Management involvement in Information security is not only a major requirement for ISO27001 and other standards but key to a successful implementation. Therefore, finding common ground between management and information security professionals is important. In this session, we have three methods inspired by the management tool, business model canvas, to create this needed common ground. Three canvas methods for different aspects of information security: Business context, risk, security planning, control, and implementation; on three levels of business: strategic, tactical, and operational.

Authors: 

• Vincent van Dijk
• Richard Kranendonk
• Gilbert van Zeijl

Vincent van Dijk MSC is the owner of Security Scientist. He uses his background in data science to create data-driven cybersecurity solutions. His latest study into cybersecurity for SMBs led to the creation of the Cybersecurity Canvas — a methodology that helps numerous SMBs with cybersecurity. He shares his knowledge for free on securityscientist.net.

Richard Kranendonk studied Psychology in Amsterdam, and then worked as an IT consultant and project manager for 20 years. From 2017 onwards he helped organisations prepare for and stay compliant with GDPR, gradually shifting his focus to information security management and ISO 27001. He now applies his knowledge and skills to bridge the gap between privacy and security frameworks and business goals.

Gilbert van Zeijl celebrates this year his 10 years as an entrepreneur. As a one-man business, he is part-time security and privacy officer to a handful of small and medium enterprises. Experience from over 15 successful ISO27001 certifications condensed into a method called Risk Model Canvas. Gilbert has a master’s in informatics and nature protection from Wageningen University.

CPE

2 punten