After a busy week I need to decompress so in addition to cycling, I binge watch TV shows with my wife. We recently started to watch Line of Duty Season 5 but very quickly my wife became disengaged and lost interest in the programme. She was messaging her parents who also became less interested so I asked them why. It led to me writing this post (mainly during the underwhelming final episode) as I saw many parallels with that feedback and information security management.
A quick look on social media suggests the popular TV Series on BBC1 provokes confusion for much of the audience. ‘What the heck is going on’ and ‘who is H’ are just a couple of the popular questions. Newcomers to Information Security Management System (ISMS) sometimes find it confusing too. They search to find out what ISO 27001, the internationally recognised information security management standard, is all about but can remain underwhelmed with what they find. Many gave up early in the journey of Series 5 Line of Duty describing it is as just too hard. That can happen with ISO 27001 too when you try and go it alone without the capacity, confidence, capability or discipline to see it through.
It struck me how Line of Duty, in tackling the Serious Organised Crime subject, is very much like information Security management and ISO 27001. Policing and information security management have similar goals. In Serious Organised Crime management, police and their partners follow four ‘Ps’ (Preparation Protection, Prevention & Pursuit). Effective information security management systems will also demonstrate good preparation, strong protection and prevention, with an ability to pursue and resolve incidents if and when they occur.
Like the 4 ‘P’s policing model, which works when understood and followed, so does ISO 27001 as a framework for information security management success. As with Line of Duty though, ISO 27001 is hard to remain interested if you don’t understand what is going on. In addition to the general complexity of the TV show plot, it also turned out that the use of acronyms and specific police language created a real barrier to my wife and her parents understanding of the programme. As one of our software services (pam) supports the police on Serious Organised Crime work I had no problem in understanding OCG’s (Organised Crime Groups), UCO (Under Cover Officer), CHIS (Covert Human Intelligence Source), DI (Detective Inspector) and so on. Even with the subtitles turned on it offered them no help. My wife said there were more acronyms there than you can make with Alphabet Soup! So I did the translation and she then passed that onto her parents too; the mist cleared a bit and they stayed with it.
ISO 27001, cyber and information security can also confuse if you are struggling with your Alphabet Soup around SOA (Statement of Applicability), Annex A (the control objectives), your ISMS (Information Security Management System) and other fundamentals. We’ve made that a bit easier too so check out the ISMS.online website now for a range of free resources if you are about to embark on ISO 27001 or have previously given up on the journey.
It reminded me that any subject can be simplified and lots of things start to make sense when you have a coach to hand as well. Not only was I was able to explain to my wife, and her parents what the acronyms meant, I could show how things fit together in the real world with a bit more context around Serious Organised Crime. We do the same thing with our Virtual Coach service for ISO 27001 – in addition to ISO 27001 tools, techniques and head start documentation on our ISMS.online platform, we’ve built a Virtual Coach which is great for newcombers to the topic. It also helps those improvers and experts who want to distill the core learning of the subject down through their organisation and supply chain.
Of course there are differences between Line of Duty and information security management as well. You can easily disengage and turn off from a TV programme with little consequence, or delay for another year to find out more about H in Series 6! Disengaging and delaying around information security management might bring more significant consequences!
If you have tried and failed to stick with ISO 27001 before, or are new to it and want to avoid the pitfalls, get in touch. The reasons for undertaking ISO 27001 are growing rapidly. Like the police in real life, they do much more than the 4P’s in practice, and so does ISMS.online. Done well, information security management can help create significant value and growth for organisations too. Our website resources including the business case planner help with the case for investment and are always being updated with new resources so sign up for a subscription to stay in touch.
With ISMS.online and the Virtual Coach service alongside the powerful software service we can coach you to success quickly and easily, at a fraction of the time and cost of alternatives. And all without the pain and suffering poor old Supt Hastings has encountered in that last episode!