SlideShare a Scribd company logo

ISO/IEC 27001.pdf

L
LiiewaOfficial

What makes this standard so important . This paper provides an overview and important insights.

Technology
1 of 6
Download to read offline
School: School of Education, Social Sciences and Technology Degree Programme: Bachelors of Information Technology Course: Strategic IS and Business Policy- BIT 442 Assignment No. 1 Lecturer’s Name: Mr. Gilbert Mwale Student No: BIT19114277 Student Name: LIIEWA SONGOLO Student E-mail: liiewasongolo26@gmail.com UNILUS Pioneer Campus P.O. Box 36711 LUSAKA. Physical Address: UNILUS Plot No. 37413, Off Alick Nkhata Road (Behind Alliance Francaise), Mass Media, LUSAKA
1. Standard: ISO/IEC 27001 2. The ISO code for ISO/IEC 27001 is 27001 Here is more information about the standard, such as its release year, primary objectives, and characteristics: Launch Year: The first edition of ISO/IEC 27001 was released in 2005. Since then, it has undergone alterations; the most recent being ISO/IEC 27001:2013. Principal Goals: Information Security Management: The main goal of ISO/IEC 27001 is to give organizations a methodical and organized approach to managing information security. It aids in the creation and upkeep of efficient information security management systems (ISMS) for enterprises. Risk Management: Information security risks must be recognized, evaluated, and managed, according to ISO/IEC 27001. Organizations are obliged to assess the possible threats to their information assets and put in place adequate security measures to lessen or manage these threats. Continuous Improvement: The standard encourages a culture of ongoing information security improvement. Organizations are advised to continuously monitor and review it to ensure their ISMS stays successful in the face of changing threats and vulnerabilities. Key Attributes:  Information security is approached from a risk-based perspective in accordance with ISO/IEC 27001 standards. As a result, businesses must evaluate the threats to their information assets and determine priorities for their efforts and resources based on the severity of the threats.  Complete Controls: Annex A of the standard contains a complete list of security controls and goals. Access control, cryptography, physical security, and incident management are just a few of the measures that address various facets of information security. These controls can be chosen and customized by organizations to meet their own demands.  The importance of top management's commitment to information security is emphasized by ISO/IEC 27001. An organization's leadership should show support for the ISMS and make sure that it is incorporated into all of the organization's operational procedures. What makes ISO/IEC 27001 so important? The management of cyber-risks can appear challenging or even unattainable given the surge in cybercrime and the ongoing emergence of new threats. Organizations can become risk-aware by using ISO/IEC 27001, which also enables them to spot and fix problems early on.
Information security is promoted holistically by ISO/IEC 27001, which involves screening people, policy, and technology. A tool for risk management, cyber- resilience, and operational excellence is an information security management system that has been implemented in accordance with this standard. The three principles of the ISO/IEC 27001 are: Confidentiality: Only the appropriate people can access the information kept by the company. An example would be Using encryption to protect sensitive information from unauthorized access and decipherment. Integrity: Data that the organization utilizes to further its business or keeps safe for others is reliably stored and not destroyed or corrupted. Verifying the integrity and authenticity of electronic documents and conversations using digital signatures. Availability: Meaning that the organization and its clients can access the information whenever it is necessary so that business aims and customer expectations are achieved. Setting up redundant systems and backups to ensure that services and data are available even in the event of hardware failures 3. Overview of ISO/IEC 27001 The world's largest developer of voluntary international standards is the International Organization for Standardization (ISO), a nongovernmental organization that operates independently. The International Electrotechnical Commission (IEC) is the top body in the world for developing and disseminating international standards for technology connected to electrical, electronic, and allied fields. The ISO/IEC 27000 family of standards, which were released by the joint ISO/IEC subcommittee, include hundreds of controls and control mechanisms that can be used by companies of all shapes and sizes to safeguard their information assets. These international standards give organizations a framework for policies and practices that cover all physical, technical, and legal controls involved in information risk management operations. An Information Security Management System (ISMS) is formally specified in the security standard ISO/IEC 27001 with the goal of bringing information security under explicit management control. It establishes standards for how to install, oversee, keep up with, and continuously enhance the ISMS as a formal specification. Additionally, it recommends a set of best practices that cover the need for documentation, responsibility divisions, availability, access control, security, auditing, and corrective and preventive actions. Organizations can more easily adhere to the many statutory and regulatory requirements related to the protection of information by obtaining ISO/IEC 27001 certification. (Microsoft Corporation, 2023)
Question 2 1. i. Failure due to technology: The computerized systems may experience problems that cause downtime and operational disruptions. ii. Security Breaches: Automation involves the digital storage of sensitive consumer and financial information, which leaves it open to cyberattacks and data breaches. iii. Cost: Due to unforeseen costs for software, hardware, or consulting services, the project may go above its allocated budget. iv. Resistance by Employees: Fearing a loss of employment or having trouble adjusting to new technologies, employees may resistresistant to the automation process. v. Training Issues: Staff may need substantial training to use the new systems successfully, which could cause production losses while they are adjusting. vi. Integration problems: It's possible that the new technology won't connect perfectly with the current systems, leading to ineffective operations. vii. Compliance with regulations: Modifications to data processing and reporting procedures may result in problems adhering to industry rules and data privacy legislation. viii. Vendor Reliability: Project schedules may be affected if the company depends on outside vendors for technology parts or services. ix. Scalability: As the firm expands, the system could be difficult to scale, necessitating further expenditures and disruptions. x. Dependencies that weren't anticipated: Dependencies on outside elements, including software upgrades or third-party services, could be dangerous. xi. Project Delays: The project timetable may be extended by delays in the delivery of hardware or software or by unforeseen problems. xii. Loss of Institutional information: If valuable institutional information is not properly documented, the firm may lose it as procedures become more automated. Assumption List:  Resource Accessibility: Assuming that the project has access to the finance and experienced IT personnel that it needs.  Data Backup and Recovery: Assuming effective data backup and recovery practices are in place to reduce the risk of data loss.  Regulatory Compliance: Assuming that the project will abide by all applicable data privacy laws and industry standards.  Change Management: Assuming that a thorough plan for dealing with change- related employee resistance is in place to address it and ensure a smooth transition.  Vendor Reliability: Assuming that the service or technology suppliers chosen are dependable and capable of meeting project deadlines.  Backing from Stakeholders: Assuming that the automation program has the backing of important stakeholders like employees, management, and investors. 2.
3. RISK MATRIX RISK RATING KEY LOW MEDIUM HIGH EXTREME 0 – ACCEPTABLE 1 – ALARP as low as reasonably practicable 2 – GENERALLY UNACCEPTA BLE 3 – INTOLERABL E ––––––––––––– ––––– OK TO PROCEED ––––––––––––– ––––– TAKE MITIGATION EFFORTS ––––––––––––– ––––– SEEK SUPPORT ––––––––––––– ––––– PLACE EVENT ON HOLD SEVERITY ACCEPTABLE TOLERABLE UNDESIRABL E INTOLERABL E LIKELIHO OD LITTLE TO NO EFFECT ON EVENT EFFECTS ARE FELT, BUT NOT CRITICAL TO OUTCOME SERIOUS IMPACT TO THE COURSE OF ACTION AND OUTCOME COULD RESULT IN DISASTER IMPROBA BLE LOW MEDIUM MEDIUM HIGH RISK IS UNLIKEL Y TO OCCUR – 1 – – 4 – – 6 – – 10 – POSSIBLE LOW MEDIUM HIGH EXTREME RISK WILL LIKELY OCCUR – 2 – – 5 – – 8 – – 11 – PROBABL E MEDIUM HIGH HIGH EXTREME RISK WILL OCCUR – 3 – – 7 – – 9 – – 12 –
REFERENCES Culot, G., Nassimbeni, G., Podrecca, M. and Sartor, M. (2021), "The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda", The TQM Journal, Vol. 33 No. 7, pp. 76- 105. https://doi.org/10.1108/TQM-09-2020-0202 Microsoft Corporation. (2023). ISO/IEC 27001:2013 Information Security Management Standards. Retrieved from [https://learn.microsoft.com/en- us/compliance/regulatory/offering-iso-27001] Project Management Institute (2008). A Guide to the Project Management Body of Knowledge (PMBOK® Guide). 4th Edition. Project Management Institute

Recommended

Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
What are the essential aspects of ISO 27001 Certification in Netherlands.pdf
What are the essential aspects of ISO 27001 Certification in Netherlands.pdfWhat are the essential aspects of ISO 27001 Certification in Netherlands.pdf
What are the essential aspects of ISO 27001 Certification in Netherlands.pdfAnoosha Factocert
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 

Recommended

Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
What are the essential aspects of ISO 27001 Certification in Netherlands.pdf
What are the essential aspects of ISO 27001 Certification in Netherlands.pdfWhat are the essential aspects of ISO 27001 Certification in Netherlands.pdf
What are the essential aspects of ISO 27001 Certification in Netherlands.pdfAnoosha Factocert
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfElyes ELEBRI
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxssuser00d6eb
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smkiSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 
Topic11
Topic11Topic11
Topic11Anne Starr
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

More Related Content

Similar to ISO/IEC 27001.pdf

MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfElyes ELEBRI
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxssuser00d6eb
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standardsWilson Musyoka
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 

Similar to ISO/IEC 27001.pdf (20)

MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdfpdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
pdfcoffee.com_iso-iec-27002-implementation-guidance-and-metrics-pdf-free.pdf
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Security policy and standards
Security policy and standardsSecurity policy and standards
Security policy and standards
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
Topic11
Topic11Topic11
Topic11
 

Recently uploaded

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceIES VE
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 

Recently uploaded (20)

TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

ISO/IEC 27001.pdf

  • 1. School: School of Education, Social Sciences and Technology Degree Programme: Bachelors of Information Technology Course: Strategic IS and Business Policy- BIT 442 Assignment No. 1 Lecturer’s Name: Mr. Gilbert Mwale Student No: BIT19114277 Student Name: LIIEWA SONGOLO Student E-mail: liiewasongolo26@gmail.com UNILUS Pioneer Campus P.O. Box 36711 LUSAKA. Physical Address: UNILUS Plot No. 37413, Off Alick Nkhata Road (Behind Alliance Francaise), Mass Media, LUSAKA
  • 2. 1. Standard: ISO/IEC 27001 2. The ISO code for ISO/IEC 27001 is 27001 Here is more information about the standard, such as its release year, primary objectives, and characteristics: Launch Year: The first edition of ISO/IEC 27001 was released in 2005. Since then, it has undergone alterations; the most recent being ISO/IEC 27001:2013. Principal Goals: Information Security Management: The main goal of ISO/IEC 27001 is to give organizations a methodical and organized approach to managing information security. It aids in the creation and upkeep of efficient information security management systems (ISMS) for enterprises. Risk Management: Information security risks must be recognized, evaluated, and managed, according to ISO/IEC 27001. Organizations are obliged to assess the possible threats to their information assets and put in place adequate security measures to lessen or manage these threats. Continuous Improvement: The standard encourages a culture of ongoing information security improvement. Organizations are advised to continuously monitor and review it to ensure their ISMS stays successful in the face of changing threats and vulnerabilities. Key Attributes:  Information security is approached from a risk-based perspective in accordance with ISO/IEC 27001 standards. As a result, businesses must evaluate the threats to their information assets and determine priorities for their efforts and resources based on the severity of the threats.  Complete Controls: Annex A of the standard contains a complete list of security controls and goals. Access control, cryptography, physical security, and incident management are just a few of the measures that address various facets of information security. These controls can be chosen and customized by organizations to meet their own demands.  The importance of top management's commitment to information security is emphasized by ISO/IEC 27001. An organization's leadership should show support for the ISMS and make sure that it is incorporated into all of the organization's operational procedures. What makes ISO/IEC 27001 so important? The management of cyber-risks can appear challenging or even unattainable given the surge in cybercrime and the ongoing emergence of new threats. Organizations can become risk-aware by using ISO/IEC 27001, which also enables them to spot and fix problems early on.
  • 3. Information security is promoted holistically by ISO/IEC 27001, which involves screening people, policy, and technology. A tool for risk management, cyber- resilience, and operational excellence is an information security management system that has been implemented in accordance with this standard. The three principles of the ISO/IEC 27001 are: Confidentiality: Only the appropriate people can access the information kept by the company. An example would be Using encryption to protect sensitive information from unauthorized access and decipherment. Integrity: Data that the organization utilizes to further its business or keeps safe for others is reliably stored and not destroyed or corrupted. Verifying the integrity and authenticity of electronic documents and conversations using digital signatures. Availability: Meaning that the organization and its clients can access the information whenever it is necessary so that business aims and customer expectations are achieved. Setting up redundant systems and backups to ensure that services and data are available even in the event of hardware failures 3. Overview of ISO/IEC 27001 The world's largest developer of voluntary international standards is the International Organization for Standardization (ISO), a nongovernmental organization that operates independently. The International Electrotechnical Commission (IEC) is the top body in the world for developing and disseminating international standards for technology connected to electrical, electronic, and allied fields. The ISO/IEC 27000 family of standards, which were released by the joint ISO/IEC subcommittee, include hundreds of controls and control mechanisms that can be used by companies of all shapes and sizes to safeguard their information assets. These international standards give organizations a framework for policies and practices that cover all physical, technical, and legal controls involved in information risk management operations. An Information Security Management System (ISMS) is formally specified in the security standard ISO/IEC 27001 with the goal of bringing information security under explicit management control. It establishes standards for how to install, oversee, keep up with, and continuously enhance the ISMS as a formal specification. Additionally, it recommends a set of best practices that cover the need for documentation, responsibility divisions, availability, access control, security, auditing, and corrective and preventive actions. Organizations can more easily adhere to the many statutory and regulatory requirements related to the protection of information by obtaining ISO/IEC 27001 certification. (Microsoft Corporation, 2023)
  • 4. Question 2 1. i. Failure due to technology: The computerized systems may experience problems that cause downtime and operational disruptions. ii. Security Breaches: Automation involves the digital storage of sensitive consumer and financial information, which leaves it open to cyberattacks and data breaches. iii. Cost: Due to unforeseen costs for software, hardware, or consulting services, the project may go above its allocated budget. iv. Resistance by Employees: Fearing a loss of employment or having trouble adjusting to new technologies, employees may resistresistant to the automation process. v. Training Issues: Staff may need substantial training to use the new systems successfully, which could cause production losses while they are adjusting. vi. Integration problems: It's possible that the new technology won't connect perfectly with the current systems, leading to ineffective operations. vii. Compliance with regulations: Modifications to data processing and reporting procedures may result in problems adhering to industry rules and data privacy legislation. viii. Vendor Reliability: Project schedules may be affected if the company depends on outside vendors for technology parts or services. ix. Scalability: As the firm expands, the system could be difficult to scale, necessitating further expenditures and disruptions. x. Dependencies that weren't anticipated: Dependencies on outside elements, including software upgrades or third-party services, could be dangerous. xi. Project Delays: The project timetable may be extended by delays in the delivery of hardware or software or by unforeseen problems. xii. Loss of Institutional information: If valuable institutional information is not properly documented, the firm may lose it as procedures become more automated. Assumption List:  Resource Accessibility: Assuming that the project has access to the finance and experienced IT personnel that it needs.  Data Backup and Recovery: Assuming effective data backup and recovery practices are in place to reduce the risk of data loss.  Regulatory Compliance: Assuming that the project will abide by all applicable data privacy laws and industry standards.  Change Management: Assuming that a thorough plan for dealing with change- related employee resistance is in place to address it and ensure a smooth transition.  Vendor Reliability: Assuming that the service or technology suppliers chosen are dependable and capable of meeting project deadlines.  Backing from Stakeholders: Assuming that the automation program has the backing of important stakeholders like employees, management, and investors. 2.
  • 5. 3. RISK MATRIX RISK RATING KEY LOW MEDIUM HIGH EXTREME 0 – ACCEPTABLE 1 – ALARP as low as reasonably practicable 2 – GENERALLY UNACCEPTA BLE 3 – INTOLERABL E ––––––––––––– ––––– OK TO PROCEED ––––––––––––– ––––– TAKE MITIGATION EFFORTS ––––––––––––– ––––– SEEK SUPPORT ––––––––––––– ––––– PLACE EVENT ON HOLD SEVERITY ACCEPTABLE TOLERABLE UNDESIRABL E INTOLERABL E LIKELIHO OD LITTLE TO NO EFFECT ON EVENT EFFECTS ARE FELT, BUT NOT CRITICAL TO OUTCOME SERIOUS IMPACT TO THE COURSE OF ACTION AND OUTCOME COULD RESULT IN DISASTER IMPROBA BLE LOW MEDIUM MEDIUM HIGH RISK IS UNLIKEL Y TO OCCUR – 1 – – 4 – – 6 – – 10 – POSSIBLE LOW MEDIUM HIGH EXTREME RISK WILL LIKELY OCCUR – 2 – – 5 – – 8 – – 11 – PROBABL E MEDIUM HIGH HIGH EXTREME RISK WILL OCCUR – 3 – – 7 – – 9 – – 12 –
  • 6. REFERENCES Culot, G., Nassimbeni, G., Podrecca, M. and Sartor, M. (2021), "The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda", The TQM Journal, Vol. 33 No. 7, pp. 76- 105. https://doi.org/10.1108/TQM-09-2020-0202 Microsoft Corporation. (2023). ISO/IEC 27001:2013 Information Security Management Standards. Retrieved from [https://learn.microsoft.com/en- us/compliance/regulatory/offering-iso-27001] Project Management Institute (2008). A Guide to the Project Management Body of Knowledge (PMBOK® Guide). 4th Edition. Project Management Institute