 27001 certified companies. It should be a barrier for company to achieve ISO 27001. Therefore, my study was to develop a model so as to fill the gap.
ISO 9001 and ISO 27001 principles and standard comparison was discussed. In next stage, I explained how to extract the core elements of both standards and developed “QMS based Information Security Management (QISM) Model”. However, the core element of this model was Risk Assessment. “Information Security FMEA Cycle” was introduced and 24-steps QISM Implementation Roadmap was mentioned.
At the end, I used the term “SECURE” to be my concluded. Its meaning showed below:
S – Standardization
E – Effectiveness
C – Clearance
U – Unique Identification
R – Recovery
E – Efficiency
Mr. Anthony Tsui (VP-Programs, PMI-HK) presented a certificate to me.
HKSQ - www.hksq.org
HKSTP - http://www.hkstp.org/
PMI-HK - http://www.pmi.org.hk/
Other Related Seminars & Conferences:
20141229 - My ISO Journey of 10 years in Science Park
20121129 - Hong Kong IT Security Summit 2012
20120620 - Meeting with Prof. Edward Humphreys (Father of ISMS Standard)
20110121 - Seminar on Data Privacy
20100902 - The 8th Asia Network for Quality (ANQ) Congress
20090916 - ANQ 2009 Opening & Technical Seminar I
20090827 - Challenges on Information Security
20080802 - Seminar on ISO 9001:2000 UPGRADE to 2008 Version & Secure your information with ISO 27001