Information Security Drives Enterprise Risk Management

Client: The client is an international company that manages and mines “Big Data” for a manufacturing vertical.

Project: Work with the client to implement an ISO 27001 information security management system (ISMS) for the organization. The client had a mature information security program but was pursuing ISO 27001 certification at the request of their clients.

Summary: The ISMS was operational and the organization was certified to ISO 27001 in eleven months. JBW Group guided the client to retain those aspects of their existing security program that were in compliance with the standard and quickly address the gaps in particular around risk management. The greater transparency into information security afforded by the ISMS implementation enhanced their already mature governance model. The changes in information security risk management and the increased effectiveness it provides was used as a model to drive enterprise risk management for the entire organization.

Value-add: The organization was recently purchased by a much larger organization. The security team quickly discovered that the information security program of the acquiring organization was deficient in multiple areas. Based on a proven track record, the executive leadership approved the implementation of the ISO 27001 framework across the enterprise. The Vice President for Information Security who led the effort to implement ISO 27001 was promoted to Chief Security Officer for the enterprise and is leading the implementation.