ABOUT THE PROJECT
Organizations today have an increased awareness of the value of information and perceive an increasing need to protect their information assets. As ISMS i a risk management approach to maintain the confidentiality, integrity and availability of an organization’s information. The ISO 27000 series of standards were specifically developed by the ISO for information security. This series is aligned with a number of other standards, including ISO 9000 (quality management system) and ISO 14001 (environmental management system).
To introduce the latest ISMS to member countries, the APO offered an e-learning course in 2010 to provide information on the requirements of the ISO 27000 standard. Based on the needs and demand expressed during the e-learning course, the APO developed a plan to organize training courses on both 2011 and 2012. The course in 2012 will focus on ISMS for SMEs to illustrate the step-by-step process of compliance with the standard, which includes establishing, implementing, operating, monitoring, reviewing, maintaining, and improving the information management systems, so that the ISO 27000 series can be easily introduced and adopted by SMEs.
OBJECTIVES FOR PARTICIPATION
As technical staff of Knowledge Management and Information Office – Center for Knowledge Management, i am generally tasked to develop innovative, value-adding, and cost-effective knowledge-based IT related solutions and services.
I personally acknowledge the fact that information will never be as vital to an organization until it is exposed to variety of risks such as unauthorized access, use, disclosure and disruption. These risks expose an organization to serious security threats and vulnerabilities. An organization’s credibility is then compromised and confidence among its stakeholders is lost. In most cases, increasing awareness of the value of information and guarding it from risks have become a usual defense, however, done arbitrarily. In order to address the emerging need for information security, we at DAP have development practical courses and executive awareness programs in information and risk management using the ISO 27000 series. This course on ISMS for SMEs is very timely and significant because one of the main thrusts and strategies of the KIMO is to strengthen our ISMS initiatives. The office has already conducted four batches of ISMS courses in the first quarter of 2011 and two more batches before the year ended.
Since our courses offer a broad spectrum of interesting topics covering applications of the ISO 27000 series which helped our participants carry out systematic information coverage from government organizations to SMEs, the implementation plan to conduct training courses on the third and fourth quarter of this year will be firmed up and improved because of this APO opportunity.
PROFILE OF PARTICIPANTS
The training course was participated by 18 participants represented by the countries Cambodia, Fiji, Iran, India, Indonesia, Lao PDR, Malaysia, Nepal, Pakistan, Philippines, Sri Lanka, Thailand and Vietnam.
Only one participant from the Philippines was sent to the training. Though the youngest delegate, my country presentation was well received by other delegates. I was even asked to present more than the required time limit. The chance to share the culture and traditions of the Filipinos, as well as the programs and projects related to information security to the Asian community was indeed a milestone in my career and profession.
SCOPE AND METHODOLOGY
1. Overview of objectives of ISMS and ISO 27000 series;
2. Defining the scope and boundaries of an ISMS;
3. Information security policy and risk assessment for SMEs;
4. Implementing and operating an ISMS in SMEs;
Country presentations, plenary discussions and lectures, group cases and dynamic discussions, group presentations and role-playing, observational site visit, and group oral examination and individual written exam.
OUTCOMES AND EVALUATION
I come to fully understand that information security is not a national concern, it is a global war. It is observed that some countries are advanced in keeping their races and practices attuned to legal norms and national policies in terms of information security while others were still marching on. Objectives of the course were satisfactorily met. Discussions by experts were understandable enough to a layman. The cases were processed comprehensively by the panel.
In terms of effectiveness of the presentations among the speakers, the program was at the right track in emphasizing that ISO 27000 is making a mark in the business industry. The accommodation and hospitality accorded to us by the secretariat and management were beyond expectations.
RECOMMENDATIONS AND ACTION STEPS
In order to address the emerging need for information security, DAP through CKM has to develop more practical courses on information security management using an internationally recognized and certifiable standard for Information Security Management – the ISO 27001. In my capacity as technical staff, it is my prevent hope to continue the journey towards a secure business environment. The insights i have gained in the training course can be shared through knowledge sharing or echo session which will be participated by my colleagues in DAP. I will also persuade our officers to support the inclusion of ISMS courses in future public offerings and customized project proposals.
The Philippine Government has been responsive to the calls of the time. Just recently, Senate Bill 2965 or omnibus Data Privacy Act of 2012 has been passed in the Senate of the Philippines. The Administration must make sure this will be signed into law for strong privacy regime as manifested in the EU Data Protection Directive. It will in turn institutionalize commission, the National Privacy Commission, who’s work will be with the Department of Justice.
This action is among the initiatives that the government have to sustain. If the government will continue to support the need for information security, problems associated with it will no longer hunt those who are dependent heavily on the most important asset – information.
Center for Knowledge Management
Development Academy of the Philippines