This is an introduction to information security. It also throws some light on Information Security Management System (ISMS) and the need of ISMS at software development companies.
URL : http://www.ifour-consultancy.com/
http://www.ifourtechnolab.com
2. Information may be considered as:
Resource
Commodity
Perception of Pattern
Constitutive force in society
'Information is an asset which, like other important business assets,
has value to an organization and consequently needs to be suitably
protected’
- BS ISO 27002:2005
What is Information
Software application development India
3. What is Information Security
The protection of information and its critical elements, including the systems
and hardware that use, store, and transmit that information
Tools, such as policy, awareness, training, education, and technology are
necessary
Software application development India
4. ISO 27002:2005 defines Information Security as the preservation
of:
Information Security (Contd)
Confidentiality
Ensuring that information is
accessible only to those
authorized to have access
Integrity
Safeguarding the accuracy and
completeness of information
and processing methods
Availability
Ensuring that authorized
users have access to
information and associated
assets when required
Software application development India
5. Information Security Management Systems (ISMS) is a systematic and structured
approach to managing information so that it remains secure.
ISMS implementation includes policies, processes, procedures, organizational
structures and software and hardware functions.
Information Security Management System (ISMS)
Software application development India
6. Increasing THREATS such as fraud, espionage, fire, flood and sabotage from a wide
range of sources
Need to look at information security from a HOLISTIC PERSPECTIVE
Systematic approach
Need of ISMS
Software application development India
7. ISO/IEC 27001:2005
Information technology — Security techniques — Information security
management systems — Requirements
ISO/IEC 27002:2005
Information technology — Security techniques — Code of practice for information
security management
ISMS standards
Software application development India
8. ISO/IEC 27001:2005 – PDCA Model
Establish ISMS
Maintain &
Improve ISMS
Implement &
operate the
ISMS
Monitor &
Review ISMS
Plan
Act Do
Check
http://cnii.cybersecurity.my/main/isms-what.html
Software application development India
9. Security Policy
Organizing Information Security
Asset Management
Human Resource Security
Physical and Environmental Security
Communications and Operations Management
Access Control
Information System Acquisition, Development & Maintenance
Information Security Incident Management
Business Continuity Management
Compliance
ISO/IEC 27002:2005 – Security Areas
http://cnii.cybersecurity.my/main/resources/ISMS.pdf
Software application development India