6. THE DIGITAL NERVOUS SYSTEM DIGITAL NERVOUS SYSTEM Strategic Thinking Business Reflexes Basic Operations Customer Interaction BUSINESS @ THE SPEED OF THOUGHT
9. “ Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected .” ISO/IEC 17799:2000
13. Information Security HUMAN FIREWALL HUMAN FIREWALL INFORMATION TECHNOLOGY ENVIRONMENT INFORMATION ATTACK ATTACK ATTACK ATTACK ATTACK ATTACK POLICIES PROCESSES STANDARDS TRAINING
14. Information Security POLICIES PROCESSES STANDARDS TRAINING HUMAN FIREWALL HUMAN FIREWALL INFORMATION TECHNOLOGY ENVIRONMENT INFORMATION ATTACK ATTACK ATTACK ATTACK ATTACK ATTACK ATTACK ATTACK ATTACK ATTACK
15. Information Security MANAGEMENT MANAGEMENT POLICIES PROCESSES STANDARDS TRAINING HUMAN FIREWALL HUMAN FIREWALL INFORMATION TECHNOLOGY ENVIRONMENT INFORMATION
16. Management System – Building Blocks Core Processes Inputs Support Processes Management Resource Outputs Total Business Management System
17. Business Management System Quality Environment Health and Safety Risk Information Security People Improvement
18. Business Management System BSI - IMS Risk BSI Risk Mgmt H & S OHSAS 18001 Improvement ISO 9004 Customers BS 8600 Info Sec BS 7799 Environment ISO 14001 Quality ISO9001:2000 QS-9000 / TS 16949 AS9000 / AS9100 TL9000
19. ISO 9004 Performance Improvement All Interested Parties ISO 17799 Information Security Management OHSAS 18001 Health and Safety Management ISO 14001 Environmental Management ISO 9001 Quality Management Stakeholders Involved Increasing Aspects Covered Management Systems & Standards
22. The Virtuous M S Spiral Commitment and Policy Planning Implementation and Operation Checking and Corrective Action Management Review Continual Improvement
23.
24. The First Global Information Security Survey –KPMG 2002 Critical Security Concerns VIRUSES –22% HACKERS – 21% R.A.CONTROLS-17% INTERNET SECURITY-17% DATA PRIVACY- 10 %
25. What is the damage The First Global Information Security Survey – KPMG 2002 QUANTIFIABLE The average direct loss of all breaches suffered by each organization is USD$108,000. GBP 30,000 INR 500,000
33. BS 7799 –10 Domains of Information Management System Development Access Controls Asset Classification Controls Information Security Policy Security Organisation Personnel Security Physical Security Continuity Planning Compliance INFORMATION Staff Records Client Records Financial Records Communications Management
37. Measure/Analyse Progress Building a Management System INPUT Client Business Awareness OUTPUT BSI Certification Business Improvement Develop Management System Build Process BSI Consultant Client
40. BS 7799 Implementation Security Organisation Classify Assets Information Security Policy Apply the Controls Operationalise Process Check Process Corrective Action Management Review Plan Act Check Do
Introduction slide Presentation will cover: WHY you need an Information Security System WHAT the 7799 series gives you HOW BSI can further assist you
Introduction slide Presentation will cover: WHY you need an Information Security System WHAT the 7799 series gives you HOW BSI can further assist you
Some of the businesses that did better in the wake of the WTC disaster, were able to re-host their business operations almost immediately using Business Continuance solutions. These solutions automatically relocated their data center operations in the minutes immediately following the loss of the data centers. This minimized the impact of the failure for businesses that had implemented these solutions, allowing them to quickly return to normal operations, and then to take the time that they needed to re-establish and recover their original data centers while the businesses continued to operate. These types of solutions can take advantage of redundant infrastructure that a business may have available, in other sites and locations or at partner sites. Many businesses had also outsourced this service from service providers that included IBM, Comdisco, and Sunguard.
Intended for use as a reference document. Provides a comprehensive set of security controls. The best information security practices in use. It comprises of 10 control sections.
Remember: - only first document is ISO and it is at least three years away before second document becomes ISO - 7 countries voted against ISO but majority rule carried the document through, (USA, Canada, France, Germany),
It is necessary for the management system to be effective in the organization. If the company has taken a standard of the shelf package it is not a good start. This would be quiet easily identified by the auditor. Then is the company serious about the subject matter, or are they just paying lip service to information security.