SlideShare a Scribd company logo

Taking Control of Information Security

PECB
PECB

Everyday information is collected, processed, stored and transmitted in many forms including electronic, physical and verbal, within all types of organizations. All this is reached by using a huge range of devices and systems starting from personal computers, cellular phones, servers, workstations, personal digital assistants, telecommunications networks systems, industrial/process control systems, environmental control systems, etc. So, organizations are trying to achieve their missions, objectives and their business functions in very complex atmosphere. Information systems, or better say, their latest achievements are giving competitive advantages to organizations, and they are helping organizations to offer the best for their clients. However, now it is a known fact that same achievements have become serious threats of losing of functions, image, or reputation of organization.

Technology
1 of 3
Download to read offline
www.pecb.org Taking Control of Information Security
Everyday information is collected, processed, stored and transmitted in many forms including electronic, physical and verbal, within all types of organizations. All this is reached by using a huge range of devices and systems starting from personal computers, cellular phones, servers, workstations, personal digital assistants, telecommunications networks systems, industrial/process control systems, environmental control systems, etc. So, organizations are trying to achieve their missions, objectives and their business functions in very complex atmosphere. Information systems, or better say, their latest achievements are giving competitive advantages to organizations, and they are helping organizations to offer the best for their clients. However, now it is a known fact that same achievements have become serious threats of losing of functions, image, or reputation of organization. As an answer to this, it is very important that leaders and managers at all levels go beyond understanding and thinking about Information system, they have to take responsibilities and are held accountable for ensuring its confidentiality, integrity and availability. In order to achieve this, these organizations can develop a management system, basis to Information Security Management System. As a practice given by ISO 27001, ISMS presents an integrated process which can be incorporated inside the overall management structure of the organization. This management system contains the establishment, implementation, maintenance, review and improvements of an information security management system. It contains requirements about policy, roles definitions, responsibilities and authorities of each participant connected with information security. Furthermore it requires processes, procedures and organizational structures that will prevent, detect, and respond different types of threats. And, for all identified threats an organization should identify and implement controls that will mitigate risk and maintain its level in a specific alignment. In addition to this, ISO 27002 can be useful as a guideline for controls. This information security standard can be used to select information security controls, to improve security practices and to develop security guidelines and standards. It gives information security responsibilities, precise explanation of controls objectives and detailed guideline how to implement these controls. So, by using ISO 27001 an organization will have a management system that will plan, implement, monitor, review and improve information security inside the organization, while ISO 27002 can be used to put controls and their objectives for all requirements asked by ISO 27001. For every risk situation identified in ISO 27001, ISO 27002 will give a set of controls how to decrease the risks, and how to maintain it in an accepted level. 2
3 Implementation of both of these standards should be in accordance with top management, business management, auditors and IT managers, who will decide within the business context and consider the implementation cost. However, by the fact that information systems have become one of the most important engines in which the whole organization depends on, compliance with international standards will help not just to have risk identified and under control, but to strengthen customer Professional Evaluation and Certification Board (PECB) is a personnel certification body on a wide range of professional standards. It offers ISO 27001, ISO 27002, ISO 27005, ISO 20000 and ISO 22301 training and certification services for professionals wanting to support organizations on the implementation of these management systems. ISO Standards and Professional Trainings offered by PECB: • Certified Lead Implementer (5 days) • Certified Lead Auditor (5 days) • Certified Foundation (2 days) • ISO Introduction (1 day) Lead Auditor, Lead Implementer and Master are certification schemes accredited by ANSI ISO/IEC 17024. Rreze Halili is the Security, Continuity and Recovery (SCR) Product Manager at PECB. She is in charge of developing and maintaining training courses related to SCR. If you have any questions, please do not hesitate to contact: scr@pecb.org. For further information, please visit www.pecb.org/en/training  Policies  Processes and Procedures  Organizational structures  Software and hardware functions 2. Establish, implement, monitor, review and improve Controls about: 1. Identify risk in ISMS and controls for risk management ISO 27001 ISO 27002 Annex A of ISO 27001

Recommended

Iso 27001 lead auditor training
Iso 27001 lead auditor trainingIso 27001 lead auditor training
Iso 27001 lead auditor training
Ãsħâr Ãâlâm
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
NA Putra
 
Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...
Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...
Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...
himalya sharma
 
ISO.IEC 27000 Series Map
ISO.IEC 27000 Series MapISO.IEC 27000 Series Map
ISO.IEC 27000 Series Map
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
n|u - The Open Security Community
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
AHM Pervej Kabir
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
IndependentCertificationServices
 
ISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist Questions
ISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist QuestionsISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist Questions
ISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist Questions
himalya sharma
 

Recommended

Iso 27001 lead auditor training
Iso 27001 lead auditor trainingIso 27001 lead auditor training
Iso 27001 lead auditor training
Ãsħâr Ãâlâm
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
NA Putra
 
Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...
Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...
Cloud Computing | Cloud Security | Cloud Computing Audit Checklist | 499 Chec...
himalya sharma
 
ISO.IEC 27000 Series Map
ISO.IEC 27000 Series MapISO.IEC 27000 Series Map
ISO.IEC 27000 Series Map
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
n|u - The Open Security Community
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
AHM Pervej Kabir
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
IndependentCertificationServices
 
ISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist Questions
ISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist QuestionsISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist Questions
ISO 27001 Checklist - Management Review - Clause 9.3 - 59 checklist Questions
himalya sharma
 
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCALead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
myTectra Learning Solutions Private Ltd
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006
Khawar Nehal khawar.nehal@atrc.net.pk
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist QuestionsISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
himalya sharma
 
ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...
ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...
ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...
himalya sharma
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
NQA
 
ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...
ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...
ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...
himalya sharma
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
himalya sharma
 
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist QuestionsISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
himalya sharma
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
Lloyd's Register Quality Assurance Nederland
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learned
Jisc
 
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
himalya sharma
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap Guide
NQA
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005
Fuangwith Sopharath
 
ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
A-lign
 
Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
Daryl Conson
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
Jim Geovedi
 

More Related Content

What's hot

Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
NQA
 
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
himalya sharma
 

What's hot (20)

Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCALead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist QuestionsISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
 
ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...
ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...
ISO 27001 Checklist - Documented Information - Clause 7.5 - 45 checklist Ques...
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...
ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...
ISO 27001 Checklist - Continual Improvement - Clause 10.2 - 63 checklist Que...
 
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
ISO 27001 checklist - Leadership and Commitment - clause 5.1 - 70 checklist Q...
 
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist QuestionsISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
ISO 27001 Checklist - ISMS Scope - Clause 4.3 - 38 checklist Questions
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learned
 
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
ISO 27001 Checklist - information Security risk management- clause 6.1.1, 6.1...
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap Guide
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005
 
ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
 

Viewers also liked

Information system and security control
Information system and security controlInformation system and security control
Information system and security control
Cheng Olayvar
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
Biswajit Bhattacharjee
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 

Viewers also liked (11)

Security and Control Issues in Information System
Security and Control Issues in Information SystemSecurity and Control Issues in Information System
Security and Control Issues in Information System
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Security threats
Security threatsSecurity threats
Security threats
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Accelerator Enduring Challenge Competition Launch Opening Session
Accelerator Enduring Challenge Competition Launch Opening SessionAccelerator Enduring Challenge Competition Launch Opening Session
Accelerator Enduring Challenge Competition Launch Opening Session
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 

Similar to Taking Control of Information Security

Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 

Similar to Taking Control of Information Security (20)

A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
iso 27001 certification
iso 27001 certificationiso 27001 certification
iso 27001 certification
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .ppt
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONS
 
Key Features of ISO 27001
Key Features of ISO 27001Key Features of ISO 27001
Key Features of ISO 27001
 
ISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.pptISO 27001 certification cost in Bangalore.ppt
ISO 27001 certification cost in Bangalore.ppt
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
 
ISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.ppt
 
ISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).ppt
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).ppt
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Iso 27001 certification in oman
Iso 27001 certification in omanIso 27001 certification in oman
Iso 27001 certification in oman
 
Iso 27001 isms - white paper
Iso 27001 isms - white paperIso 27001 isms - white paper
Iso 27001 isms - white paper
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 27001 certification in Bangalore-eas.ppt
ISO 27001 certification in Bangalore-eas.pptISO 27001 certification in Bangalore-eas.ppt
ISO 27001 certification in Bangalore-eas.ppt
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Taking Control of Information Security

  • 1. www.pecb.org Taking Control of Information Security
  • 2. Everyday information is collected, processed, stored and transmitted in many forms including electronic, physical and verbal, within all types of organizations. All this is reached by using a huge range of devices and systems starting from personal computers, cellular phones, servers, workstations, personal digital assistants, telecommunications networks systems, industrial/process control systems, environmental control systems, etc. So, organizations are trying to achieve their missions, objectives and their business functions in very complex atmosphere. Information systems, or better say, their latest achievements are giving competitive advantages to organizations, and they are helping organizations to offer the best for their clients. However, now it is a known fact that same achievements have become serious threats of losing of functions, image, or reputation of organization. As an answer to this, it is very important that leaders and managers at all levels go beyond understanding and thinking about Information system, they have to take responsibilities and are held accountable for ensuring its confidentiality, integrity and availability. In order to achieve this, these organizations can develop a management system, basis to Information Security Management System. As a practice given by ISO 27001, ISMS presents an integrated process which can be incorporated inside the overall management structure of the organization. This management system contains the establishment, implementation, maintenance, review and improvements of an information security management system. It contains requirements about policy, roles definitions, responsibilities and authorities of each participant connected with information security. Furthermore it requires processes, procedures and organizational structures that will prevent, detect, and respond different types of threats. And, for all identified threats an organization should identify and implement controls that will mitigate risk and maintain its level in a specific alignment. In addition to this, ISO 27002 can be useful as a guideline for controls. This information security standard can be used to select information security controls, to improve security practices and to develop security guidelines and standards. It gives information security responsibilities, precise explanation of controls objectives and detailed guideline how to implement these controls. So, by using ISO 27001 an organization will have a management system that will plan, implement, monitor, review and improve information security inside the organization, while ISO 27002 can be used to put controls and their objectives for all requirements asked by ISO 27001. For every risk situation identified in ISO 27001, ISO 27002 will give a set of controls how to decrease the risks, and how to maintain it in an accepted level. 2
  • 3. 3 Implementation of both of these standards should be in accordance with top management, business management, auditors and IT managers, who will decide within the business context and consider the implementation cost. However, by the fact that information systems have become one of the most important engines in which the whole organization depends on, compliance with international standards will help not just to have risk identified and under control, but to strengthen customer Professional Evaluation and Certification Board (PECB) is a personnel certification body on a wide range of professional standards. It offers ISO 27001, ISO 27002, ISO 27005, ISO 20000 and ISO 22301 training and certification services for professionals wanting to support organizations on the implementation of these management systems. ISO Standards and Professional Trainings offered by PECB: • Certified Lead Implementer (5 days) • Certified Lead Auditor (5 days) • Certified Foundation (2 days) • ISO Introduction (1 day) Lead Auditor, Lead Implementer and Master are certification schemes accredited by ANSI ISO/IEC 17024. Rreze Halili is the Security, Continuity and Recovery (SCR) Product Manager at PECB. She is in charge of developing and maintaining training courses related to SCR. If you have any questions, please do not hesitate to contact: scr@pecb.org. For further information, please visit www.pecb.org/en/training  Policies  Processes and Procedures  Organizational structures  Software and hardware functions 2. Establish, implement, monitor, review and improve Controls about: 1. Identify risk in ISMS and controls for risk management ISO 27001 ISO 27002 Annex A of ISO 27001