Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
iFour Consultancy 
Security awareness seminar 
An introduction to ISO27k 
Part 3
Agenda 
 ISO 27001 
 A brief history of ISO27k 
 Plan-Do-Check-Act 
 CONTROL CLAUSES 
 IMPLEMENTATION PROCESS CYCLE 
...
ISO 27001 
 ISO/IEC 27001 is an information security management system (ISMS) standard published by ISO & IEC 
 It speci...
http://www.ifour-consultancy.com Software outsourcing company in India
A brief history of ISO27k 
1990’s 
• Information Security Management Code of Practice produced by a UK government-sponsore...
ISO 27001 
• Concerns the management of information security, not just 
IT/technical security 
• Formally specifies a mana...
Plan-Do-Check-Act 
http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES 
http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES 
 Information security policy - management direction 
 Organization of information security - management...
CONTROL CLAUSES 
• Communications & operations management - ensures the correct and secure 
operation of IT 
• Access cont...
IMPLEMENTATION PROCESS CYCLE 
ASSET 
IDENTIFICATION 
& 
CLASSIFICATION 
http://www.ifour-consultancy.com Software outsourc...
Benefits 
 Demonstrable commitment to security by the 
organization 
 Legal and regulatory compliance 
 Better risk man...
Information security vision 
• Vision 
The organization is acknowledged as an industry leader for information 
security. 
...
Who is responsible? 
• Information Security Management Committee 
• Information Security Manager/CISO and Department 
• In...
Corporate Information Security Policy 
Policy is signed by the CEO and 
mandated by top management 
Find it on the intrane...
Physical security 
http://www.ifour-consultancy.com Software outsourcing company in India
Password Guidelines 
http://www.ifour-consultancy.com Software outsourcing company in India
Internet usage 
http://www.ifour-consultancy.com Software outsourcing company in India
E-mail usage 
 Use corporate email for business purposes only 
 Follow the email storage guidelines 
 If you receive sp...
Security incidents 
 Report information security incidents, concerns and 
near-misses to IT Help/Service Desk: 
 Email …...
Responsibilities 
 Ensure your PC is getting antivirus updates and patches 
 Lock your keyboard (Windows-L) before leavi...
http://www.ifour-consultancy.com Software outsourcing company in India
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
Information Security & ISO27001
Next
Download to read offline and view in fullscreen.

23

Share

Download to read offline

ISO 27001 - Information security user awareness training presentation - part 3

Download to read offline

Information security and ISO 27001-2013 standards and its importance.

http://www.ifour-consultancy.com

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

ISO 27001 - Information security user awareness training presentation - part 3

  1. 1. iFour Consultancy Security awareness seminar An introduction to ISO27k Part 3
  2. 2. Agenda  ISO 27001  A brief history of ISO27k  Plan-Do-Check-Act  CONTROL CLAUSES  IMPLEMENTATION PROCESS CYCLE  Benefits  Information security vision  Who is responsible?  Corporate Information Security Policy  Physical security  Password Guidelines  Internet usage  E-mail usage  Security incidents  Responsibilities http://www.ifour-consultancy.com Software outsourcing company in India
  3. 3. ISO 27001  ISO/IEC 27001 is an information security management system (ISMS) standard published by ISO & IEC  It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within an organisation  It is designed to ensure the selection of adequate and proportionate security controls to protect information assets http://www.ifour-consultancy.com Software outsourcing company in India
  4. 4. http://www.ifour-consultancy.com Software outsourcing company in India
  5. 5. A brief history of ISO27k 1990’s • Information Security Management Code of Practice produced by a UK government-sponsored working group • Based on the security policy used by Shell • Became British Standard BS7799 2000’s • Adopted by ISO/IEC • Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) • ISO/IEC 27001 published & certification scheme started Now • Expanding into a suite of information security standards (known as “ISO27k”) • Updated and reissued every few years http://www.ifour-consultancy.com Software outsourcing company in India
  6. 6. ISO 27001 • Concerns the management of information security, not just IT/technical security • Formally specifies a management system • Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve alignment of security with risks • Covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes • Thousands of organizations worldwide have been certified compliant http://www.ifour-consultancy.com Software outsourcing company in India
  7. 7. Plan-Do-Check-Act http://www.ifour-consultancy.com Software outsourcing company in India
  8. 8. CONTROL CLAUSES http://www.ifour-consultancy.com Software outsourcing company in India
  9. 9. CONTROL CLAUSES  Information security policy - management direction  Organization of information security - management framework for implementation  Asset management – assessment, classification and protection of valuable information assets  HR security – security for joiners, movers and leavers  Physical & environmental security - prevents unauthorised access, theft, compromise, damage to information and computing facilities, power cuts http://www.ifour-consultancy.com Software outsourcing company in India
  10. 10. CONTROL CLAUSES • Communications & operations management - ensures the correct and secure operation of IT • Access control – restrict unauthorized access to information assets • Information systems acquisition, development & maintenance – build security into systems • Information security incident management – deal sensibly with security incidents that arise • Business continuity management – maintain essential business processes and restore any that fail • Compliance - avoid breaching laws, regulations, policies and other security obligations http://www.ifour-consultancy.com Software outsourcing company in India
  11. 11. IMPLEMENTATION PROCESS CYCLE ASSET IDENTIFICATION & CLASSIFICATION http://www.ifour-consultancy.com Software outsourcing company in India
  12. 12. Benefits  Demonstrable commitment to security by the organization  Legal and regulatory compliance  Better risk management  Commercial credibility, confidence, and assurance  Reduced costs  Clear employee direction and improved awareness http://www.ifour-consultancy.com Software outsourcing company in India
  13. 13. Information security vision • Vision The organization is acknowledged as an industry leader for information security. • Mission To design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporating generally-accepted good security practices http://www.ifour-consultancy.com Software outsourcing company in India
  14. 14. Who is responsible? • Information Security Management Committee • Information Security Manager/CISO and Department • Incident Response Team • Business Continuity Team • IT, Legal/Compliance, HR, Risk and other departments • Audit Committee • Last but not least, you Information security is everyone’s responsibility http://www.ifour-consultancy.com Software outsourcing company in India
  15. 15. Corporate Information Security Policy Policy is signed by the CEO and mandated by top management Find it on the intranet http://www.ifour-consultancy.com Software outsourcing company in India
  16. 16. Physical security http://www.ifour-consultancy.com Software outsourcing company in India
  17. 17. Password Guidelines http://www.ifour-consultancy.com Software outsourcing company in India
  18. 18. Internet usage http://www.ifour-consultancy.com Software outsourcing company in India
  19. 19. E-mail usage  Use corporate email for business purposes only  Follow the email storage guidelines  If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk  Do not use your corporate email address for personal email  Do not circulate chain letters, hoaxes, inappropriate jokes, videos etc.  Do not send emails outside the organization unless you are authorized to do so  Be very wary of email attachments and links, especially in unsolicited emails (most are virus-infected) http://www.ifour-consultancy.com Software outsourcing company in India
  20. 20. Security incidents  Report information security incidents, concerns and near-misses to IT Help/Service Desk:  Email …  Telephone …  Anonymous drop-boxes …  Take their advice on what to do  Do not discuss security incidents with anyone outside the organization  Do not attempt to interfere with, obstruct or prevent anyone else from reporting incidents
  21. 21. Responsibilities  Ensure your PC is getting antivirus updates and patches  Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day  Store valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key  Take regular information back ups  Fulfill your security obligations:  Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts  Comply with corporate policies and procedures  Stay up to date on information security:  Visit the intranet Security Zone when you have a moment http://www.ifour-consultancy.com Software outsourcing company in India
  22. 22. http://www.ifour-consultancy.com Software outsourcing company in India
  • ErSonaliNasikkar

    Sep. 28, 2020
  • jhonnywhite1

    May. 21, 2020
  • ViolettaZurek

    Mar. 6, 2019
  • SiddiQuiANas

    May. 29, 2018
  • CcileDoussine

    May. 27, 2018
  • IdrissBouhoun

    May. 16, 2018
  • GodwinJacobMbekelu

    Jan. 10, 2018
  • RajeelJain

    Jan. 4, 2018
  • SateeshChandra2

    Nov. 14, 2017
  • JohanvanderPluijm

    Sep. 4, 2017
  • chzia

    May. 17, 2017
  • yancys

    Mar. 14, 2017
  • HassanAsseriBPMITIL

    Jan. 23, 2017
  • masumbillah22

    Nov. 25, 2016
  • hazem_baz

    Nov. 3, 2016
  • VinodhPremkumar

    Oct. 10, 2016
  • TomohiroIshiguro

    Jul. 27, 2016
  • AnaVega34

    Jun. 22, 2016
  • rajashilpi

    Jun. 3, 2016
  • VuongNguyen45

    May. 13, 2016

Information security and ISO 27001-2013 standards and its importance. http://www.ifour-consultancy.com

Views

Total views

21,342

On Slideshare

0

From embeds

0

Number of embeds

71

Actions

Downloads

2,106

Shares

0

Comments

0

Likes

23

×