Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Iso 27001 2013 management clause 7 - Support - by Software development company in india
Next
Download to read offline and view in fullscreen.

Share

ISO 270001 Management Clause - 6

Download to read offline

This presentation talks about the clause 6 which focuses on the organization of Information Security

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

ISO 270001 Management Clause - 6

  1. 1. iFour ConsultancyISMS Framework: Clause 6 – Organization of Information Security
  2. 2.  ISO 27001:2013 has classified the Organization of Information Security into: Clause A.6.1: Internal Organization Clause A.6.2: Mobile devices and Teleworking Organization of Information Security – ISMS Requirements ISO for Software Outsourcing Companies in India
  3. 3.  To establish a management framework to initiate and control the implementation operation of information security within the organization. Clause A.6.1: Internal Organization A.6.1.1 Information security roles and responsibilities A.6.1.2 Segregation of duties A.6.1.3 Contact with authorities A.6.1.4 Contact with special interest groups A.6.1.5 Information security in project management
  4. 4. Identification of the individual/individuals responsible for security of each information facility Clear definition and identification of assets and associated security controls for each information facility A.6.1.1 Information Security Roles and Responsibilities ISO for Software Outsourcing Companies in India • All information security responsibilities shall be defined and allocated.
  5. 5. A.6.1.2 Segregation of Duties The first is the prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. • Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets.
  6. 6. A.6.1.3 Contact with Authorities Specification of the manner and timing in which breaches shall be communicated to external authorities so as to ensure appropriate reporting Development of procedures, policies and contact lists that specify by whom and when external authorities should be contacted • Appropriate contacts with relevant authorities shall be maintained.
  7. 7. A.6.1.4 Contact with Special Interest Groups • Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.
  8. 8. A.6.1.5 Information Security in Project Management set out the basics of how information security should be considered as part of the overall framework of the project management with organization creation of “mini-ISMS” within the project to ensure that risks are identified and managed • Information security shall be addressed in project management, regardless of the type of the project.
  9. 9.  To ensure the security of teleworking and use of mobile devices. A.6.2 Mobile Devices and Teleworking A.6.2.1 Mobile Device Policy A.6.2.2 Teleworking Policy
  10. 10. A.6.2.1 Mobile Device Policy Regular data backups for stored sensitive data Physical security measures Secure communication methods for transmitted data such as Virtual Private Network Updates for operating system and other software updating Access control and appropriate user authentication (biometric-based) Cryptographic methods for sensitive data Protective software such as anti-virus and others
  11. 11. A.6.2.2 Teleworking Policy Environmental and physical security measures Policies concerning safety of private property used at the site Appropriate user access control and authentication Security measures for wireless and wired network configurations at the site Cryptographic techniques for communications from/to the site and data storage Data backup at regular intervals and security measures for those backup copies
  12. 12.  https://spaces.internet2.edu/display/2014infosecurityguide/Asset+Management  http://it.med.miami.edu/x2227.xml  http://it.med.miami.edu/x1771.xml  https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja& uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.com  http://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it- security.html References ISO for Software Outsourcing Companies in India
  13. 13. Visit our websites :  http://www.ifour-consultancy.com  http://www.ifourtechnolab.com For more details : ISO for Software Outsourcing Companies in India

This presentation talks about the clause 6 which focuses on the organization of Information Security

Views

Total views

629

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

49

Shares

0

Comments

0

Likes

0

×