SlideShare a Scribd company logo

Basics to ISO 27001 by Manula Udugahapattuwa

Download as PPTX, PDF
M
Manula Udugahapattuwa

A Standardization by ISO (International Organization for Standardization). Provides requirements for establishing, Implementing, maintaining and continuous improvement of an Information Security Management System. It Applies to the High-Level Structure Our focus is on the standard 27001 8. Operation 9. Performance Evaluation

Software
1 of 11
ISO 27001 Information Technology – Security Techniques Information Security Management Systems - Requirements Udugahapattuwa D.M.R.
What is ISO 27001? ▶ A Standardization by ISO (International Organization for Standardization). ▶ Provides requirements for establishing, Implementing, maintaining and continuous improvement of an Information Security Management System. ▶ It Applies to the High-Level Structure ▶ Our focus is on the standard 27001 ▶ 8. Operation ▶ 9. Performance Evaluation
8.Operation 8.1 Operational Planning and Control ▶ An organisation shall plan, implement and control the processes needed to meet information security requirements ▶ To ensure the above were carried out efficiently the documentation of information is necessary. ▶ Control of the planned changes and reviewing consequences of unintended changes taking action to mitigate the adverse effects. ▶ If the any of above or any other process are outsourced. The organisation must ensure that they are controlled and determined.
8.2 Information Security Risk Assessment ▶ The security risk assessments on the organisation should be carried out at planned intervals. ▶ When Significant changes are proposed or occur revision of it’s security risk assessment is required. ▶ All the information document in the assessment should be retained.
8.3 Information Security Risk Treatment ▶ In this area we focus on the implementation of the security risk treatment plan ▶ Risk Treatment should have a plan, ISMS Risk Assessment Report and a Statement of Applicability. ▶ Some areas of Risk Treatment Implementation ▶ Information Security Policies ▶ Access Control
Continued Risk Treatment Implementation Methods RetainRisk Share Risk AvoidRisk Dicrease the risk
9.Performance Evaluation 9.1 Monitoring, Measurement, Analysis and Evaluation ▶ The key is to evaluate the company information security performance and the effectiveness of ISMS (Information Security Management System) ▶ Determining what to be monitored and measured is a another key area that a company should consider on. ▶ You will need to ▶ What needs to be monitored ▶ Agree on the methods you will use for monitoring and analysing ▶ When you will conduct the monitoring and measuring ▶ Decide who will conduct the measurement ▶ Decide when you will analyse the results of the measurement ▶ Who will be responsible for evaluating the results.
9.2 Internal Audit ▶ Conducting internal audits in derived intervals of time by the company which will determine to ▶ Conform to own organisational requirements for information Security Management System and to this Standard ▶ More effective implementation and Maintenance of the controls ▶ The need of comparison between the previous and current audits for more efficient improvements. ▶ Define audit criteria and scope for each audit. ▶ Reporting Authority
9.3 Management Review ▶ Review of the Organisational Information Security Management System at planned intervals is a highly significant task. ▶ By conducting thorough reviews to ensure continuing suitability, effectiveness and adequacy of the ISMS ▶ Things to be Considered ▶ Status if actions taken after previous management reviews ▶ Changes occurred internally and externally in related to ISMS. ▶ Feedback on the Information Security Performance
Q & A
THANK YOU!

Recommended

Controlling
ControllingControlling
Controlling
Alecxz Herrera
 
Security
SecuritySecurity
Security
a1aass
 
Chapter005
Chapter005Chapter005
Chapter005
Jeanie Delos Arcos
 
Controlling
ControllingControlling
Controlling
sisenegbalongkit
 
Medgate Industrial Hygiene Suite
Medgate Industrial Hygiene SuiteMedgate Industrial Hygiene Suite
Medgate Industrial Hygiene Suite
Medgate Inc.
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
Chandan Singh Ghodela
 
Chapter008
Chapter008Chapter008
Chapter008
Jeanie Delos Arcos
 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
William McBorrough
 

Recommended

Controlling
ControllingControlling
Controlling
Alecxz Herrera
 
Security
SecuritySecurity
Security
a1aass
 
Chapter005
Chapter005Chapter005
Chapter005
Jeanie Delos Arcos
 
Controlling
ControllingControlling
Controlling
sisenegbalongkit
 
Medgate Industrial Hygiene Suite
Medgate Industrial Hygiene SuiteMedgate Industrial Hygiene Suite
Medgate Industrial Hygiene Suite
Medgate Inc.
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
Chandan Singh Ghodela
 
Chapter008
Chapter008Chapter008
Chapter008
Jeanie Delos Arcos
 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
William McBorrough
 
Need for IT Compliance
Need for IT ComplianceNeed for IT Compliance
Need for IT Compliance
We Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Electronic Batch Records
Electronic Batch RecordsElectronic Batch Records
Electronic Batch Records
Jason Corder
 
It change management
It change managementIt change management
It change management
IT-Toolkits.org
 
P2 a5shp
P2 a5shpP2 a5shp
P2 a5shp
Juan Salvador López
 
Tips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental RegulationsTips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental Regulations
Medgate Inc.
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
50001:2018 EnMS Manual Template Preview
50001:2018 EnMS Manual Template Preview50001:2018 EnMS Manual Template Preview
50001:2018 EnMS Manual Template Preview
Centauri Business Group Inc.
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview
Greenlight Guru
 
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCALead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
myTectra Learning Solutions Private Ltd
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
Vandana Verma
 
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
Greenlight Guru
 
Data center engineering operations
Data center engineering operationsData center engineering operations
Data center engineering operations
Jagbir Sangwan
 
Excel in facility maintenance management with simple steps
Excel in facility maintenance management with simple stepsExcel in facility maintenance management with simple steps
Excel in facility maintenance management with simple steps
Loewen_tem
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
Desmond Muchetu
 
8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training 8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training
Qualsys Ltd
 
Predictive Maintenance Solution -1019
Predictive Maintenance Solution -1019Predictive Maintenance Solution -1019
Predictive Maintenance Solution -1019
Percy-Mitchell
 
knowledge Byte -IT change management
knowledge Byte -IT change managementknowledge Byte -IT change management
knowledge Byte -IT change management
mohitnkm
 
Clause 10 - Continual Improvement
Clause 10 - Continual ImprovementClause 10 - Continual Improvement
Clause 10 - Continual Improvement
ifourkhushbooshah
 
MIS 22 Disaster Management
MIS 22 Disaster ManagementMIS 22 Disaster Management
MIS 22 Disaster Management
Tushar B Kute
 
Fritz Penn Indeed Resume
Fritz Penn Indeed ResumeFritz Penn Indeed Resume
Fritz Penn Indeed Resume
Penn, Fritz
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
ssuser00d6eb
 

More Related Content

What's hot

An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
Greenlight Guru
 
Fritz Penn Indeed Resume
Fritz Penn Indeed ResumeFritz Penn Indeed Resume
Fritz Penn Indeed Resume
Penn, Fritz
 

What's hot (20)

Need for IT Compliance
Need for IT ComplianceNeed for IT Compliance
Need for IT Compliance
 
Electronic Batch Records
Electronic Batch RecordsElectronic Batch Records
Electronic Batch Records
 
It change management
It change managementIt change management
It change management
 
P2 a5shp
P2 a5shpP2 a5shp
P2 a5shp
 
Tips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental RegulationsTips for Compliance with Safety and Environmental Regulations
Tips for Compliance with Safety and Environmental Regulations
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 
50001:2018 EnMS Manual Template Preview
50001:2018 EnMS Manual Template Preview50001:2018 EnMS Manual Template Preview
50001:2018 EnMS Manual Template Preview
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview
 
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCALead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
Lead Auditor Course on ISO 27001:2013 (ISMS) - IRCA
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
An Inside Look at Changes to the New ISO 14971:2019 from a Member of the Stan...
 
Data center engineering operations
Data center engineering operationsData center engineering operations
Data center engineering operations
 
Excel in facility maintenance management with simple steps
Excel in facility maintenance management with simple stepsExcel in facility maintenance management with simple steps
Excel in facility maintenance management with simple steps
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training 8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training
 
Predictive Maintenance Solution -1019
Predictive Maintenance Solution -1019Predictive Maintenance Solution -1019
Predictive Maintenance Solution -1019
 
knowledge Byte -IT change management
knowledge Byte -IT change managementknowledge Byte -IT change management
knowledge Byte -IT change management
 
Clause 10 - Continual Improvement
Clause 10 - Continual ImprovementClause 10 - Continual Improvement
Clause 10 - Continual Improvement
 
MIS 22 Disaster Management
MIS 22 Disaster ManagementMIS 22 Disaster Management
MIS 22 Disaster Management
 
Fritz Penn Indeed Resume
Fritz Penn Indeed ResumeFritz Penn Indeed Resume
Fritz Penn Indeed Resume
 

Similar to Basics to ISO 27001 by Manula Udugahapattuwa

Sec 270 02 sect 01av1
Sec 270 02 sect 01av1Sec 270 02 sect 01av1
Sec 270 02 sect 01av1
wchend
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Practical Measures for Measuring Security
Practical Measures for Measuring SecurityPractical Measures for Measuring Security
Practical Measures for Measuring Security
Chris Mullins
 

Similar to Basics to ISO 27001 by Manula Udugahapattuwa (20)

Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Sec 270 02 sect 01av1
Sec 270 02 sect 01av1Sec 270 02 sect 01av1
Sec 270 02 sect 01av1
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
CAPA.pdf
CAPA.pdfCAPA.pdf
CAPA.pdf
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
Compliance
ComplianceCompliance
Compliance
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013
 
The information security audit
The information security auditThe information security audit
The information security audit
 
Implementation roadmap.docx
Implementation roadmap.docxImplementation roadmap.docx
Implementation roadmap.docx
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
 
Practical Measures for Measuring Security
Practical Measures for Measuring SecurityPractical Measures for Measuring Security
Practical Measures for Measuring Security
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 

Recently uploaded

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
software pro Development
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 

Recently uploaded (20)

Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 

Basics to ISO 27001 by Manula Udugahapattuwa

  • 1. ISO 27001 Information Technology – Security Techniques Information Security Management Systems - Requirements Udugahapattuwa D.M.R.
  • 2. What is ISO 27001? ▶ A Standardization by ISO (International Organization for Standardization). ▶ Provides requirements for establishing, Implementing, maintaining and continuous improvement of an Information Security Management System. ▶ It Applies to the High-Level Structure ▶ Our focus is on the standard 27001 ▶ 8. Operation ▶ 9. Performance Evaluation
  • 3. 8.Operation 8.1 Operational Planning and Control ▶ An organisation shall plan, implement and control the processes needed to meet information security requirements ▶ To ensure the above were carried out efficiently the documentation of information is necessary. ▶ Control of the planned changes and reviewing consequences of unintended changes taking action to mitigate the adverse effects. ▶ If the any of above or any other process are outsourced. The organisation must ensure that they are controlled and determined.
  • 4. 8.2 Information Security Risk Assessment ▶ The security risk assessments on the organisation should be carried out at planned intervals. ▶ When Significant changes are proposed or occur revision of it’s security risk assessment is required. ▶ All the information document in the assessment should be retained.
  • 5. 8.3 Information Security Risk Treatment ▶ In this area we focus on the implementation of the security risk treatment plan ▶ Risk Treatment should have a plan, ISMS Risk Assessment Report and a Statement of Applicability. ▶ Some areas of Risk Treatment Implementation ▶ Information Security Policies ▶ Access Control
  • 6. Continued Risk Treatment Implementation Methods RetainRisk Share Risk AvoidRisk Dicrease the risk
  • 7. 9.Performance Evaluation 9.1 Monitoring, Measurement, Analysis and Evaluation ▶ The key is to evaluate the company information security performance and the effectiveness of ISMS (Information Security Management System) ▶ Determining what to be monitored and measured is a another key area that a company should consider on. ▶ You will need to ▶ What needs to be monitored ▶ Agree on the methods you will use for monitoring and analysing ▶ When you will conduct the monitoring and measuring ▶ Decide who will conduct the measurement ▶ Decide when you will analyse the results of the measurement ▶ Who will be responsible for evaluating the results.
  • 8. 9.2 Internal Audit ▶ Conducting internal audits in derived intervals of time by the company which will determine to ▶ Conform to own organisational requirements for information Security Management System and to this Standard ▶ More effective implementation and Maintenance of the controls ▶ The need of comparison between the previous and current audits for more efficient improvements. ▶ Define audit criteria and scope for each audit. ▶ Reporting Authority
  • 9. 9.3 Management Review ▶ Review of the Organisational Information Security Management System at planned intervals is a highly significant task. ▶ By conducting thorough reviews to ensure continuing suitability, effectiveness and adequacy of the ISMS ▶ Things to be Considered ▶ Status if actions taken after previous management reviews ▶ Changes occurred internally and externally in related to ISMS. ▶ Feedback on the Information Security Performance
  • 10. Q & A