SlideShare a Scribd company logo
1 of 13
Download to read offline
iFour Consultancy 
Security awareness seminar 
An introduction to ISO27k 
Part - 1
Agenda 
 Information 
 Information Types 
 Information Lifecycle 
 What is information security? 
 Security elements 
 People 
 Processes 
 Technology 
 Information security is valuable because it 
 Information security definition 
http://www.ifour-consultancy.com Software outsourcing company in India
Information 
 Information is an asset which, like other important business assets, has value 
to an organization and consequently needs to be suitably protected 
http://www.ifour-consultancy.com Software outsourcing company in India
Information Types 
Information exists in many forms: 
 Printed or written on paper 
 Stored electronically 
 Transmitted by post or electronic means 
 Visual e.g. videos, diagrams 
 Published on the Web 
 Verbal/oral e.g. conversations, phone calls 
 Intangible e.g. knowledge, experience, expertise, ideas 
http://www.ifour-consultancy.com Software outsourcing company in India
Information Lifecycle 
Information Can be: 
 Created 
 Owned (it is an asset) 
 Stored 
 Processed 
 Transmitted/communicated 
 Used (for proper or improper purposes) 
 Modified or corrupted 
 Shared or disclosed (whether appropriately or not) 
 Destroyed or lost 
 Stolen 
 Controlled, secured and protected throughout its existence 
http://www.ifour-consultancy.com Software outsourcing company in India
What is information security? 
 Information security is what keeps valuable information ‘free of danger’ (protected, safe from 
harm) 
 It is not something you buy, it is something you do 
 It’s a process not a product 
 It is achieved using a combination of suitable strategies and approaches: 
 Determining the risks to information and treating them accordingly (proactive risk management) 
 Protecting CIA (Confidentiality, Integrity and Availability) 
 Avoiding, preventing, detecting and recovering from incidents 
 Securing people, processes and technology … not just IT! 
http://www.ifour-consultancy.com Software outsourcing company in India
Security elements 
http://www.ifour-consultancy.com Software outsourcing company in India
People 
People who use or have an interest in our information security include: 
 Shareholders / owners 
 Management & staff 
 Customers / clients, suppliers & business partners 
 Service providers, contractors, consultants & advisors 
 Authorities, regulators & judges 
Our biggest threats arise from people (social engineers, unethical competitors, hackers, fraudsters, careless 
workers, bugs, flaws …), yet our biggest asset is our people (e.g. security-aware employees who spot trouble 
early) 
http://www.ifour-consultancy.com Software outsourcing company in India
Processes 
 Processes are work practices or workflows, the steps or activities needed 
to accomplish business objectives 
 Processes are described in procedures. 
 Virtually all business processes involve and/or depend on information 
making information a critical business asset. 
 Information security policies and procedures define how we secure 
information appropriately and repeatedly. 
http://www.ifour-consultancy.com Software outsourcing company in India
Technology 
 Cabling, data/voice networks and equipment 
 Telecommunications services (PABX, VoIP, ISDN, videoconferencing) 
 Phones, cellphones, PDAs 
 Computer servers, desktops and associated data storage devices (disks, tapes) 
 Operating system and application software 
 Paperwork, files 
 Pens, ink 
 Security technologies 
 Locks, barriers, card-access systems, CCTV 
http://www.ifour-consultancy.com Software outsourcing company in India
Information security is valuable because it 
 Protects information against various threats 
 Ensures business continuity 
 Minimizes financial losses and other impacts 
 Optimizes return on investments 
 Creates opportunities to do business safely 
 Maintains privacy and compliance 
We all depend on 
information security 
http://www.ifour-consultancy.com Software outsourcing company in India
Information security is defined as the preservation of: 
Confidentiality 
Making information accessible 
only to those authorized to 
use it 
Integrity 
Safeguarding the accuracy and 
completeness of information and 
processing methods 
Availability Ensuring that information is 
available when required 
http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India

More Related Content

What's hot

ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxMukesh Pant
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 

What's hot (20)

27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
ISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptxISMS User_Awareness Training.pptx
ISMS User_Awareness Training.pptx
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 

Viewers also liked

ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013   03202014Iso 27001 transition to 2013   03202014
Iso 27001 transition to 2013 03202014DQS Inc.
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Iso27001 The Road To Certification
Iso27001   The Road To CertificationIso27001   The Road To Certification
Iso27001 The Road To Certificationtschraider
 

Viewers also liked (15)

ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
ISO 27001:2013 - Changes
ISO 27001:2013 -  ChangesISO 27001:2013 -  Changes
ISO 27001:2013 - Changes
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013   03202014Iso 27001 transition to 2013   03202014
Iso 27001 transition to 2013 03202014
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Iso27001 The Road To Certification
Iso27001   The Road To CertificationIso27001   The Road To Certification
Iso27001 The Road To Certification
 

Similar to ISO 27001 - information security user awareness training presentation - Part 1

Intro to Information Security.ppt
Intro to Information Security.pptIntro to Information Security.ppt
Intro to Information Security.pptAnuraagAwasthi3
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze DataExchangeAgency
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and driversFreeform Dynamics
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityGerard McNamee
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxMohanPandey31
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.netethnos
 
Take the First Steps Toward Endpoint Security Protection
Take the First Steps Toward Endpoint Security ProtectionTake the First Steps Toward Endpoint Security Protection
Take the First Steps Toward Endpoint Security ProtectionVTECH SOLUTION
 
Running head hardware and software security14 hardware an
Running head hardware and software security14 hardware anRunning head hardware and software security14 hardware an
Running head hardware and software security14 hardware anAKHIL969626
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docxPrernaThakwani
 
a) In terms of software risk,an event is any situation or happening .pdf
a) In terms of software risk,an event is any situation or happening .pdfa) In terms of software risk,an event is any situation or happening .pdf
a) In terms of software risk,an event is any situation or happening .pdfanushafashions
 

Similar to ISO 27001 - information security user awareness training presentation - Part 1 (20)

Intro to Information Security.ppt
Intro to Information Security.pptIntro to Information Security.ppt
Intro to Information Security.ppt
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Information security
Information securityInformation security
Information security
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze FROM STRATEGY TO ACTION - Vasil Tsvimitidze
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Data security strategies and drivers
Data security strategies and driversData security strategies and drivers
Data security strategies and drivers
 
Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1Hki tsecuritysolutionsv1.1
Hki tsecuritysolutionsv1.1
 
information security
information securityinformation security
information security
 
An Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to SecurityAn Integrated, Intelligent Approach to Security
An Integrated, Intelligent Approach to Security
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.net
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Take the First Steps Toward Endpoint Security Protection
Take the First Steps Toward Endpoint Security ProtectionTake the First Steps Toward Endpoint Security Protection
Take the First Steps Toward Endpoint Security Protection
 
Running head hardware and software security14 hardware an
Running head hardware and software security14 hardware anRunning head hardware and software security14 hardware an
Running head hardware and software security14 hardware an
 
Unit 1 Information Security.docx
Unit 1 Information Security.docxUnit 1 Information Security.docx
Unit 1 Information Security.docx
 
a) In terms of software risk,an event is any situation or happening .pdf
a) In terms of software risk,an event is any situation or happening .pdfa) In terms of software risk,an event is any situation or happening .pdf
a) In terms of software risk,an event is any situation or happening .pdf
 

Recently uploaded

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 

Recently uploaded (20)

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 

ISO 27001 - information security user awareness training presentation - Part 1

  • 1. iFour Consultancy Security awareness seminar An introduction to ISO27k Part - 1
  • 2. Agenda  Information  Information Types  Information Lifecycle  What is information security?  Security elements  People  Processes  Technology  Information security is valuable because it  Information security definition http://www.ifour-consultancy.com Software outsourcing company in India
  • 3. Information  Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected http://www.ifour-consultancy.com Software outsourcing company in India
  • 4. Information Types Information exists in many forms:  Printed or written on paper  Stored electronically  Transmitted by post or electronic means  Visual e.g. videos, diagrams  Published on the Web  Verbal/oral e.g. conversations, phone calls  Intangible e.g. knowledge, experience, expertise, ideas http://www.ifour-consultancy.com Software outsourcing company in India
  • 5. Information Lifecycle Information Can be:  Created  Owned (it is an asset)  Stored  Processed  Transmitted/communicated  Used (for proper or improper purposes)  Modified or corrupted  Shared or disclosed (whether appropriately or not)  Destroyed or lost  Stolen  Controlled, secured and protected throughout its existence http://www.ifour-consultancy.com Software outsourcing company in India
  • 6. What is information security?  Information security is what keeps valuable information ‘free of danger’ (protected, safe from harm)  It is not something you buy, it is something you do  It’s a process not a product  It is achieved using a combination of suitable strategies and approaches:  Determining the risks to information and treating them accordingly (proactive risk management)  Protecting CIA (Confidentiality, Integrity and Availability)  Avoiding, preventing, detecting and recovering from incidents  Securing people, processes and technology … not just IT! http://www.ifour-consultancy.com Software outsourcing company in India
  • 7. Security elements http://www.ifour-consultancy.com Software outsourcing company in India
  • 8. People People who use or have an interest in our information security include:  Shareholders / owners  Management & staff  Customers / clients, suppliers & business partners  Service providers, contractors, consultants & advisors  Authorities, regulators & judges Our biggest threats arise from people (social engineers, unethical competitors, hackers, fraudsters, careless workers, bugs, flaws …), yet our biggest asset is our people (e.g. security-aware employees who spot trouble early) http://www.ifour-consultancy.com Software outsourcing company in India
  • 9. Processes  Processes are work practices or workflows, the steps or activities needed to accomplish business objectives  Processes are described in procedures.  Virtually all business processes involve and/or depend on information making information a critical business asset.  Information security policies and procedures define how we secure information appropriately and repeatedly. http://www.ifour-consultancy.com Software outsourcing company in India
  • 10. Technology  Cabling, data/voice networks and equipment  Telecommunications services (PABX, VoIP, ISDN, videoconferencing)  Phones, cellphones, PDAs  Computer servers, desktops and associated data storage devices (disks, tapes)  Operating system and application software  Paperwork, files  Pens, ink  Security technologies  Locks, barriers, card-access systems, CCTV http://www.ifour-consultancy.com Software outsourcing company in India
  • 11. Information security is valuable because it  Protects information against various threats  Ensures business continuity  Minimizes financial losses and other impacts  Optimizes return on investments  Creates opportunities to do business safely  Maintains privacy and compliance We all depend on information security http://www.ifour-consultancy.com Software outsourcing company in India
  • 12. Information security is defined as the preservation of: Confidentiality Making information accessible only to those authorized to use it Integrity Safeguarding the accuracy and completeness of information and processing methods Availability Ensuring that information is available when required http://www.ifour-consultancy.com Software outsourcing company in India

Editor's Notes

  1. Software outsourcing company in India
  2. Software outsourcing company in India
  3. Software outsourcing company in India
  4. Software outsourcing company in India
  5. Software outsourcing company in India
  6. Software outsourcing company in India
  7. Software outsourcing company in India
  8. Software outsourcing company in India
  9. Software outsourcing company in India
  10. Software outsourcing company in India
  11. Software outsourcing company in India
  12. Software outsourcing company in India
  13. Software outsourcing company in India