SlideShare a Scribd company logo

A.6 organization of information security

Download as PPTX, PDF
I
ifourkhushbooshah

This presentation gives brief introduction about A6 control of ISO 27001:2013 which explains organization of information security. It is prepared by Priyank Patel. Courtesy: http://www.ifour-consultancy.com http://www.ifourtechnolab.com

Technology
1 of 14
iFour ConsultancyA6 : Organization of Information Security
 The administrative structure of the organization and its relationships with external parties must promote effective management of all aspects of information security.  Includes maintaining the security of the organization's information, its processing facilities, and any information or facilities that are accessed, processed, communicated to or managed by external parties. A.6 Organization of Information Security 1. Internal Organization 2. Mobile Devices and Teleworking Software Development Companies in India
A.6.1 Internal Organization Objective: To establish a management framework to initiate and control the implementation and operation of information security within the organization. Executive Committee Chaired by the Chief Executive Officer Audit Committee Chaired by Head of Audit Security Committee Chaired by Chief Security Officer CSO Information Security Manager Security Administration Policy & Compliance Risk & Contingency Management Security Operations Local Security Committees One per location Information Asset Owners (IAOs) Site Security Managers Security Guards Facilities Management Risk Committee Chaired by Risk Manager NOTE: This is a generic structure chart. One should replace it by one describing a particular Organization’s actual management structure for information security. Software Development Companies in India
A.6.1 Internal Organization (Conti…) A.6.1.1 Information security roles and responsibilities A.6.1.2 Segregation of duties A.6.1.3 Contact with authorities A.6.1.4 Contact with special interest groups A.6.1.5 Information security in project management Software Development Companies in India
A.6.1.1 Information Security Roles and Responsibilities Control: All information security responsibilities shall be defined and allocated. Identification of the individual/individuals responsible for security of each information facility Clear definition and identification of assets and associated security controls for each information facility  Note: Before defining and allocating responsibility to individuals company should create Organizational chart. Software Development Companies in India
A.6.1.2 Segregation of Duties Control: Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets. The first is the prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. Two Primary Objectives: Software Development Companies in India
Control: Appropriate contacts with relevant authorities shall be maintained. A.6.1.3 Contact with Authorities Following points could be included: Specification of the manner and timing in which breaches shall be communicated to external authorities so as to ensure appropriate reporting Development of procedures, policies and contact lists that specify by whom and when external authorities should be contacted Software Development Companies in India
 Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. A.6.1.4 Contact with Special Interest Groups Software Development Companies in India
Control-set out the basics of how information security should be considered as part of the overall framework of the project management with organization creation of “mini- ISMS” within the project to ensure that risks are identified and managed A.6.1.5 Information Security in Project Management Control: Information security shall be addressed in project management, regardless of the type of the project. Software Development Companies in India
A.6.2 Mobile Devices and Teleworking Objective: To ensure the security of teleworking and use of mobile devices.  Applicability Mobile Phones Desktop computers used off-premises Notebook, palmtop computers and laptop Media and portable storage devices Software Development Companies in India
A.6.2.1 Mobile Device Policy Control: A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices. Regular data backups for stored sensitive data Physical security measures Secure communication methods for transmitted data such as Virtual Private Network Updates for operating system and other software updating Access control and appropriate user authentication (biometric- based) Cryptographic methods for sensitive data Protective software such as anti-virus and others Software Development Companies in India
A.6.2.2 Teleworking Policy Control: A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites Environmental and physical security measures Policies concerning safety of private property used at the site Appropriate user access control and authentication Security measures for wireless and wired network configurations at the site Cryptographic techniques for communications from/to the site and data storage Data backup at regular intervals and security measures for those backup copies Software Development Companies in India
Management Commitments Visible support and clear direction for information security initiatives which includes providing appropriate resources for information security controls Assurance of formulation, review and approval of appropriate organization-wide information security policy; Coordination of information security efforts all over the organization, including committee(s) and designation of information security officer(s) Appropriate management controls over new information capabilities, systems and facilities including the planning for the facilities Reviews at regular intervals of the effectiveness of information security policy, including updating of the policy as needed and external review as appropriate. Software Development Companies in India
References 1. http://it.med.miami.edu/x2227.xml 2. http://it.med.miami.edu/x1771.xml 3. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rj a&uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.com 4. iFour Consultancy’s ISMS policy documentation – http://www.ifour- consultancy.com 5. http://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it- security.html Software Development Companies in India

Recommended

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 
A18 compliance
A18 complianceA18 compliance
A18 complianceifourkhushbooshah
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 

Recommended

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 
A18 compliance
A18 complianceA18 compliance
A18 complianceifourkhushbooshah
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
Professional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingProfessional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingEmblez Longoria
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"Wivenhoe Management Group
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

More Related Content

Viewers also liked

Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
Professional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingProfessional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingEmblez Longoria
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 

Viewers also liked (12)

Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
 
Professional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingProfessional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp Training
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 

Recently uploaded

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Recently uploaded (20)

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

A.6 organization of information security

  • 1. iFour ConsultancyA6 : Organization of Information Security
  • 2.  The administrative structure of the organization and its relationships with external parties must promote effective management of all aspects of information security.  Includes maintaining the security of the organization's information, its processing facilities, and any information or facilities that are accessed, processed, communicated to or managed by external parties. A.6 Organization of Information Security 1. Internal Organization 2. Mobile Devices and Teleworking Software Development Companies in India
  • 3. A.6.1 Internal Organization Objective: To establish a management framework to initiate and control the implementation and operation of information security within the organization. Executive Committee Chaired by the Chief Executive Officer Audit Committee Chaired by Head of Audit Security Committee Chaired by Chief Security Officer CSO Information Security Manager Security Administration Policy & Compliance Risk & Contingency Management Security Operations Local Security Committees One per location Information Asset Owners (IAOs) Site Security Managers Security Guards Facilities Management Risk Committee Chaired by Risk Manager NOTE: This is a generic structure chart. One should replace it by one describing a particular Organization’s actual management structure for information security. Software Development Companies in India
  • 4. A.6.1 Internal Organization (Conti…) A.6.1.1 Information security roles and responsibilities A.6.1.2 Segregation of duties A.6.1.3 Contact with authorities A.6.1.4 Contact with special interest groups A.6.1.5 Information security in project management Software Development Companies in India
  • 5. A.6.1.1 Information Security Roles and Responsibilities Control: All information security responsibilities shall be defined and allocated. Identification of the individual/individuals responsible for security of each information facility Clear definition and identification of assets and associated security controls for each information facility  Note: Before defining and allocating responsibility to individuals company should create Organizational chart. Software Development Companies in India
  • 6. A.6.1.2 Segregation of Duties Control: Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets. The first is the prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. Two Primary Objectives: Software Development Companies in India
  • 7. Control: Appropriate contacts with relevant authorities shall be maintained. A.6.1.3 Contact with Authorities Following points could be included: Specification of the manner and timing in which breaches shall be communicated to external authorities so as to ensure appropriate reporting Development of procedures, policies and contact lists that specify by whom and when external authorities should be contacted Software Development Companies in India
  • 8.  Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. A.6.1.4 Contact with Special Interest Groups Software Development Companies in India
  • 9. Control-set out the basics of how information security should be considered as part of the overall framework of the project management with organization creation of “mini- ISMS” within the project to ensure that risks are identified and managed A.6.1.5 Information Security in Project Management Control: Information security shall be addressed in project management, regardless of the type of the project. Software Development Companies in India
  • 10. A.6.2 Mobile Devices and Teleworking Objective: To ensure the security of teleworking and use of mobile devices.  Applicability Mobile Phones Desktop computers used off-premises Notebook, palmtop computers and laptop Media and portable storage devices Software Development Companies in India
  • 11. A.6.2.1 Mobile Device Policy Control: A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices. Regular data backups for stored sensitive data Physical security measures Secure communication methods for transmitted data such as Virtual Private Network Updates for operating system and other software updating Access control and appropriate user authentication (biometric- based) Cryptographic methods for sensitive data Protective software such as anti-virus and others Software Development Companies in India
  • 12. A.6.2.2 Teleworking Policy Control: A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites Environmental and physical security measures Policies concerning safety of private property used at the site Appropriate user access control and authentication Security measures for wireless and wired network configurations at the site Cryptographic techniques for communications from/to the site and data storage Data backup at regular intervals and security measures for those backup copies Software Development Companies in India
  • 13. Management Commitments Visible support and clear direction for information security initiatives which includes providing appropriate resources for information security controls Assurance of formulation, review and approval of appropriate organization-wide information security policy; Coordination of information security efforts all over the organization, including committee(s) and designation of information security officer(s) Appropriate management controls over new information capabilities, systems and facilities including the planning for the facilities Reviews at regular intervals of the effectiveness of information security policy, including updating of the policy as needed and external review as appropriate. Software Development Companies in India
  • 14. References 1. http://it.med.miami.edu/x2227.xml 2. http://it.med.miami.edu/x1771.xml 3. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rj a&uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.com 4. iFour Consultancy’s ISMS policy documentation – http://www.ifour- consultancy.com 5. http://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it- security.html Software Development Companies in India

Editor's Notes

  1. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  2. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  3. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  4. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  5. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  6. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  7. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  8. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  9. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  10. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  11. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  12. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  13. ISO for Software Development Companies in India – http://www.ifour-consultancy.com
  14. ISO for Software Development Companies in India – http://www.ifour-consultancy.com