ISO 27001 A8 Asset Management

•Als PPTX, PDF herunterladen•

6 gefällt mir•5,274 views

This presentation explains clause A8 of ISO 27001 i.e., Asset management and its importance. It further explains clauses under A8 viz., Responsibilities for Assets and Information Classification. http://www.ifour-consultancy.com/ http://www.ifourtechnolab.com

Technologie

iFour ConsultancyISO 27001 – A8 Asset Management

 Anything that has value to the organization
Asset
ISO for Software application development India
Assets
Software &
Hardware
Infrastructure
Information
People

Risk
assessment
• Key element of identifying risks, together with threats and
vulnerabilities.
Responsibility
Assignment
• Defines asset owners
• Assigns owners the responsibility to protect the
confidentiality, integrity and availability of the information
Why are assets important for information security management?
ISO for Software application development India

 A set of business processes designed to manage the lifecycle and inventory of
technology assets
 It provides:
 Lowers IT costs,
 Reduces IT risk and
 Improves productivity
Asset Management

A8 Asset Management Clauses
ISO for Software application development India
• Responsibility for assets8.1
• Information Classification8.2
• Media Handling8.3

 To identify organizational assets and define appropriate protection responsibility
8.1.1 Inventory of Assets
8.1.2 Ownership of assets
8.1.3 Acceptable use of assets
8.1.4 Return of Assets
8.1 Responsibility for assets
ISO for Software application development India

Controls for Responsibility for assets
• Assets associated with information and information processing facilities shall
be identified and an inventory of these assets shall be drawn up and
maintained
Inventory of Assets
• Assets maintained in the inventory shall be ownedOwnership of assets
• Rules for acceptable use of information and of assets associated with
information and information processing facilities shall be identified,
documented and implemented
Acceptable use of
assets
• All employees and external party users shall return all of the organizational
assets in their possession upon termination of their employment, contract or
agreement
Return of Assets

 To ensure that information receives an appropriate level of protection in
accordance with its importance to the organization
8.2.1 Classification of information
8.2.2 Labelling of information
8.2.3 Handling of assets
8.2 Information Classification
ISO for Software application development India

Controls for Information Classification
ISO for Software application development India
• Information shall be classified in terms of legal requirements,
value, criticality and sensitivity to unauthorised disclosure or
modification
Classification of
information
• An appropriate set of procedures for information labelling shall
be developed and implemented in accordance with information
classification scheme adopted by the organization
Labelling of
information
• Procedures for handling assets shall be developed and
implemented in accordance with the information classification
scheme adopted by the organization
Handling of assets

References
http://advisera.com/27001academy/knowledgebase/how-to-handle-asset-
register-asset-inventory-according-to-iso-27001/
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
ISO for Software application development India

Visit- http://www.ifour-consultancy.com
Or
http://www.ifourtechnolab.com
For more details
ISO for Software application development India

ISO for Software application development India

Weitere ähnliche Inhalte

Andere mochten auch

Iso 9001:2015 Documented Information Guidance

Mohammad Elshahat

Access Control Presentation

Wajahat Rajab

ISO 27001

n|u - The Open Security Community

إيزو 9001/2015 باللغة العربية

Baraket Mohamed

Information Security Management System ISO/IEC 27001:2005

Cryptography.ppt

Risk management

INFORMATION SECURITY

Andere mochten auch (8)

Iso 9001:2015 Documented Information Guidance

Access Control Presentation

ISO 27001

إيزو 9001/2015 باللغة العربية

Information Security Management System ISO/IEC 27001:2005

Cryptography.ppt

Risk management

INFORMATION SECURITY

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)

🐬 The future of MySQL is Postgres 🐘

presentation ICT roal in 21st century education

MINDCTI Revenue Release Quarter One 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Why Teams call analytics are critical to your entire business

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Boost Fertility New Invention Ups Success Rates.pdf

Axa Assurance Maroc - Insurer Innovation Award 2024

Strategies for Landing an Oracle DBA Job as a Fresher

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

How to Troubleshoot Apps for the Modern Connected Worker

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Boost PC performance: How more available memory can improve productivity

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

GenAI Risks & Security Meetup 01052024.pdf

Scaling API-first – The story of a global engineering organization

Artificial Intelligence: Facts and Myths

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

ISO 27001 A8 Asset Management

1. iFour ConsultancyISO 27001 – A8 Asset Management

2.  Anything that has value to the organization Asset ISO for Software application development India Assets Software & Hardware Infrastructure Information People

3. Risk assessment • Key element of identifying risks, together with threats and vulnerabilities. Responsibility Assignment • Defines asset owners • Assigns owners the responsibility to protect the confidentiality, integrity and availability of the information Why are assets important for information security management? ISO for Software application development India

4.  A set of business processes designed to manage the lifecycle and inventory of technology assets  It provides:  Lowers IT costs,  Reduces IT risk and  Improves productivity Asset Management

5. A8 Asset Management Clauses ISO for Software application development India • Responsibility for assets8.1 • Information Classification8.2 • Media Handling8.3

6.  To identify organizational assets and define appropriate protection responsibility 8.1.1 Inventory of Assets 8.1.2 Ownership of assets 8.1.3 Acceptable use of assets 8.1.4 Return of Assets 8.1 Responsibility for assets ISO for Software application development India

7. Controls for Responsibility for assets • Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained Inventory of Assets • Assets maintained in the inventory shall be ownedOwnership of assets • Rules for acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented Acceptable use of assets • All employees and external party users shall return all of the organizational assets in their possession upon termination of their employment, contract or agreement Return of Assets

8.  To ensure that information receives an appropriate level of protection in accordance with its importance to the organization 8.2.1 Classification of information 8.2.2 Labelling of information 8.2.3 Handling of assets 8.2 Information Classification ISO for Software application development India

9. Controls for Information Classification ISO for Software application development India • Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification Classification of information • An appropriate set of procedures for information labelling shall be developed and implemented in accordance with information classification scheme adopted by the organization Labelling of information • Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization Handling of assets

10. References http://advisera.com/27001academy/knowledgebase/how-to-handle-asset- register-asset-inventory-according-to-iso-27001/ https://en.wikipedia.org/wiki/ISO/IEC_27001:2013 ISO for Software application development India

11. Visit- http://www.ifour-consultancy.com Or http://www.ifourtechnolab.com For more details ISO for Software application development India

12. ISO for Software application development India

Hinweis der Redaktion

ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/
ISO for Software application development India - http://www.ifour-consultancy.com/

ISO 27001 A8 Asset Management

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (8)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

ISO 27001 A8 Asset Management

Hinweis der Redaktion