What is iso 27001 isms

1. What is ISO 27001 ISMS? CAW CONSULTANCY BUSINESS SOLUTIONS LTD

2. Contents  Your information is your biggest strength!  Why is Security essential?  About ISO 27001 ISMS  The value of ISO 27001 ISMS Copy Righted by CAW Consultancy Business Solutions Ltd

3. Information is your Greatest Asset Copy Righted by CAW Consultancy Business Solutions Ltd Information is essential for our personal activities as well as for our business

4. What is information?  Information is data that has been processed into a suitable form for a final user  Information is the outcome of processed data Copy Righted by CAW Consultancy Business Solutions Ltd

5. Information & Business Copy Righted by CAW Consultancy Business Solutions Ltd For a business information is a valuable source just as much as capital infrastructure and people Information is collected on a variety of items and used by managers to make strategic decisions concerning the organisations All information related to organizations’ internal and external environment is an asset.

6. Why is information an asset? Copy Righted by CAW Consultancy Business Solutions Ltd Information is recognised as valuable to the organisation and has a certain value Information also has a commodity and as such has a monetary value, the level of which depends on its accuracy and potential use Information helps with decision making based on past trends, market research & analysis, observing competitors and comply to regulators’ requirements ect.

7. Types of information available within an organisation  Information comes in many forms, it can be printed or written on paper, stored electronically means, shown on films, or spoken in conversation. In may include:  Market trends  Buying preferences  Trade secrets  Customer profiles  Regulators  Financial & Accounting records  Current & future business plans  Policies, published material etc  Partners  Employees Copy Righted by CAW Consultancy Business Solutions Ltd

8. What’s next? Information is a necessity for an organisations business and consequently needs to be protected fittingly! Copy Righted by CAW Consultancy Business Solutions Ltd

9. What is Information Security? “Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize ROI and business opportunities”. Copy Righted by CAW Consultancy Business Solutions Ltd

10. Need of Information Security Copy Righted by CAW Consultancy Business Solutions Ltd With an increase in the use of external service providers and the adoption of new technologies, companies are being increasingly exposed to security breach threats. In fact, 60% of the respondents perceived an increase in the level of risk they face due to the use of social networking, and personal devices in the enterprises According to a survey, companies are taking a proactive stance as 46% of companies indicated that their annual investment in information security is increasing Though IT professionals are trying, but not all are succeeding in keeping up with new challenges and threats

11. What is information Security? Copy Righted by CAW Consultancy Business Solutions Ltd Protection of information from accidental or intentional misuse by persons inside or outside the organisations Protecting information systems from unauthorized access, use, disruption, modification or destruction

12. Components of Information Security Confidentiality Integrity Availability Copy Righted by CAW Consultancy Business Solutions Ltd Ensuring that authorized users have access to information and associated assets when requiredSafeguarding the accuracy and totality of information and processing methods Ensuring that information is accessible only to those with approved access

13. Information Security in Networked Economy Authenticity Non- repudiation Business transactions as well as information exchanges between enterprise locations or with partners can be trusted Copy Righted by CAW Consultancy Business Solutions Ltd

14. Consequences of Information Security Breaches  Systems being inaccessible  Data damage and loss  Bad publicity and humiliation  Fraud  Corporate surveillance etc. Copy Righted by CAW Consultancy Business Solutions Ltd The range of adverse consequences associated with breaches of information security is long and includes:

15. What is ISMS?  “Information Security Management System is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.” NOTE: The management system includes organisational structure, policies, practices, planning activities, procedures, responsibilities, processes and resources. Copy Righted by CAW Consultancy Business Solutions Ltd

16. What is ISO 27001 ISMS?  ISO 27001:2005 – Information Security Management System (ISMS) requirements  ISO 27001:2007 – Code of Practice for Information Security Management  The Standard:  Provides strategic and tactical direction  Easy Integration  Non-technical  Recognizes that Information Security is a Management issue  Structured similar to ISO 2001 and ISO 14001 Copy Righted by CAW Consultancy Business Solutions Ltd

17. The History of ISO 27001 Copy Righted by CAW Consultancy Business Solutions Ltd

18. The Structure of ISO 27001  11 Information Security Control Areas  39 Information Security Control Objectives  134 Information Security Controls Copy Righted by CAW Consultancy Business Solutions Ltd Plan Establish ISMS Do Implement & Operate ISMS Check Monitor & review ISMS Act Maintain and Improve ISMS Interested Parties Info Sec expectations & requirements Interested Parties Managed Information Security 11 Control Areas: 1. Security Policy 2. Organisation of Information Security 3. Asset Management 4. Human Resource Security 5. Physical & environmental Security 6. Communication and Operation Management 7. Access Control 8. Information systems acquisition, development and maintenance 9. Information Security Incident Management 10. Business Continuity Management 11. Compliance

19. ISO 27001 – Important Sections  Section 4: Requirements • Establishing and managing the ISMS • Quality controls  Section 5: Management Responsibility • Management Commitment • Resource Management  Section 6: Internal ISMS Audit Copy Righted by CAW Consultancy Business Solutions Ltd  Section 7: Management review of the ISMS • Review input • Review output  Section 8: ISMS Improvement • Continual improvement • Corrective actions • Preventive actions

20. ISO 27001 – Annex A  Organisation of Annex A • 11 control areas • 39 control objectives • 134 controls  Management controls  Technical controls  Annex A is auditable! Copy Righted by CAW Consultancy Business Solutions Ltd

21. ISO 27001 – Annex A  A.5 – Security Policy  A.6 – Organisation of information Security  A.7 – Asset Management  A.8 – Human Resource Security  A.9 – Physical & Environmental Security  A.10 – Communication and Operation Management  A.11 – Access Control  A.12 – Information systems acquisition, development and maintenance  A.13 – Information Security Incident Management  A.14 – Business Continuity Management  A.15 - Compliance Copy Righted by CAW Consultancy Business Solutions Ltd

22. What are the Direct Benefits of ISO 27001 ISMS?  An increase in profits  Increased reliability and security of systems  Systems rationalisation  Cost effective and consistent information security  Compliance with legislation Copy Righted by CAW Consultancy Business Solutions Ltd

23. Increased Reliability & Security of Systems  Today most business organisations depend on sophisticated information systems  ISO27K outlines controls targeting business systems availability  The controls reduce vulnerabilities from being exploited  Post certain audits ensures that the business keeps up to date with latest vulnerabilities & proficient practices  Ensures continual improvement of the system which helps in making the system ‘reliable & updated’ Copy Righted by CAW Consultancy Business Solutions Ltd

24. Increased Profits  Clients’ perceptions about a certified company improve  ISO 27001 increases business profitability from medium to long term  Clients’ feel more secure and satisfied  Clients’ demonstrate that a business can be trusted  Some customers favour to trade with companies who have a recognised security certification  Ultimately, customers’ trust & growing confidence leads to amplified business profits Copy Righted by CAW Consultancy Business Solutions Ltd

25. Cost effective & consistent information security  Some organisations do execute cost effective security solutions but a risk assessment under ISO27001 actually highlights their efficiency and real effectiveness  The risk assessment concludes that some of the already implemented controls offer little or no benefits to provide an even better return of investment  The risk assessment provides reconfiguration of such controls to make them more effective & even introduces some additional ones as well Copy Righted by CAW Consultancy Business Solutions Ltd  A non-consistency in policy framework is observed in organisations as it every division/department develops its own security guidelines  ISO 27001 helps to develop a consistent approach to security  It helps in generating uniform policies in incorporating the industries best practices  A disciplinary process is also introduces to ensure employee compliance with the policies for even better results

26. System Rationalization  During the initiating phase, organisations scrutinise with their information & information security requirements  They simply just don’t do it  Such analysis helps in making rational policies and spending money wisely Copy Righted by CAW Consultancy Business Solutions Ltd

27. Compliance with legislations  Implementation of ISO 27001 forces to conform with all applicable legislations on the business  It specially takes consideration that the organisation centres on legalities involved in its course of business particularly areas like data protection & copyright Copy Righted by CAW Consultancy Business Solutions Ltd

28. What are the Indirect Benefits of IMS 27001?  Advance management control  Improved risk management & contingency planning  Develop positive human relations  Enhance customer and trading partners confidence Copy Righted by CAW Consultancy Business Solutions Ltd

29. Improved management control  ISO 27K emphasizes on delegation of authority  Mangers have more control over the organisation  They have improved accurate information with which they can manage their functions  Management effort is reduced Copy Righted by CAW Consultancy Business Solutions Ltd

30. Better human relations  Well-defined policies, procedures & guidelines make things easier and more understandable for employees  Certification gives an advantage to the organisation over its competitors and provides it with a unique selling point that gives an improved working environment for staff  Employees start recognising that their earning potential now depends on how customers perceive the company  They get more wary about their brand image and get extra cautious when dealing with their customers  Enhanced quality human resource is employed due to recognised screening procedures Copy Righted by CAW Consultancy Business Solutions Ltd

31. Improved risk management & contingency planning  Through ISO 27001 certification, an organisation distinguishes vulnerabilities, hazards, threats and potential impact  Organisation gets a structured approach to risk management  The risk assessment identifies which are most important for the success of the business  It helps in making a business continuity and DR plan which reduces the potential exposure to financial loss or negative publicity Copy Righted by CAW Consultancy Business Solutions Ltd

32. Enhanced customer confidence  Helps in surpassing competitors  Certification provides and impression of a more trustworthy training partner which is receptive to security breaches  Having ISO 27001 logo on the company literature continually prompts potential and existing customers that we are an organisation which takes the integrity, confidentiality and availability of their and our information seriously Copy Righted by CAW Consultancy Business Solutions Ltd

33. Thank you! Contact us at CAW Consultancy Business Solutions ltd Now! craig@cawconsultancy.co.uk 07427535662 Copy Righted by CAW Consultancy Business Solutions Ltd

What is iso 27001 isms

You are reading a preview.

Check these out next

What is iso 27001 isms

More Related Content

Slideshows for you (20)

Viewers also liked (19)

Similar to What is iso 27001 isms (20)

More from Craig Willetts ISO Expert (20)

Recently uploaded (20)