Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
iFour ConsultancyClause 6.1.3 & Clause 6.2
 Risk management process
 Clause 6.1.3 : Risk treatment process
 Risk treatment strategies
 Clause 6.2 : Information s...
Risk management process
Custom eCommerce Developers
http://www.ifourtechnolab.com
Clause 6.1.3 Information Security Risk Treatment
Organization should define and apply an information security risk treatm...
 Select appropriate information security risk treatment options by taking account of
the risk assessment results
 Determ...
Risk treatment process (Continued)
 Produce a Statement Of Applicability(SoA) that contains the necessary
controls and ju...
 Risks can be treated in four ways:
 Risk Acceptance
 Risk Reduction
 Risk Transference
 Risk Avoidance
Risk Treatmen...
 Risk Acceptance:
Risks are acceptable with current controls
 Risk Reduction:
Risks are reduced by implementing additi...
Documented Information for Clause 6.1.3
Organization should retain documented information about the information
security ...
Organization shall establish information security objectives at relevant
functions and levels.
Information security obje...
 Be consistent with information security policy
 Be measurable
 Be communicated
 Be updated as appropriate
 Take into...
 Organization shall determine following information to achieve information security
objectives:
What will be done
What ...
 Organization shall retain documented information on the information security
objectives.
 Information security objectiv...
References
http://www.slideshare.net/null0x00/iso-27001-2013-changes
http://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27...
iFour Consultancy Services
 Visit this website for more details:
http://www.ifourtechnolab.com
THANK YOU!!!
Custom eComm...
Nächste SlideShare
Wird geladen in …5
×

Clause 6.1.3 & clause 6.2 - by software outsourcing company in India

This presentation narrate about clause 6.1.3 and clause 6.2 by software outsourcing company in India
http://www.ifourtechnolab.com/

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Clause 6.1.3 & clause 6.2 - by software outsourcing company in India

  1. 1. iFour ConsultancyClause 6.1.3 & Clause 6.2
  2. 2.  Risk management process  Clause 6.1.3 : Risk treatment process  Risk treatment strategies  Clause 6.2 : Information security objectives  References Contents Custom eCommerce Developers http://www.ifourtechnolab.com
  3. 3. Risk management process Custom eCommerce Developers http://www.ifourtechnolab.com
  4. 4. Clause 6.1.3 Information Security Risk Treatment Organization should define and apply an information security risk treatment process, implementation and operation. Responds to risks evaluated in Clause 6.1.2(e) i.e. evaluation of information security risks of ISO 27001:2013. Documents all information related to this risk treatment process as Risk Treatment Plan (RTP). Custom eCommerce Developers http://www.ifourtechnolab.com
  5. 5.  Select appropriate information security risk treatment options by taking account of the risk assessment results  Determine all controls that are necessary to implement the information security risk treatment options chosen above  Compare the controls determined in above step with those in Annexure A of ISO 27001:2013  Verify that no necessary controls have been omitted Risk treatment process Custom eCommerce Developers http://www.ifourtechnolab.com
  6. 6. Risk treatment process (Continued)  Produce a Statement Of Applicability(SoA) that contains the necessary controls and justification for inclusions Assess whether necessary controls listed in Annexure A of ISO 27001:2013 are implemented or not Provide justification for exclusions of controls from Annexure A of ISO 27001:2013 Formulate information security risk treatment plan (RTP) Obtain risk owner’s approval of RTP and acceptance of the residual information security risks Custom eCommerce Developers http://www.ifourtechnolab.com
  7. 7.  Risks can be treated in four ways:  Risk Acceptance  Risk Reduction  Risk Transference  Risk Avoidance Risk Treatment Strategies Custom eCommerce Developers http://www.ifourtechnolab.com
  8. 8.  Risk Acceptance: Risks are acceptable with current controls  Risk Reduction: Risks are reduced by implementing additional controls  Risk Avoidance: Risks can not be reduced with current controls and risks are not accepted  Risk Transference: Risks are transferred to other third parties Risk Treatment Options Custom eCommerce Developers http://www.ifourtechnolab.com
  9. 9. Documented Information for Clause 6.1.3 Organization should retain documented information about the information security risk treatment process. Information about risk treatment process is documented in two ways:  Risk Treatment Plan  Statement of Applicability Custom eCommerce Developers http://www.ifourtechnolab.com
  10. 10. Organization shall establish information security objectives at relevant functions and levels. Information security objectives primarily concerns with: Confidentiality Integrity Availability Clause 6.2 : Information Security Objectives Confidentiality Integrity Availability Custom eCommerce Developers http://www.ifourtechnolab.com
  11. 11.  Be consistent with information security policy  Be measurable  Be communicated  Be updated as appropriate  Take into account applicable information security requirements and results from risk assessment and risk treatment Information Security Objectives Characteristics Custom eCommerce Developers http://www.ifourtechnolab.com
  12. 12.  Organization shall determine following information to achieve information security objectives: What will be done What resources will be required Who will be responsible When it will be completed How the results will be evaluated Information Security Objectives Requirements Custom eCommerce Developers http://www.ifourtechnolab.com
  13. 13.  Organization shall retain documented information on the information security objectives.  Information security objectives are documented and should be complied with information security policies.  Confidentiality, Integrity and Availability of information is documented to secure information assets. Documented information for Clause 6.2 Custom eCommerce Developers http://www.ifourtechnolab.com
  14. 14. References http://www.slideshare.net/null0x00/iso-27001-2013-changes http://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27001/resources/BSI- ISO27001-transition-guide-UK-EN-pdf.pdf https://en.wikipedia.org/wiki/ISO/IEC_27001:2013 http://www.iso27001security.com/html/27001.html Custom eCommerce Developers http://www.ifourtechnolab.com
  15. 15. iFour Consultancy Services  Visit this website for more details: http://www.ifourtechnolab.com THANK YOU!!! Custom eCommerce Developers http://www.ifourtechnolab.com

×