SlideShare a Scribd company logo
1 of 22
iFour Consultancy 
Security awareness seminar 
An introduction to ISO27k 
Part 3
Agenda 
 ISO 27001 
 A brief history of ISO27k 
 Plan-Do-Check-Act 
 CONTROL CLAUSES 
 IMPLEMENTATION PROCESS CYCLE 
 Benefits 
 Information security vision 
 Who is responsible? 
 Corporate Information Security Policy 
 Physical security 
 Password Guidelines 
 Internet usage 
 E-mail usage 
 Security incidents 
 Responsibilities 
http://www.ifour-consultancy.com Software outsourcing company in India
ISO 27001 
 ISO/IEC 27001 is an information security management system (ISMS) standard published by ISO & IEC 
 It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, 
maintaining and improving a documented Information Security Management System (ISMS) within an 
organisation 
 It is designed to ensure the selection of adequate and proportionate security controls to protect 
information assets 
http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India
A brief history of ISO27k 
1990’s 
• Information Security Management Code of Practice produced by a UK government-sponsored working 
group 
• Based on the security policy used by Shell 
• Became British Standard BS7799 
2000’s 
• Adopted by ISO/IEC 
• Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) 
• ISO/IEC 27001 published & certification scheme started 
Now 
• Expanding into a suite of information security standards (known as “ISO27k”) 
• Updated and reissued every few years 
http://www.ifour-consultancy.com Software outsourcing company in India
ISO 27001 
• Concerns the management of information security, not just 
IT/technical security 
• Formally specifies a management system 
• Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve 
alignment of security with risks 
• Covers all types of organizations (e.g. commercial companies, 
government agencies, not-for-profit organizations) and all sizes 
• Thousands of organizations worldwide have been certified compliant 
http://www.ifour-consultancy.com Software outsourcing company in India
Plan-Do-Check-Act 
http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES 
http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES 
 Information security policy - management direction 
 Organization of information security - management framework for 
implementation 
 Asset management – assessment, classification and protection of valuable 
information assets 
 HR security – security for joiners, movers and leavers 
 Physical & environmental security - prevents unauthorised access, theft, 
compromise, damage to information and computing facilities, power cuts 
http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES 
• Communications & operations management - ensures the correct and secure 
operation of IT 
• Access control – restrict unauthorized access to information assets 
• Information systems acquisition, development & maintenance – build security into 
systems 
• Information security incident management – deal sensibly with security incidents that 
arise 
• Business continuity management – maintain essential business processes and restore 
any that fail 
• Compliance - avoid breaching laws, regulations, policies and other security obligations 
http://www.ifour-consultancy.com Software outsourcing company in India
IMPLEMENTATION PROCESS CYCLE 
ASSET 
IDENTIFICATION 
& 
CLASSIFICATION 
http://www.ifour-consultancy.com Software outsourcing company in India
Benefits 
 Demonstrable commitment to security by the 
organization 
 Legal and regulatory compliance 
 Better risk management 
 Commercial credibility, confidence, and assurance 
 Reduced costs 
 Clear employee direction and improved awareness 
http://www.ifour-consultancy.com Software outsourcing company in India
Information security vision 
• Vision 
The organization is acknowledged as an industry leader for information 
security. 
• Mission 
To design, implement, operate, manage and maintain an Information 
Security Management System that complies with international standards, 
incorporating generally-accepted good security practices 
http://www.ifour-consultancy.com Software outsourcing company in India
Who is responsible? 
• Information Security Management Committee 
• Information Security Manager/CISO and Department 
• Incident Response Team 
• Business Continuity Team 
• IT, Legal/Compliance, HR, Risk and other departments 
• Audit Committee 
• Last but not least, you 
Information security is everyone’s responsibility 
http://www.ifour-consultancy.com Software outsourcing company in India
Corporate Information Security Policy 
Policy is signed by the CEO and 
mandated by top management 
Find it on the intranet 
http://www.ifour-consultancy.com Software outsourcing company in India
Physical security 
http://www.ifour-consultancy.com Software outsourcing company in India
Password Guidelines 
http://www.ifour-consultancy.com Software outsourcing company in India
Internet usage 
http://www.ifour-consultancy.com Software outsourcing company in India
E-mail usage 
 Use corporate email for business purposes only 
 Follow the email storage guidelines 
 If you receive spam email, simply delete it. If it is 
offensive or you receive a lot, call the IT Help/Service 
Desk 
 Do not use your corporate email address for personal email 
 Do not circulate chain letters, hoaxes, inappropriate jokes, 
videos etc. 
 Do not send emails outside the organization unless you are 
authorized to do so 
 Be very wary of email attachments and links, especially in 
unsolicited emails (most are virus-infected) 
http://www.ifour-consultancy.com Software outsourcing company in India
Security incidents 
 Report information security incidents, concerns and 
near-misses to IT Help/Service Desk: 
 Email … 
 Telephone … 
 Anonymous drop-boxes … 
 Take their advice on what to do 
 Do not discuss security incidents with anyone outside the 
organization 
 Do not attempt to interfere with, obstruct or prevent anyone 
else from reporting incidents
Responsibilities 
 Ensure your PC is getting antivirus updates and patches 
 Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the 
day 
 Store valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key 
 Take regular information back ups 
 Fulfill your security obligations: 
 Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and 
contracts 
 Comply with corporate policies and procedures 
 Stay up to date on information security: 
 Visit the intranet Security Zone when you have a moment 
http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India

More Related Content

What's hot

Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 

What's hot (20)

27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Iso 27001
Iso 27001Iso 27001
Iso 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 

Similar to ISO 27001 - Information security user awareness training presentation - part 3

Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property  While Offshore OutsourcingProtect Intellectual Property  While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingR Systems International
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world   cybersecurity for sb esSecuring your digital world   cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxAnoosha Factocert
 
6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...Anoosha Factocert
 

Similar to ISO 27001 - Information security user awareness training presentation - part 3 (20)

Information security
Information securityInformation security
Information security
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Role management
Role managementRole management
Role management
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property  While Offshore OutsourcingProtect Intellectual Property  While Offshore Outsourcing
Protect Intellectual Property While Offshore Outsourcing
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world   cybersecurity for sb esSecuring your digital world   cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
ISO 27001 Information Security Management.pdf
ISO 27001 Information Security Management.pdfISO 27001 Information Security Management.pdf
ISO 27001 Information Security Management.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
ITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet ENITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet EN
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
 
6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...
 

Recently uploaded

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Recently uploaded (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

ISO 27001 - Information security user awareness training presentation - part 3

  • 1. iFour Consultancy Security awareness seminar An introduction to ISO27k Part 3
  • 2. Agenda  ISO 27001  A brief history of ISO27k  Plan-Do-Check-Act  CONTROL CLAUSES  IMPLEMENTATION PROCESS CYCLE  Benefits  Information security vision  Who is responsible?  Corporate Information Security Policy  Physical security  Password Guidelines  Internet usage  E-mail usage  Security incidents  Responsibilities http://www.ifour-consultancy.com Software outsourcing company in India
  • 3. ISO 27001  ISO/IEC 27001 is an information security management system (ISMS) standard published by ISO & IEC  It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within an organisation  It is designed to ensure the selection of adequate and proportionate security controls to protect information assets http://www.ifour-consultancy.com Software outsourcing company in India
  • 5. A brief history of ISO27k 1990’s • Information Security Management Code of Practice produced by a UK government-sponsored working group • Based on the security policy used by Shell • Became British Standard BS7799 2000’s • Adopted by ISO/IEC • Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) • ISO/IEC 27001 published & certification scheme started Now • Expanding into a suite of information security standards (known as “ISO27k”) • Updated and reissued every few years http://www.ifour-consultancy.com Software outsourcing company in India
  • 6. ISO 27001 • Concerns the management of information security, not just IT/technical security • Formally specifies a management system • Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve alignment of security with risks • Covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes • Thousands of organizations worldwide have been certified compliant http://www.ifour-consultancy.com Software outsourcing company in India
  • 8. CONTROL CLAUSES http://www.ifour-consultancy.com Software outsourcing company in India
  • 9. CONTROL CLAUSES  Information security policy - management direction  Organization of information security - management framework for implementation  Asset management – assessment, classification and protection of valuable information assets  HR security – security for joiners, movers and leavers  Physical & environmental security - prevents unauthorised access, theft, compromise, damage to information and computing facilities, power cuts http://www.ifour-consultancy.com Software outsourcing company in India
  • 10. CONTROL CLAUSES • Communications & operations management - ensures the correct and secure operation of IT • Access control – restrict unauthorized access to information assets • Information systems acquisition, development & maintenance – build security into systems • Information security incident management – deal sensibly with security incidents that arise • Business continuity management – maintain essential business processes and restore any that fail • Compliance - avoid breaching laws, regulations, policies and other security obligations http://www.ifour-consultancy.com Software outsourcing company in India
  • 11. IMPLEMENTATION PROCESS CYCLE ASSET IDENTIFICATION & CLASSIFICATION http://www.ifour-consultancy.com Software outsourcing company in India
  • 12. Benefits  Demonstrable commitment to security by the organization  Legal and regulatory compliance  Better risk management  Commercial credibility, confidence, and assurance  Reduced costs  Clear employee direction and improved awareness http://www.ifour-consultancy.com Software outsourcing company in India
  • 13. Information security vision • Vision The organization is acknowledged as an industry leader for information security. • Mission To design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporating generally-accepted good security practices http://www.ifour-consultancy.com Software outsourcing company in India
  • 14. Who is responsible? • Information Security Management Committee • Information Security Manager/CISO and Department • Incident Response Team • Business Continuity Team • IT, Legal/Compliance, HR, Risk and other departments • Audit Committee • Last but not least, you Information security is everyone’s responsibility http://www.ifour-consultancy.com Software outsourcing company in India
  • 15. Corporate Information Security Policy Policy is signed by the CEO and mandated by top management Find it on the intranet http://www.ifour-consultancy.com Software outsourcing company in India
  • 16. Physical security http://www.ifour-consultancy.com Software outsourcing company in India
  • 17. Password Guidelines http://www.ifour-consultancy.com Software outsourcing company in India
  • 18. Internet usage http://www.ifour-consultancy.com Software outsourcing company in India
  • 19. E-mail usage  Use corporate email for business purposes only  Follow the email storage guidelines  If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk  Do not use your corporate email address for personal email  Do not circulate chain letters, hoaxes, inappropriate jokes, videos etc.  Do not send emails outside the organization unless you are authorized to do so  Be very wary of email attachments and links, especially in unsolicited emails (most are virus-infected) http://www.ifour-consultancy.com Software outsourcing company in India
  • 20. Security incidents  Report information security incidents, concerns and near-misses to IT Help/Service Desk:  Email …  Telephone …  Anonymous drop-boxes …  Take their advice on what to do  Do not discuss security incidents with anyone outside the organization  Do not attempt to interfere with, obstruct or prevent anyone else from reporting incidents
  • 21. Responsibilities  Ensure your PC is getting antivirus updates and patches  Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day  Store valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key  Take regular information back ups  Fulfill your security obligations:  Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts  Comply with corporate policies and procedures  Stay up to date on information security:  Visit the intranet Security Zone when you have a moment http://www.ifour-consultancy.com Software outsourcing company in India

Editor's Notes

  1. Software outsourcing company in India
  2. Software outsourcing company in India
  3. Software outsourcing company in India
  4. Software outsourcing company in India
  5. Software outsourcing company in India
  6. Software outsourcing company in India
  7. Software outsourcing company in India
  8. Software outsourcing company in India
  9. Software outsourcing company in India
  10. Software outsourcing company in India
  11. Software outsourcing company in India
  12. Software outsourcing company in India
  13. Software outsourcing company in India
  14. Software outsourcing company in India
  15. Software outsourcing company in India
  16. Software outsourcing company in India
  17. Software outsourcing company in India
  18. Software outsourcing company in India
  19. Software outsourcing company in India
  20. Software outsourcing company in India
  21. Software outsourcing company in India
  22. Software outsourcing company in India