Expert Advice Community

Guest

Analysis of external issues

  Quote
Guest
Guest user Created:   Sep 26, 2017 Last commented:   Sep 27, 2017

Analysis of external issues

At the moment I am busy with an internship about ISO 27001. I want to do an external and an internal analysis in order to determine the scope of the ISMS. On your website I saw that the 7s model is a good way to describe the internal issues. What kind of method do you recommend for the external analysis?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 26, 2017

Answer: For external analysis I can suggest you the Porter's Five Forces Model (substitute products or services, established competitors, new entrants, bargaining power of suppliers and the bargaining power of customers) and the PEST (political, economic, social and technological) analysis. These approaches can provide you a systemic view of the external environment for the identification of relevant issues to your organization.

This article will provide you further explanation about analysis of external issues:
- Explanation of ISO 27001:2013 clause 4.1 (Understanding the organization) https://advisera.com/27001academy/knowledgebase/how-to-define-context-of-the-organization-according-to-iso-27001/

Quote
0 0
Guest
isocert Sep 27, 2017

First, I want to thank you for your quick and helpful response. The purpose and 'how-to' of the Porter's Five Forces Model is clear to me. The PEST analysis isn't all clear to me. On the web and in books from my study, it is explained kind of generally, while I need to analyse the issues regarding to information security. I find it hard to understand how I should apply the PEST analysis in the right way. Could you help me explaining this issue? I hope I am clear enough.

Quote
0 0
Expert
Rhand Leal Sep 30, 2017

Sure. Examples of how you can apply PEST analysis to information security are:

Political: How governments and politicians see and understand information security can define state-wide agendas and impact on regulations and laws applicable to several industries.

Economic: Which costs and profit opportunities can be related to the adoption of information security practices (in some countries that have to import technology variations in the currency used to buy assets can heavily affect security decisions).

Social: Depending on the society culture, impacts perceived by society due an information breach can be far more greater than the real thing. On the other hand, depending on the culture, the assimilation of security practices can be more difficult (a perception of excessive surveillance and invasion of privacy).

Technological: the obsolescence and ascension of new technologies can lead to a complete transformation of security practices (e.g., quantum computati on can have a serious impact on cryptographic controls, and the "Internet of Things - IOT" bring a new whole set of problems related to connectivity).

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Sep 26, 2017

Sep 30, 2017

Suggested Topics