Abstract:
There is an increasing demand for suppliers to be certified to ISO/IEC 27001 and thus demonstrating that they are managing Information Security in their organizations.

Tenders for Government and private organization outsourcing contracts are increasingly looking for information security management systems certification, and without it the chances of winning work are significantly reduced. Those organizations who have obtained certification have also benefited from the reassurance given by having a structured approach to the information security that actually matters to them.

This seminar explains in simple terms what a certifiable information security management system (ISMS) comprises and how it can be put in place. The seminar is suitable for all levels of management, CIOs, IT directors/managers, auditors, and practicing accountants. It examines ISO/IEC 27001 and the specification it provides for an ISMS, which includes:

- Scope of certification
- Information asset concepts
- A risk-based approach to ensuring the right controls are in place
- The Statement of Applicability
- The certifying audit process

In addition, ISO/IEC 27002 will also be discussed in terms of the areas of controls that need to be considered. This will be an interactive seminar with opportunities to confidentially discuss individual organizations' specific issues.

Speaker:

Mr. Dale Johnstone
Partner, Xione Group Limited

Mr. Dale Johnstone is professionally recognized as one of Asia Pacific's foremost, respected and leading experts in information security management with over twenty years full-time professional information security experience in various industry sectors including Government, defense, law enforcement, finance, manufacturing, transportation and telecommunications.

Dale is currently an active representative on Australian and International Standards bodies and was formally a representative to the Australian Government's Protection for the National Information Infrastructure Council and the past-Chairman of the Australian Information Security Interest Group.

Dale is the CIO and a Director of the Xione Group Limited in addition to being the Vice-Convenor of the International Standards Organisation committee responsible for the development of the ISO/IEC 27000 Family of International Standards (ISO/IEC JTC 1 SC27 WG 1). Xione Group operates throughout Asia Pacific, Europe and the Middle East. Dale is actively engaged by all types of companies in corporate governance, compliance and investigations, information security, risk management and standards based activities. In addition, Dale is involved in information security management systems auditing, consultancy and training for governments, financial services, law enforcement, telecoms and other industry sectors. Dale is also Chairman of the local ISO/IEC 27000 User Group for Hong Kong and Macau, Chairman of the Organizing Committee for the annual Information Security Summit (2003 - 2011), and member of the Standards Australia Committee responsible for information security management standards.

Dale holds a Bachelor of Business (Information Technology), Graduate Diploma in Media, Communications and Information Technology Law and Master of Business Administration (MBA).