Your SlideShare is downloading. ×
0
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
What is ISO 27001 ISMS
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

What is ISO 27001 ISMS

4,715

Published on

ISO 27001 is a well-recognized international industry standard for benchmarking Information Security Management Systems (ISMS).

ISO 27001 is a well-recognized international industry standard for benchmarking Information Security Management Systems (ISMS).

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,715
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
842
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. What is ISO 27001 ISMS?1Business Beam (Pvt.) Limited
  • 2. What is ISO 27001 ISMS?ContentsCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS
  • 3. What is ISO 27001 ISMS?Your information is your asset!3Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 4. What is ISO 27001 ISMS?Information is an AssetCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.4Information isthe lifeblood forour personalactivities as wellas for businessorganizations
  • 5. What is ISO 27001 ISMS?What is Information?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.5 Information is data that has been processed intoa suitable form for a final user Information is the outcome of the processeddata
  • 6. What is ISO 27001 ISMS?Information & BusinessCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.6For a business,Information is avaluable resource,just as much ascapitalinfrastructure andpeopleInformation iscollected on anyamount of differentitems and used bymanagers to makestrategic decisionsconcerning theorganisationAll informationrelated toorganizations’internal & externalenvironment is anAsset
  • 7. What is ISO 27001 ISMS?Why Information is an Asset?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.7Because information is recognized as valuableto the organization and has a certain valueInformation is also a commodity and as such,has a monetary value, the level of whichdepends on its accuracy & potential useInformation helps in present & future decisionmaking based on past trends, market research& analysis, keeping an eye on competitors andcomply to regulators’ requirements etc
  • 8. What is ISO 27001 ISMS?Types of information availablewithin an organizationCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.8 Information can exist in many forms. It can be printed orwritten on paper, stored electronically, transmitted bypost or by using electronic means, shown on films, orspoken in conversation. It may include: Market trends Buying preferences Customer profiles Financial & Accounting records Current & future business plans Policies, published material etc Trade Secrets Partners Regulators Employees
  • 9. What is ISO 27001 ISMS?What’s next?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.9Like other important business assets,information is essential to anorganization’sbusiness and consequently needs to besuitably protected!
  • 10. What is ISO 27001 ISMS?The need for Information Security10Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 11. What is ISO 27001 ISMS?What is Information Security?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.11 “Information security protects information from awide range of threats in order to ensure businesscontinuity, minimize business damage andmaximize ROI and business opportunities”.
  • 12. What is ISO 27001 ISMS?Need of Information SecurityCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.12With an increasein the use ofexternal serviceproviders and theadoption of newtechnologies,companies areincreasinglygetting exposed tosecurity breachthreatsIn fact, 60% ofrespondentsperceived anincrease in thelevel of risk theyface due to the useof socialnetworking, cloudcomputing andpersonal devicesin theirenterprisesAccording to asurvey, companiesare taking aproactive stanceas 46%companiesindicated thattheir annualinvestment ininformationsecurity isincreasingThough ITprofessionals aretrying, but not allare succeeding inkeeping up withnew challenges &threats
  • 13. What is ISO 27001 ISMS?What is information Security?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.13Protecting information andinformation systems fromunauthorized access, use,disclosure, disruption,modification or destructionProtection of information fromaccidental or intentional misuseby persons inside or outside theorganization
  • 14. What is ISO 27001 ISMS?Components of Information SecurityCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.14
  • 15. What is ISO 27001 ISMS?Information Security in NetworkedEconomyCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.15AuthenticityNon-repudiationBusinesstransactions as wellas informationexchanges betweenenterprise locationsor with partnerscan be trusted
  • 16. What is ISO 27001 ISMS?Consequences of InformationSecurity BreachesCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.16The range of undesirable consequences associated withbreaches of information security is long and includes:• Systems being unavailable• Bad publicity and embarrassment• Fraud• Data damage and loss• Corporate espionage etc .
  • 17. What is ISO 27001 ISMS?About ISO 27001 ISMS17Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 18. What is ISO 27001 ISMS?What is ISMS?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.18 “Information Security Management System is that partof the overall management system, based on abusiness risk approach, to establish, implement,operate, monitor, review, maintain and improveinformation security.”NOTE: The management system includes organisationalstructure, policies, planning activities, responsibilities,practices, procedures, processes and resources.
  • 19. What is ISO 27001 ISMS?What is ISO 27001 ISMS?Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.19 ISO 27001:2005 – Information Security ManagementSystem (ISMS) requirements ISO 27002:2007 – Code of Practice for InformationSecurity Management The Standard: Provides strategic and tactical direction Recognizes that Information Security is a Management issue Non-technical Structured similar to ISO 9001 and ISO 14001 Easy Integration
  • 20. What is ISO 27001 ISMS?History of ISO27001Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.201992 1993 1994 1995 1996 1997 1998 1999 2005200220012000DTI-CCSCIndustrycodeofpracticeBSIcodeofpracticeBS7799Part1:1998BS7799Part2:1999ISO/IEC17799:2000BS7799:2002ISO/IEC17799ISO/IEC27001ISO/IEC270022007
  • 21. What is ISO 27001 ISMS?Structure of ISO 27001Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.21 11 Information Security Control Areas 39 Information Security Control Objectives 134 Information Security Controls11 Control Areas:1. Security Policy2. Organization of InformationSecurity3. Asset Management4. Human Resource Security5. Physical & EnvironmentalSecurity6. Communication andOperation Management7. Access Control8. Information systemsacquisition, developmentand maintenance9. Information SecurityIncident Management10.Business ContinuityManagement11.CompliancePlanEstablishISMSDoImplement& OperateISMSCheckMonitor &ReviewISMSActMaintain &ImproveISMSInterestedPartiesInfo Secrequirements &expectationsInterestedPartiesManagedInformationSecurity
  • 22. What is ISO 27001 ISMS?ISO 27001 – Important SectionsCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.22 Section 4: Requirements Establishing and managing the ISMS Quality controls Section 5: Management Responsibility Management Commitment Resource Management Section 6: Internal ISMS Audit Section 7: Management review of the ISMS Review input Review output Section 8: ISMS Improvement Continual improvement Corrective actions Preventive actions
  • 23. What is ISO 27001 ISMS?ISO 27001 – Annex ACopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.23 Organization of Annex A 11 control areas 39 control objectives 134 controls Management controls Technical controls Annex A is auditable!
  • 24. What is ISO 27001 ISMS?ISO 27001 – Annex A (details)Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.24 A.5 – Security Policy A.6 – Organization of Information Security A.7 – Asset Management A.8 – Human Resource Security A.9 – Physical & Environmental Security A.10 – Communication and Operation Management A.11 – Access Control A.12 – Information systems acquisition, developmentand maintenance A.13 – Information Security Incident Management A.14 – Business Continuity Management A.15 – Compliance
  • 25. What is ISO 27001 ISMS?Benefits of ISO 27001 ISMS25Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 26. What is ISO 27001 ISMS?Direct Benefits Increased reliability andsecurity of systems Increased profits Cost effective & consistentinformation security Systems rationalization Compliance with legislation26Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 27. What is ISO 27001 ISMS?Direct benefitsIncreased Reliability & Security ofSystems27 Most of the business organizationsnowadays are reliant onsophisticated information systems ISO27K outlines controls targetingbusiness systems availability The controls reduce vulnerabilitiesfrom being exploited Post certification audits ensuresthat the business keeps up to datewith latest vulnerabilities & bestpractices It emphasizes on continualimprovement of the system whichhelps in making the system ‘reliable& updated’Copyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 28. What is ISO 27001 ISMS?Direct benefitsIncreased ProfitsCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.28 ISO 27001 increases businessprofitability from medium to longterm Clients’ perceptions about acertified company improves Clients’ feel more secure & satisfied Clients demonstrate that abusiness can be trusted Some customers prefer to tradewith companies who have arecognized security certification Ultimately, customers’ trust &growing confidence leads toincreased business profits
  • 29. What is ISO 27001 ISMS?Direct benefitsCost effective & consistent information securityCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.29 Some organizations do implementcost effective security solutions but arisk assessment under ISO 27001actually highlights their efficiency &real effectiveness The risk assessment concludes thatsome of the already implementedcontrols offer little or no businessbenefits to provide an even betterreturn off investment The risk assessment providesreconfiguration of such controls tomake them more effective & evenintroduces some additional ones aswell A non-consistency in policyframework is observed inorganizations as its everydivision/department develops itsown security guidelines ISO 27001 helps to develop aconsistent approach to security It helps in creating uniformpolicies incorporating industrybest practices A disciplinary process is alsointroduced to ensure employeecompliance with the policies foreven better results
  • 30. What is ISO 27001 ISMS?Direct benefitsSystems Rationalization30 During the establishmentphase, organizations analyzetheir information &information securityrequirements They simply just don’t do it Such analysis helps in makingrational policies and spendingmoney wiselyCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 31. What is ISO 27001 ISMS?Direct benefitsCompliance with legislations31 Implementation of ISO27001 forces to complywith all applicablelegislations on thebusiness It specially takes intoconsideration that theorganization focuses onlegalities involved in itscourse of businessspecially areas like dataprotection & copyrightCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.
  • 32. What is ISO 27001 ISMS?Indirect BenefitsCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.32 Improved managementcontrol Better human relations Improved riskmanagement &contingency planning Enhance customer andtrading partnersconfidence
  • 33. What is ISO 27001 ISMS?Indirect benefitsImproved management controlCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.33 ISO 27K emphasizes ondelegation of authority Management effort is reduced Managers have more controlover the organization They have better qualityinformation with which they canmanage their functions
  • 34. What is ISO 27001 ISMS?Indirect benefitsBetter human relationsCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.34 Clear policies, procedures & guidelines makethings easier and more understandable foremployees Certification gives an edge to the organizationover its competitors & provides it with a uniqueselling point that gives a better workingenvironment to all the staff Employees start recognizing that their earningpotential now depends on how customersperceive the company They get more cautious about their brand imageand get extra careful while dealing with theircustomers Better quality human resource is employed dueto established screening procedures
  • 35. What is ISO 27001 ISMS?Indirect benefitsImproved risk management & contingencyplanningCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.35 Through ISO 27K certification,an organization identifies itsvulnerabilities, threats &potential impact Organization gets a structuredapproach to risk management The risk assessment identifieswhich risks are more critical forthe success of the business It helps in making a businesscontinuity & DR plan whichreduces the potential exposureto financial loss or negativepublicity
  • 36. What is ISO 27001 ISMS?Indirect benefitsEnhanced customer & confidenceCopyrights (c) 2004-2013 Business Beam (Pvt.) Limited. All rights reserved.36 Helps in standing out fromthe competitors Certification provides animpression of a more trustedtrading partner which isresponsive to securitybreaches Having ISO27K logo on thecompany literature is acontinual reminder topotential & existing clientsthat we are an organizationwhich takes theconfidentiality, integrity andavailability of their & ourinformation seriously
  • 37. Thank you!37contact@businessbeam.com

×