SlideShare a Scribd company logo

Ebsl Technologies It Operations Internal Presentation

Publicly traded global multi-billion services company
Publicly traded global multi-billion services company

A portion of an internal training session at EBSL Technologies Int\'l Principles of IT Operations, to include ISO 27001, COBIL ,ITIL,IT Security, IT Frameworks.

Technology
1 of 16
EBSL IT Operations EBSL Technologies Int'l www.ebsltechnologies.com internal consultant training Presented by Jon CRG Shende FBCS CITP Director IT Services Part 1 June 19th 2008
Welcome to EBSL Technologies Int'l EBSL Our following sessions will review principles of IT Operations This will include : • Technical and management concepts within IT (e.g. standards & preserving the C.I.A triad) • Frameworks • Planning for and Managing Risk with Disaster Recovery • An Interactive Workshop in Management Consulting • Metrics from 6 Sigma and Integrity Selling for your client facing duties. 2
Frameworks Overview EBSL ISO 27001:2005 & BS 17799 – ISO 27002:2005 CoBIT - Control Objectives for Information and Related Technology ITIL - IT Infrastructure Library CMMi - Capability Maturity Model Integration Firms need to be cognizant of framework overload Organizations need to set implementation goals for frameworks with adequate project management resources Proceed cautiously with any framework roll-out as the of-chance of an incorrect categorization of control objectives and/or application can defeat the purpose of a framework implementation & ROI assessment 3
ISO 27001:2005 - basic overview EBSL ISO -International Organization for Standardization • ISO 27001/2 are management system standards that are applicable to all industry sectors • ISO 27001 is a formal specification which defines specific requirements for establishing an Information Security Management System(ISMS).It is not a technical standard & emphasizes prevention • It is a management system that should guide in an organizational balance of all aspects of security - physical,technical, procedural, and employee following a Plan-Do-Check-Act, Process Approach • A Process Approach emphasizes user understanding of an organization’s information security requirements and can help define and establish information security policies and objectives. 4
Summarizing ISO 27001 EBSL • It defines an information management framework which sets; directions, aims, objectives and defines a management approved policy which holds management commitment • It's processes methodically identify security requirements by assessing security risks. The results of these assessments help guide the prioritizing of metrics to manage risks and the appropriate management action. This guides the selection and implementation of controls(policies, practices, procedures, organizational structures, software/hardware functions) and mechanisms. • Controls implemented subjectively should follow the identification of security requirements. Their aim, to ensure that risks are reduced to an acceptable level while meeting an organization's security objectives. 5
ISO 27001/2 - basic overview 2 EBSL ISO 27002 • Follows on the guideline of ISO27001's ISMS • Can be regarded as a comprehensive collection of good security processes • It is a standard code of practice which define techniques one can implement to secure data • Both ISO 27001 & 27002 employs specific control statements which satisfy control objectives. We can group controls into six categories • Detect, Protect, Deter, React, Avoid & Recover • Per CoBIT “Control objectives provide a complete set of high level requirements to be considered by management” 6
ISO 27001/2 generic controls EBSL Control . Control Objectives Detect Identification of the occurrence of security event/s, then implement protective, reactive or recovery safeguard mitigation Protect Safeguarding vulnerable information assets and/or assets with exposures to adverse security events Deter Mitigate the possibility of undesirable events being attempted React Minimize the impact of a security event with an adequate response to ensure business continuity Avoid Eliminate known vulnerabilities via patches,software updates, signature updates and take steps to avoid new issues. Recover After an event ensure that confidentiality,integrity and 7 availability of all information assets are restored to their
Controls EBSL • Controls when properly implemented allow management to make well- informed risk management decisions. • This leads to properly secured IT systems responsible for storing, processing, or transmitting organizational data • Risk Management decisions justify IT related expenses via a cost/benefit analysis as well as assist management in supporting a system from it's documented risk management performance review which should be auditable • Tying it together - for any one organization an integrated GRC mindset needs to sit in front of operations i.e. Governance, Risk Management and Compliance rather than being seen as three distinct entities 8
ISO 27001 questions EBSL Q. How does the ISO 27001/2 Series benefit our clients ? • It provides a uniform an effective information security management process for an organization • Proper implementation provides protection of organizational interests and that of their affiliates (subsidiaries, partners, vendors, customers) • It is the aim of senior management to ensure an organization's IT goals align with it's business goals. • By implementing the metrics within 27001/2 senior management can ensure that IT investments delivers value. Performance is accurately measured and resources allocated in a manner to ensure effective risk mitigation 9
ISO 27001 questions EBSL Q. What is an ISMS ? • The Information Security Management System(ISMS) specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's documented ISMS. • It should maintain an overview of the organization's overall business risks and specify requirements for the implementation of security controls. Controls should be customized to the needs of the whole or part of the organization. 10
Why a Risk Assessment Methodology(RAM)? EBSL Assuring information security is a portion of the larger subject of Risk Mitigation & Management. The most important takeaway from ISO 27001 should be establishing a risk assessment methodology (RAM) • A RAM enables an IT Manager to secure data in a manner that enables security Implementing a RAM ensures controls necessary to protect the business are • defined and implemented RAM Provides metrics: results that are repeatable and comparable which • can measure controls effectiveness 11
Why a Risk Assessment Methodology(RAM)? EBSL A RAM ensures that controls implemented will not be overly complex,over-reaching or costly but rather tailored to organizational needs. ISO 27001/2 emphasizes the importance of controls which when implemented, impacts an organization's security statically. Controls need to be reassessed and at times either retired or improved as necessary A risk assessment methodology when properly implemented will ensure that an organization has the means to protect it's business functions at all times. 12
Risk Relationships EBSL Source SQUARE Process Nancy R. Mead, Software Engineering Institute 13 https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/requirements/232- BSI.html
Importance of Risk Management EBSL Organizations should • Establish and use a risk assessment methodology that takes into consideration all legal and regulatory responsibilities in addition to information security • Implement a framework for Conducting Risk Assessments • Quantify it's risks and either accept individual risks, or prioritize the implementation of security controls to mitigate (or not ) these risks in order of severity by developing a Risk Treatment Plan (RTP) which either • Accepts, Avoids or Transfers Risk; or Implement pertinent security controls. 14
Where do we go? EBSL • Q1. How secure is the client if there are no metrics to measure security ? • Q2. Is a system secure if it has never been breached ? • Q3. The aim of a business is to realize a return on investment ( ROI); should ROI be more important than Risk Reduction Factor ? • Q4. How secure are e-business partners? • Q5. Are all the assets of an organization identified, listed and have proper ownership ? • Q6 Does the organization have a reactive or proactive stance ? 15
EBSL End of Part 1 Questions ? 16

Recommended

Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
Barry Caplin
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
Discover JKUAT
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
pgpmikey
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Isms
IsmsIsms
Isms
penetration Tester
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 

Recommended

Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
Barry Caplin
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
Discover JKUAT
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
pgpmikey
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Isms
IsmsIsms
Isms
penetration Tester
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in india
iFour Consultancy
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk Management
Lars Neupart
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
powertech
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
Lars Neupart
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
CISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.orgCISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.org
IEVISION IT SERVICES Pvt. Ltd
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
Lloyd's Register Quality Assurance Nederland
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
Robert Kloots
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
AlliedConSapCourses
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
Hamisi Kibonde
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
Chandan Singh Ghodela
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
LeverX SAP PLM 7.0 Webinar
LeverX SAP PLM 7.0 WebinarLeverX SAP PLM 7.0 Webinar
LeverX SAP PLM 7.0 Webinar
Eric Stajda
 
A2 media studies advanced portfolio evaluation
A2 media studies advanced portfolio evaluationA2 media studies advanced portfolio evaluation
A2 media studies advanced portfolio evaluation
mattwinfield
 

More Related Content

What's hot

Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
Robert Kloots
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
Hamisi Kibonde
 

What's hot (20)

Security policy
Security policySecurity policy
Security policy
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in india
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk Management
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
CISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.orgCISSP Online & Classroom Training & Certification Course - ievision.org
CISSP Online & Classroom Training & Certification Course - ievision.org
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
Implementing security
Implementing securityImplementing security
Implementing security
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Is awareness government
Is awareness governmentIs awareness government
Is awareness government
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
 

Viewers also liked

A2 media studies advanced portfolio evaluation
A2 media studies advanced portfolio evaluationA2 media studies advanced portfolio evaluation
A2 media studies advanced portfolio evaluation
mattwinfield
 
Integrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsIntegrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjects
Eric Stajda
 

Viewers also liked (19)

LeverX SAP PLM 7.0 Webinar
LeverX SAP PLM 7.0 WebinarLeverX SAP PLM 7.0 Webinar
LeverX SAP PLM 7.0 Webinar
 
A2 media studies advanced portfolio evaluation
A2 media studies advanced portfolio evaluationA2 media studies advanced portfolio evaluation
A2 media studies advanced portfolio evaluation
 
Evaluation
EvaluationEvaluation
Evaluation
 
National Parks
National ParksNational Parks
National Parks
 
Ebsl Technologies Jon Shende- Sas 70
Ebsl Technologies Jon Shende- Sas 70Ebsl Technologies Jon Shende- Sas 70
Ebsl Technologies Jon Shende- Sas 70
 
A&M
A&MA&M
A&M
 
Endeavor Media
Endeavor MediaEndeavor Media
Endeavor Media
 
Methods To Leverage SAP Workflow
Methods To Leverage SAP WorkflowMethods To Leverage SAP Workflow
Methods To Leverage SAP Workflow
 
LeverX - Making Use of SAP Guided Structure Synchronization In Your Environment
LeverX - Making Use of SAP Guided Structure Synchronization In Your EnvironmentLeverX - Making Use of SAP Guided Structure Synchronization In Your Environment
LeverX - Making Use of SAP Guided Structure Synchronization In Your Environment
 
SAP StreamWork Webinar
SAP StreamWork WebinarSAP StreamWork Webinar
SAP StreamWork Webinar
 
Bury Tomorrow
Bury TomorrowBury Tomorrow
Bury Tomorrow
 
This Is Hell
This Is HellThis Is Hell
This Is Hell
 
Preso
PresoPreso
Preso
 
Integrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjectsIntegrating SAP EasyDMS With cProjects
Integrating SAP EasyDMS With cProjects
 
Set Your Goals
Set Your GoalsSet Your Goals
Set Your Goals
 
LeverX SAP PLM Rapid Prototype Case Study
LeverX SAP PLM Rapid Prototype Case StudyLeverX SAP PLM Rapid Prototype Case Study
LeverX SAP PLM Rapid Prototype Case Study
 
LeverX SAP DMS Webinar
LeverX SAP DMS WebinarLeverX SAP DMS Webinar
LeverX SAP DMS Webinar
 
SAP Product Lifecycle Management: Implementation Tip, Tricks and Lessons
SAP Product Lifecycle Management: Implementation Tip, Tricks and LessonsSAP Product Lifecycle Management: Implementation Tip, Tricks and Lessons
SAP Product Lifecycle Management: Implementation Tip, Tricks and Lessons
 
SAP PLM BOM (Bill of Material) Redlining
SAP PLM BOM (Bill of Material) RedliningSAP PLM BOM (Bill of Material) Redlining
SAP PLM BOM (Bill of Material) Redlining
 

Similar to Ebsl Technologies It Operations Internal Presentation

G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
HyTrust
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx
Suman Garai
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
kevlekalakala
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Tammy Clark
 

Similar to Ebsl Technologies It Operations Internal Presentation (20)

G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
How to implement a robust information security management system?
How to implement a robust information security management system?How to implement a robust information security management system?
How to implement a robust information security management system?
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
 
20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx20220911-ISO27000-SecurityStandards.pptx
20220911-ISO27000-SecurityStandards.pptx
 
ISO27001
ISO27001ISO27001
ISO27001
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.ppt
 
8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Ebsl Technologies It Operations Internal Presentation

  • 1. EBSL IT Operations EBSL Technologies Int'l www.ebsltechnologies.com internal consultant training Presented by Jon CRG Shende FBCS CITP Director IT Services Part 1 June 19th 2008
  • 2. Welcome to EBSL Technologies Int'l EBSL Our following sessions will review principles of IT Operations This will include : • Technical and management concepts within IT (e.g. standards & preserving the C.I.A triad) • Frameworks • Planning for and Managing Risk with Disaster Recovery • An Interactive Workshop in Management Consulting • Metrics from 6 Sigma and Integrity Selling for your client facing duties. 2
  • 3. Frameworks Overview EBSL ISO 27001:2005 & BS 17799 – ISO 27002:2005 CoBIT - Control Objectives for Information and Related Technology ITIL - IT Infrastructure Library CMMi - Capability Maturity Model Integration Firms need to be cognizant of framework overload Organizations need to set implementation goals for frameworks with adequate project management resources Proceed cautiously with any framework roll-out as the of-chance of an incorrect categorization of control objectives and/or application can defeat the purpose of a framework implementation & ROI assessment 3
  • 4. ISO 27001:2005 - basic overview EBSL ISO -International Organization for Standardization • ISO 27001/2 are management system standards that are applicable to all industry sectors • ISO 27001 is a formal specification which defines specific requirements for establishing an Information Security Management System(ISMS).It is not a technical standard & emphasizes prevention • It is a management system that should guide in an organizational balance of all aspects of security - physical,technical, procedural, and employee following a Plan-Do-Check-Act, Process Approach • A Process Approach emphasizes user understanding of an organization’s information security requirements and can help define and establish information security policies and objectives. 4
  • 5. Summarizing ISO 27001 EBSL • It defines an information management framework which sets; directions, aims, objectives and defines a management approved policy which holds management commitment • It's processes methodically identify security requirements by assessing security risks. The results of these assessments help guide the prioritizing of metrics to manage risks and the appropriate management action. This guides the selection and implementation of controls(policies, practices, procedures, organizational structures, software/hardware functions) and mechanisms. • Controls implemented subjectively should follow the identification of security requirements. Their aim, to ensure that risks are reduced to an acceptable level while meeting an organization's security objectives. 5
  • 6. ISO 27001/2 - basic overview 2 EBSL ISO 27002 • Follows on the guideline of ISO27001's ISMS • Can be regarded as a comprehensive collection of good security processes • It is a standard code of practice which define techniques one can implement to secure data • Both ISO 27001 & 27002 employs specific control statements which satisfy control objectives. We can group controls into six categories • Detect, Protect, Deter, React, Avoid & Recover • Per CoBIT “Control objectives provide a complete set of high level requirements to be considered by management” 6
  • 7. ISO 27001/2 generic controls EBSL Control . Control Objectives Detect Identification of the occurrence of security event/s, then implement protective, reactive or recovery safeguard mitigation Protect Safeguarding vulnerable information assets and/or assets with exposures to adverse security events Deter Mitigate the possibility of undesirable events being attempted React Minimize the impact of a security event with an adequate response to ensure business continuity Avoid Eliminate known vulnerabilities via patches,software updates, signature updates and take steps to avoid new issues. Recover After an event ensure that confidentiality,integrity and 7 availability of all information assets are restored to their
  • 8. Controls EBSL • Controls when properly implemented allow management to make well- informed risk management decisions. • This leads to properly secured IT systems responsible for storing, processing, or transmitting organizational data • Risk Management decisions justify IT related expenses via a cost/benefit analysis as well as assist management in supporting a system from it's documented risk management performance review which should be auditable • Tying it together - for any one organization an integrated GRC mindset needs to sit in front of operations i.e. Governance, Risk Management and Compliance rather than being seen as three distinct entities 8
  • 9. ISO 27001 questions EBSL Q. How does the ISO 27001/2 Series benefit our clients ? • It provides a uniform an effective information security management process for an organization • Proper implementation provides protection of organizational interests and that of their affiliates (subsidiaries, partners, vendors, customers) • It is the aim of senior management to ensure an organization's IT goals align with it's business goals. • By implementing the metrics within 27001/2 senior management can ensure that IT investments delivers value. Performance is accurately measured and resources allocated in a manner to ensure effective risk mitigation 9
  • 10. ISO 27001 questions EBSL Q. What is an ISMS ? • The Information Security Management System(ISMS) specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's documented ISMS. • It should maintain an overview of the organization's overall business risks and specify requirements for the implementation of security controls. Controls should be customized to the needs of the whole or part of the organization. 10
  • 11. Why a Risk Assessment Methodology(RAM)? EBSL Assuring information security is a portion of the larger subject of Risk Mitigation & Management. The most important takeaway from ISO 27001 should be establishing a risk assessment methodology (RAM) • A RAM enables an IT Manager to secure data in a manner that enables security Implementing a RAM ensures controls necessary to protect the business are • defined and implemented RAM Provides metrics: results that are repeatable and comparable which • can measure controls effectiveness 11
  • 12. Why a Risk Assessment Methodology(RAM)? EBSL A RAM ensures that controls implemented will not be overly complex,over-reaching or costly but rather tailored to organizational needs. ISO 27001/2 emphasizes the importance of controls which when implemented, impacts an organization's security statically. Controls need to be reassessed and at times either retired or improved as necessary A risk assessment methodology when properly implemented will ensure that an organization has the means to protect it's business functions at all times. 12
  • 13. Risk Relationships EBSL Source SQUARE Process Nancy R. Mead, Software Engineering Institute 13 https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/requirements/232- BSI.html
  • 14. Importance of Risk Management EBSL Organizations should • Establish and use a risk assessment methodology that takes into consideration all legal and regulatory responsibilities in addition to information security • Implement a framework for Conducting Risk Assessments • Quantify it's risks and either accept individual risks, or prioritize the implementation of security controls to mitigate (or not ) these risks in order of severity by developing a Risk Treatment Plan (RTP) which either • Accepts, Avoids or Transfers Risk; or Implement pertinent security controls. 14
  • 15. Where do we go? EBSL • Q1. How secure is the client if there are no metrics to measure security ? • Q2. Is a system secure if it has never been breached ? • Q3. The aim of a business is to realize a return on investment ( ROI); should ROI be more important than Risk Reduction Factor ? • Q4. How secure are e-business partners? • Q5. Are all the assets of an organization identified, listed and have proper ownership ? • Q6 Does the organization have a reactive or proactive stance ? 15
  • 16. EBSL End of Part 1 Questions ? 16