SlideShare ist ein Scribd-Unternehmen logo

ISO 27001 - Information Security Management System

Als PPT, PDF herunterladen
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

An introduction to ISO 27001 - Information Security Management System

Daten & Analysen
1 von 24
© 2008 Netsol Technologies, Inc. All rights reserved ISO 27001 M. Faisal Naqvi, CISSP, CISA, 27001 LA & MI, AMBCI Senior Consultant – Information Security
2 © 2008 NetSol Technologies, Inc. All rights reserved Development of ISO 27001 "family" of Standards ISO/IECISO/IEC StandardStandard DescriptionDescription 27000 Vocabulary and definitions 27001 Specification (BS7799-2) Issued Oct. 2005 27002 Code of Practice (ISO17799:2005) 27003 Implementation Guidance 27004 Metrics and Measurement 27005 Risk Management (BS 7799-3)
3 © 2008 NetSol Technologies, Inc. All rights reserved History of ISO 27001 ISO17799:2000International BS7799-1:1999 BS7799-2:1999 UK BS7799-Part 2: 2002 BS7799-1:2000 ISO17799:2005 ISO27001:2005 BS7799:1996 = copy/translation = revision
4 © 2008 NetSol Technologies, Inc. All rights reserved Harmonization Example Image courtesy of BSI America /BS-25999 PAS 99 Integrated Management
5 © 2008 NetSol Technologies, Inc. All rights reserved Country wise Certified Organizations Japan 2770 Romania 16 Bahrain 4 Yemen 2 India 426 Turkey 15 Kuwait 4 Armenia 1 UK 368 UAE 14 Norway 4 Bangladesh 1 Taiwan 183 Thailand 13 Sri Lanka 4 Belgium 1 China 161 Iceland 11 Switzerland 4 Egypt 1 Germany 108 Netherlands 11 Canada 3 Iran 1 USA 77 Singapore 11 Chile 3 Kazakhstan 1 Hungary 74 Pakistan 10 Croatia 3 Kyrgyzstan 1 Czech Republic 66 France 10 Indonesia 3 Lebanon 1 Korea 58 Russian Federation 10 Macau 3 Lithuania 1 Italy 54 Saudi Arabia 10 Peru 3 Luxembourg 1 Poland 34 Philippines 10 Portugal 3 Macedonia 1 Hong Kong 30 Mexico 8 Vietnam 3 Moldova 1 Australia 28 Colombia 7 Bulgaria 2 New Zealand 1 Ireland 26 Sweden 7 Gibraltar 2 Ukraine 1 Malaysia 26 Slovakia 6 Isle of Man 2 Uruguay 1 Spain 25 Slovenia 6 Morocco 2 Austria 21 Greece 5 Oman 2 Relative Total 4813 Brazil 20 South Africa 5 Qatar 2 Absolute Total 4803 Source: http://www.iso27001certificates.com on September 25, 2008
6 © 2008 NetSol Technologies, Inc. All rights reserved ISO 27001  Not a technical standard  Not product or technology driven  Not an equipment evaluation methodology such as the Common Criteria/ISO 15408 But may require utilization of a Common Criteria Equipment Assurance Level (EAL)
7 © 2008 NetSol Technologies, Inc. All rights reserved Information Security Management System  Information System Security Security of Information Systems/Computers  Information Security System Any form of Information, Soft / Hard
8 © 2008 NetSol Technologies, Inc. All rights reserved Strength of Overall Security  Strength of Overall state-of-the-art Security is not more than its weakest element  Comprehensive Security Model in all Aspects is needed
9 © 2008 NetSol Technologies, Inc. All rights reserved  Asset= anything has value to the organization  Vulnerability= any Weakness of Asset  Threat= any possible Danger  Risk= Vulnerability exposed to Threat Risk= Vulnerability X Threat  Control= Countermeasure to reduce Risk Asset, Vulnerability, Threat, Risk & Control
10 © 2008 NetSol Technologies, Inc. All rights reserved Asset, Vulnerability, Threat, Risk
11 © 2008 NetSol Technologies, Inc. All rights reserved Control
12 © 2008 NetSol Technologies, Inc. All rights reserved ISO 27001  Deals with every possible Vulnerability and Threat to Information  11 major categories of controls/ countermeasures called domains  133 countermeasures to control Vulnerabilities and Threats
13 © 2008 NetSol Technologies, Inc. All rights reserved Vulnerabilities 11 Domains of ISO 27001 1. Security Policy 2. InfoSec Organization 3. Asset Mgmt. 4. HR Security 5. Physical & Environment Security 6. Comm & Opr Mgmt 7. Access Control 8. Info Sys Dev. & Maintenance 9. InfoSec Incident Mgmt 10. Business Continuity Mgmt 11. Compliance INFORMATION Availability Integrity Confidentiality Threats Threats
14 © 2008 NetSol Technologies, Inc. All rights reserved ISO-27001 Domains & Controls S. No. Domain Controls 1 Security Policy 2 2 Organization of Information Security 11 3 Asset Management 5 4 Human Resources Security 9 5 Physical and Environmental Security 13 6 Communications and Operations Management 32 7 Access Control 25 8 Information Systems Acquisition, Development and Maintenance 16 9 Information Security Incident Management 5 10 Business Continuity Management 5 11 Compliance 10 Total 133
15 © 2008 NetSol Technologies, Inc. All rights reserved Why Policies & Standards? Information Attacks through Technology: Virus, Worm, Trojan (D-)DOS attacks SQL injection Buffer overflow Brute force attack Password cracking Attacks through People: Abuse of Privileges Social Engineering Physical access to bypass controls Misuse of Systems Password guessing Theft of laptops / Storage media
16 © 2008 NetSol Technologies, Inc. All rights reserved Policy Organization of Information Security Asset Mgmt. Access Ctrl Compliance InfoSec Incident Mgmt HR Security Biz Continuity Mgmt Info Systems Acquisition, Dev & Maintenance Comm. & Operations Mgmt Physical & Env Security Management Operations Domain Area
17 © 2008 NetSol Technologies, Inc. All rights reserved Plan-Do-Check-Act (PDCA) Interested parties Interested parties Establish the ISMS Plan Implement and operate the ISMS Do Maintain and improve the ISMS Act Monitor and review the ISMS Check Information security requirements and expectations Managed information security
18 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Establish the ISMS  Scope of the ISMS  ISMS policy (objectives, requirements)  Systematic approach to risk management  Risks Identification  Risks Assessment  Risks Evaluation & treatment  Control objectives and controls for risks treatment  Statement of Applicability  Management approval for residual risks  Authorization to implement and operate
19 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Implement and operate the ISMS  Formulate a risk treatment plan  Implement the risk treatment plan  Implement the controls selected  Implement training and awareness programs  Manage operations  Manage resources  Implement procedures and controls to detect and response to security incidents
20 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Monitor and review the ISMS  Execute monitoring procedures  Undertake regular reviews  Review, level of residual risk  Conduct internal audits  Undertake a management review  Record actions and events
21 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Maintain and improve the ISMS  Implement the identified improvements  Take appropriate corrective and preventive actions  Communicate results  Ensure effectiveness
22 © 2008 NetSol Technologies, Inc. All rights reserved Documentation Requirements  Policies  Objectives  Scope  Procedures  Controls  risk assessment methodologies  risk treatment plan.  Documents protection and control
23 © 2008 NetSol Technologies, Inc. All rights reserved ISO 27001 Management Framework
24 © 2008 NetSol Technologies, Inc. All rights reserved Management Responsibilities  Commitment:  Establishment  Implementation  Operation  Monitoring  Review  Maintenance  and Improvement of the ISMS  Resource management  Training, Awareness and Competence  Internal Audit  Review of the ISMS

Empfohlen

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 

Empfohlen

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
Iso 27001
Iso 27001Iso 27001
Iso 27001Adam Miller
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 ChecklistCraig Willetts ISO Expert
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 

Weitere ähnliche Inhalte

Was ist angesagt?

Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 

Was ist angesagt? (20)

Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Iso 27001
Iso 27001Iso 27001
Iso 27001
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 

Andere mochten auch

ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooMaxime Chambreuil
 
The History of Security Standards and Norms - OverView
The History of Security Standards and Norms - OverViewThe History of Security Standards and Norms - OverView
The History of Security Standards and Norms - OverViewJairo Willian Pereira
 
Handover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi Arabia
Handover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi ArabiaHandover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi Arabia
Handover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi ArabiaSamir Ahmed
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramFRSecure
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Nicholas Davis
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Par-Tec S.p.A.
 
Email Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An AppetizerEmail Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An AppetizerDavid Ochel
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...iFour Consultancy
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 

Andere mochten auch (20)

ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with Odoo
 
The History of Security Standards and Norms - OverView
The History of Security Standards and Norms - OverViewThe History of Security Standards and Norms - OverView
The History of Security Standards and Norms - OverView
 
Handover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi Arabia
Handover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi ArabiaHandover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi Arabia
Handover of ISO 27001 Certificate to Ministry of Labour, Kingdom of Saudi Arabia
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-system
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
 
Email Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An AppetizerEmail Security with OpenPGP - An Appetizer
Email Security with OpenPGP - An Appetizer
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
 

Ähnlich wie ISO 27001 - Information Security Management System

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfJhonGIg
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterOperational Excellence Consulting
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Eric hibbard storage-security_the-standard
Eric hibbard storage-security_the-standardEric hibbard storage-security_the-standard
Eric hibbard storage-security_the-standardcrisalvarezrodriguez
 

Ähnlich wie ISO 27001 - Information Security Management System (20)

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standards
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Eric hibbard storage-security_the-standard
Eric hibbard storage-security_the-standardEric hibbard storage-security_the-standard
Eric hibbard storage-security_the-standard
 

Mehr von Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master

Mehr von Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master (12)

Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
 
E commerce Security for end Users
E commerce Security for end UsersE commerce Security for end Users
E commerce Security for end Users
 
Role of Certification Authority in E-Commerce
Role of Certification Authority in E-CommerceRole of Certification Authority in E-Commerce
Role of Certification Authority in E-Commerce
 
Online Security
Online SecurityOnline Security
Online Security
 
Application Security
Application SecurityApplication Security
Application Security
 
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
Cryptography Simplified - Symmetric Key, Public Key, PKI, Digital Signature, ...
 
Information Security Challenges & Opportunities
Information Security Challenges & OpportunitiesInformation Security Challenges & Opportunities
Information Security Challenges & Opportunities
 
Recent PCI Hacks
Recent PCI HacksRecent PCI Hacks
Recent PCI Hacks
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & ControlAsset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
 
Response To Criticism On E Crime Law
Response To Criticism On E Crime LawResponse To Criticism On E Crime Law
Response To Criticism On E Crime Law
 

Kürzlich hochgeladen

👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...karishmasinghjnh
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
hybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptxhybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptx9to5mart
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...amitlee9823
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...amitlee9823
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...amitlee9823
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsJoseMangaJr1
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKTimothy Spann
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...amitlee9823
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 

Kürzlich hochgeladen (20)

👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
👉 Amritsar Call Girl 👉📞 6367187148 👉📞 Just📲 Call Ruhi Call Girl Phone No Amri...
 
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night StandCall Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Hsr Layout ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
hybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptxhybrid Seed Production In Chilli & Capsicum.pptx
hybrid Seed Production In Chilli & Capsicum.pptx
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
 
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
➥🔝 7737669865 🔝▻ mahisagar Call-girls in Women Seeking Men 🔝mahisagar🔝 Esc...
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter Lessons
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 

ISO 27001 - Information Security Management System

  • 1. © 2008 Netsol Technologies, Inc. All rights reserved ISO 27001 M. Faisal Naqvi, CISSP, CISA, 27001 LA & MI, AMBCI Senior Consultant – Information Security
  • 2. 2 © 2008 NetSol Technologies, Inc. All rights reserved Development of ISO 27001 "family" of Standards ISO/IECISO/IEC StandardStandard DescriptionDescription 27000 Vocabulary and definitions 27001 Specification (BS7799-2) Issued Oct. 2005 27002 Code of Practice (ISO17799:2005) 27003 Implementation Guidance 27004 Metrics and Measurement 27005 Risk Management (BS 7799-3)
  • 3. 3 © 2008 NetSol Technologies, Inc. All rights reserved History of ISO 27001 ISO17799:2000International BS7799-1:1999 BS7799-2:1999 UK BS7799-Part 2: 2002 BS7799-1:2000 ISO17799:2005 ISO27001:2005 BS7799:1996 = copy/translation = revision
  • 4. 4 © 2008 NetSol Technologies, Inc. All rights reserved Harmonization Example Image courtesy of BSI America /BS-25999 PAS 99 Integrated Management
  • 5. 5 © 2008 NetSol Technologies, Inc. All rights reserved Country wise Certified Organizations Japan 2770 Romania 16 Bahrain 4 Yemen 2 India 426 Turkey 15 Kuwait 4 Armenia 1 UK 368 UAE 14 Norway 4 Bangladesh 1 Taiwan 183 Thailand 13 Sri Lanka 4 Belgium 1 China 161 Iceland 11 Switzerland 4 Egypt 1 Germany 108 Netherlands 11 Canada 3 Iran 1 USA 77 Singapore 11 Chile 3 Kazakhstan 1 Hungary 74 Pakistan 10 Croatia 3 Kyrgyzstan 1 Czech Republic 66 France 10 Indonesia 3 Lebanon 1 Korea 58 Russian Federation 10 Macau 3 Lithuania 1 Italy 54 Saudi Arabia 10 Peru 3 Luxembourg 1 Poland 34 Philippines 10 Portugal 3 Macedonia 1 Hong Kong 30 Mexico 8 Vietnam 3 Moldova 1 Australia 28 Colombia 7 Bulgaria 2 New Zealand 1 Ireland 26 Sweden 7 Gibraltar 2 Ukraine 1 Malaysia 26 Slovakia 6 Isle of Man 2 Uruguay 1 Spain 25 Slovenia 6 Morocco 2 Austria 21 Greece 5 Oman 2 Relative Total 4813 Brazil 20 South Africa 5 Qatar 2 Absolute Total 4803 Source: http://www.iso27001certificates.com on September 25, 2008
  • 6. 6 © 2008 NetSol Technologies, Inc. All rights reserved ISO 27001  Not a technical standard  Not product or technology driven  Not an equipment evaluation methodology such as the Common Criteria/ISO 15408 But may require utilization of a Common Criteria Equipment Assurance Level (EAL)
  • 7. 7 © 2008 NetSol Technologies, Inc. All rights reserved Information Security Management System  Information System Security Security of Information Systems/Computers  Information Security System Any form of Information, Soft / Hard
  • 8. 8 © 2008 NetSol Technologies, Inc. All rights reserved Strength of Overall Security  Strength of Overall state-of-the-art Security is not more than its weakest element  Comprehensive Security Model in all Aspects is needed
  • 9. 9 © 2008 NetSol Technologies, Inc. All rights reserved  Asset= anything has value to the organization  Vulnerability= any Weakness of Asset  Threat= any possible Danger  Risk= Vulnerability exposed to Threat Risk= Vulnerability X Threat  Control= Countermeasure to reduce Risk Asset, Vulnerability, Threat, Risk & Control
  • 10. 10 © 2008 NetSol Technologies, Inc. All rights reserved Asset, Vulnerability, Threat, Risk
  • 11. 11 © 2008 NetSol Technologies, Inc. All rights reserved Control
  • 12. 12 © 2008 NetSol Technologies, Inc. All rights reserved ISO 27001  Deals with every possible Vulnerability and Threat to Information  11 major categories of controls/ countermeasures called domains  133 countermeasures to control Vulnerabilities and Threats
  • 13. 13 © 2008 NetSol Technologies, Inc. All rights reserved Vulnerabilities 11 Domains of ISO 27001 1. Security Policy 2. InfoSec Organization 3. Asset Mgmt. 4. HR Security 5. Physical & Environment Security 6. Comm & Opr Mgmt 7. Access Control 8. Info Sys Dev. & Maintenance 9. InfoSec Incident Mgmt 10. Business Continuity Mgmt 11. Compliance INFORMATION Availability Integrity Confidentiality Threats Threats
  • 14. 14 © 2008 NetSol Technologies, Inc. All rights reserved ISO-27001 Domains & Controls S. No. Domain Controls 1 Security Policy 2 2 Organization of Information Security 11 3 Asset Management 5 4 Human Resources Security 9 5 Physical and Environmental Security 13 6 Communications and Operations Management 32 7 Access Control 25 8 Information Systems Acquisition, Development and Maintenance 16 9 Information Security Incident Management 5 10 Business Continuity Management 5 11 Compliance 10 Total 133
  • 15. 15 © 2008 NetSol Technologies, Inc. All rights reserved Why Policies & Standards? Information Attacks through Technology: Virus, Worm, Trojan (D-)DOS attacks SQL injection Buffer overflow Brute force attack Password cracking Attacks through People: Abuse of Privileges Social Engineering Physical access to bypass controls Misuse of Systems Password guessing Theft of laptops / Storage media
  • 16. 16 © 2008 NetSol Technologies, Inc. All rights reserved Policy Organization of Information Security Asset Mgmt. Access Ctrl Compliance InfoSec Incident Mgmt HR Security Biz Continuity Mgmt Info Systems Acquisition, Dev & Maintenance Comm. & Operations Mgmt Physical & Env Security Management Operations Domain Area
  • 17. 17 © 2008 NetSol Technologies, Inc. All rights reserved Plan-Do-Check-Act (PDCA) Interested parties Interested parties Establish the ISMS Plan Implement and operate the ISMS Do Maintain and improve the ISMS Act Monitor and review the ISMS Check Information security requirements and expectations Managed information security
  • 18. 18 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Establish the ISMS  Scope of the ISMS  ISMS policy (objectives, requirements)  Systematic approach to risk management  Risks Identification  Risks Assessment  Risks Evaluation & treatment  Control objectives and controls for risks treatment  Statement of Applicability  Management approval for residual risks  Authorization to implement and operate
  • 19. 19 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Implement and operate the ISMS  Formulate a risk treatment plan  Implement the risk treatment plan  Implement the controls selected  Implement training and awareness programs  Manage operations  Manage resources  Implement procedures and controls to detect and response to security incidents
  • 20. 20 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Monitor and review the ISMS  Execute monitoring procedures  Undertake regular reviews  Review, level of residual risk  Conduct internal audits  Undertake a management review  Record actions and events
  • 21. 21 © 2008 NetSol Technologies, Inc. All rights reserved PDCA Maintain and improve the ISMS  Implement the identified improvements  Take appropriate corrective and preventive actions  Communicate results  Ensure effectiveness
  • 22. 22 © 2008 NetSol Technologies, Inc. All rights reserved Documentation Requirements  Policies  Objectives  Scope  Procedures  Controls  risk assessment methodologies  risk treatment plan.  Documents protection and control
  • 23. 23 © 2008 NetSol Technologies, Inc. All rights reserved ISO 27001 Management Framework
  • 24. 24 © 2008 NetSol Technologies, Inc. All rights reserved Management Responsibilities  Commitment:  Establishment  Implementation  Operation  Monitoring  Review  Maintenance  and Improvement of the ISMS  Resource management  Training, Awareness and Competence  Internal Audit  Review of the ISMS

Hinweis der Redaktion

  1. <number>