SlideShare a Scribd company logo

It security iso 27001

Iris Maaß
Iris Maaß

This document summarizes several information management system standards including ISO 9001, ISO 27001, ISO 20000-1, and ISO 22301. It provides an overview of the benefits of certification, including improved quality, risk management, and gaining customer trust. It also describes the focus and key requirements of each standard, and recommends which ones would be most suitable for different company sizes and industries depending on their needs around quality management, information security, IT service management, and business continuity.

Technology
1 of 20
Download to read offline
Zertifizierung Sales Presentation M t f I f ti S t Zerifizierung Management of Information Systems 27/05/2015Iris Maaß 2015 1
ContentsContents  Benefit of information management systems  Significance of certification  Overview of the central information management systems  ISO 9001 Quality Management focusing on IT  ISO 27001 Information Security Management System (ISMS) ISO 27001 Information Security Management System (ISMS)  ISO 20000-1 Service Management System (SMS)  ISO 22301 Business Continuity Management System (BCM)ISO 22301 Business Continuity Management System (BCM)  Decision-making aid: What standard is the right one for your company?  Arguments for certification by TÜV NORD CERT  What happens when you come to us  Further information 27/05/2015Iris Maaß 2015 2
Benefits of information management systemsBenefits of information management systems  Quality and finances are managed, as are the company's important resources such as personnel, required material  Similarly data security, risks and operational continuity must be managed as a major company resourcemanaged as a major company resource.  Data risks increase in proportion to the relocation of business onto the internet via online shops and to the extent external service providers are used (Cloud Computing, Outsourcing)  Half of all hacking attacks worldwide are aimed at companies with a maximum of 2500 employees (not only large corporations area maximum of 2500 employees (not only large corporations are affected) [Symantec study]  Anyone offering IT services externally (B2B or B2C) must ensure there is trust in his services 27/05/2015Iris Maaß 2015 3
Significance of certificationSignificance of certification  Any audit conducted by a neutral, independent organisation on your management system ensures the confidence of the market O hi hl lifi d dit hi hli ht b th l f b t Our highly qualified auditors highlight both examples of best practice in your system and weak points, thus helping you to improve  The decision to obtain certification signalises in the company that i l t ti f th t t i j timplementation of the management system is a major concern to you  When the date is set for certification this will mobilise the necessary forces to implement the management system l t l d h d l ( i i i t )completely and on schedule (overcoming inner resistance) 27/05/2015Iris Maaß 2015 4
Overview of the possible standards relating to ITOverview of the possible standards relating to IT Focus ISO 9001 ISO 27001 ISO 20000-1 ISO 22301 Management system Yes Yes Yes Yes Accredited Yes Yes Yes YesAccredited Yes Yes Yes Yes Manual, CIP, goals Yes Yes Yes Yes Statement to the outside Quality Data security IT service quality Business continuity Customer General Security Service level RiskCustomer requirement General Security Service level agreements Risk management Regulatory requirements/ Yes Yes - - requirements/ data protection 27/05/2015Iris Maaß 2015 5
Overview of information management systemsOverview of information management systems  ISO 9001 certifies the fundamental structure of a management system based on customer orientation  Certification to ISO 27001, 20000-1 and ISO 22301 represent specialisations with different points of focusspecialisations with different points of focus.  ISO 27001: Security of information including qualitative, operational, business continuity and IT service-related requirements; special consideration of risk management  Is the important foundation for the IT architecture  ISO 20000-1 is the pure view of the IT services as a service ISO 20000-1 is the pure view of the IT services as a service process  ISO 22301 focuses on the continuous business sequence and manages the critical business processes; the risks of operational interruptions are identified, examined and evaluated 27/05/2015Iris Maaß 2015 6
ISO 27001 Information Security ManagementISO 27001 Information Security Management  An Information Security Management SystemAn Information Security Management System (ISMS) is that part of the whole management system which covers the following on the basis of a business risk approach:business risk approach:  the development,  implementation,implementation,  conduct,  surveillance,  review,  maintenance  and improvement of the information security 27/05/2015Iris Maaß 2015 7
ISO 27001 Information Security Management SystemISO 27001 Information Security Management System  Good information is a major value added factor in the company  Confidentiality, availability and integrity should be the basis for the evaluation of information I f ti i t ( i l ) Information is an asset (a precious value)  An ISMS (Information Security Management System) counteracts risks and guarantees information securityg y  Alongside adverse influences, statutory, regulatory and contractual provisions are taken into account in the ISMS  Certification is appropriate for all organisations and companies for whom IT and Data possess a special value  Certification can also proceed in combination with ISO 9001 ISO Certification can also proceed in combination with ISO 9001, ISO 20000-1 and/or ISO 22301 27/05/2015Iris Maaß 2015 8
ISO 27001 Information Security Management SystemISO 27001 Information Security Management System Benefits of certification according to ISO 27001:  Reveals weak points in the handling of information  Sensitises employees and enhances risk awareness  Minimises risks  Creates confidence in the organisation, among customers, partners and investorspartners and investors 27/05/2015Iris Maaß 2015 9
ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  IT security can be considered from 2 angles: Accredited certification according to ISO 27001 (ISO 27001 native) Approach of the Federal Office for Information Security (BSI basic protection)protection) Management-based view (top down), business-oriented approach Component-based view (bottom up), approach specific to the authority Procedures to guarantee the ISMS are detemined by the organisation itself, evaluation according to risk methodology Formal procedure according to BSI 100- 2: Introduction of all requirements according to BSI basic protection manualevaluation according to risk methodology of the organisation according to BSI basic protection manual (rigid check list) Certification by accredited certification body TÜV NORD CERT, certificate Audit by recognised and licensed auditor at TÜV NORD CERT; certificate issuedbody TÜV NORD CERT, certificate issued by TÜV NORD CERT at TÜV NORD CERT; certificate issued by BSI Recognised worldwide Recognised in Germany 27/05/2015Iris Maaß 2015 10
ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  Both approaches have their justification  We recommend ISO 27001 native because it can be tailored to your needs in your company and the certificate is also recognised in international business transactionsin international business transactions  The ISMS Auditors at TÜV NORD CERT are licensed for both and can offer you both audits or a combination of the two 27/05/2015Iris Maaß 2015 11
ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  Internationally recognised standard defines the requirements for a professional IT Service Management System  80% of the IT budget is connected directly with the service processes  high cost relevance of efficient processesprocesses  high cost relevance of efficient processes  Enables organisations to measure objectively their capability to render services and making it comparable (benchmarking)  Orientation of IT Services (in-house or external) towards the needs of customers or the requirements of the core business R d ti f ti i k d li ith t t l Reduction of operative risks and compliance with contractual assurances (Service Level Agreements)  Integration of the process-based approach of the ISO systems withIntegration of the process based approach of the ISO systems with PDCA cycle and continuous improvement with the requirements for IT service processes 27/05/2015Iris Maaß 2015 12
ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  ISO 20000 helps assure high service quality in terms of cost efficiency and risk consideration ProcessProcess efficiency Coverage of risks Cost efficiency Beste iservice quality 27/05/2015Iris Maaß 2015 13
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Formerly BS 25999-2  This concerns maintenance of business operations despite serious impairment (power failure, pandemic, political events) Ri k i d l d t h h l ti Risk scenarios are developed to show how regular operation can be resumed in the shortest possible time after a break due to disruption  Reduction of damage, threats  Certification offers independent, qualified statement on efficiency d d f th ti l d t ti fand soundness of the contingency plans and restoration of business operations  In addition information can be found in a Code of PracticeIn addition information can be found in a Code of Practice according to BS 25999-1 27/05/2015Iris Maaß 2015 14
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Certification recommended for larger SMEs and large enterprises  Important in particular where there is greater global networking of partners, suppliers and in the case of hived-off sub-processes C tifi ti fi th i t f t f iti l Certifications confirms the existence of a system for critical business processes in order to continue the system in exceptional cases  Certainty concerning the validity of a company's own risk management P iti i li bl b i t b tifi ti t th Positioning as reliable business partner by certification to the outside world 27/05/2015Iris Maaß 2015 15
What standard is the right one for your company?What standard is the right one for your company? ISO 9001 Focus on customer orientation and management system in general  Introduction to the subject of management systems ISO 27001 For all companies where data handling plays a role  Service providers, IT companies, banks + insurance i t di i bli i tit ticompanies, trading companies, public institutions ISO 20000-1 IT service providers, service centres within organisations ISO 22301 SME l i f kf f 2000ISO 22301 SMEs or large companies from workforce of 2000 up, public utilities (power plants), all organisations where continuous business operations are of vital importance 27/05/2015Iris Maaß 2015 16
Reasons for accredited certificationReasons for accredited certification  Numerous voluntary quality marks flood the market  Their scope is normally restricted to the German market  Voluntary quality marks are normally only based on house t d d ( dit dstandards (no accredited surveillance) Benefits of international standards from this presentation:p  Worldwide recognition (International Standardization Organisation)  Certifier TÜV NORD CERT is accredited  Surveillance of certification by the accreditation body (DAkkS; German accreditation body which conducts the statutory surveillance for Germany)surveillance for Germany)  Internationally certification is subject to surveillance by accreditation bodies in Europe and worldwide acc. to same rules in every country  certification acc. to ISO standards is sounder 27/05/2015Iris Maaß 2015 17
What happens when you come to usWhat happens when you come to us 1. Provisional offer by our Sales Department 2. If offer is accepted 3. A suitable suitor is assigned 4. You receive a written confirmation 5. Auditor contacts you to discuss a time frame for the certification, clarification of open questionsclarification of open questions 6. Despatch of an audit schedule approx. 4 weeks prior to audit date 7. Stage 1 For first certification establishment of certifiability of yourg y y organisation with report 8. Stage 2 Audit in your company with report 9. Certification decision in the certification body 10. Issuance of a certification if result of audit is positive 27/05/2015Iris Maaß 2015 18
Training course at TÜV NORD Akademie for information managementinformation management  Chief Information Security Officer -CISO (TÜV)–examination Chi f I f ti S it Offi CISO (TÜV) Chief Information Security Officer-CISO (TÜV)  Information Security Management  Information Security Officer ISO (TÜV) examination Information Security Officer ISO (TÜV)-examination  Information Security Officer-ISO (TÜV)  IT Basic Protection Expert (TÜV)IT Basic Protection Expert (TÜV)  IT Basic Protection Expert (TÜV) examination - IT law compact Contact: TÜV NORD Akademie email: akademie@tuev-nord.de Tel.: 0800 8888020 (toll-free service number in Germany) 27/05/2015Iris Maaß 2015 19
Contact: Iris Maaß imaass@tuev-nord.de Phone: +49 511 9986 2660Phone: +49 511 9986 2660 27/05/2015Iris Maaß 2015 20

Recommended

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 

Recommended

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Iso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 lowIso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 lowLakshy Management Consultant Pvt Ltd
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfLakshy Management Consultant Pvt Ltd
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Select information security system 2015en
Select information security system 2015enSelect information security system 2015en
Select information security system 2015enIris Maaß
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONSBeingcert_Certifications
 

More Related Content

What's hot

ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 

What's hot (20)

ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Iso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 lowIso 29001 white paper lakshy rev02_17022015 low
Iso 29001 white paper lakshy rev02_17022015 low
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdfIso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
Iso 28000 supply chain white paper lakshy rev02_17022015 low.pdf
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICS
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 

Similar to It security iso 27001

Select information security system 2015en
Select information security system 2015enSelect information security system 2015en
Select information security system 2015enIris Maaß
 
ISO 28000:2008 Certification
ISO 28000:2008 Certification ISO 28000:2008 Certification
ISO 28000:2008 Certification Sifiso Nxele
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Health, Safety and Security through Compliance
Health, Safety and Security through ComplianceHealth, Safety and Security through Compliance
Health, Safety and Security through Compliancekanew396
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S proaxissolutions
 
ISO 9001 implementation in IT Companies
ISO 9001 implementation in IT CompaniesISO 9001 implementation in IT Companies
ISO 9001 implementation in IT Companiesannoyket
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptHardinScott8
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course Desmond Muchetu
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptkeithhansen21
 
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?sistemaCertification
 
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14said missoum
 
Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Grigoriy Chkheidze
 
ISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptjohnwesley758817
 
ISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptkeithhansen21
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 

Similar to It security iso 27001 (20)

Select information security system 2015en
Select information security system 2015enSelect information security system 2015en
Select information security system 2015en
 
ISO CERTIFICATIONS
ISO CERTIFICATIONSISO CERTIFICATIONS
ISO CERTIFICATIONS
 
ISO 28000:2008 Certification
ISO 28000:2008 Certification ISO 28000:2008 Certification
ISO 28000:2008 Certification
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Isms2
Isms2Isms2
Isms2
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Health, Safety and Security through Compliance
Health, Safety and Security through ComplianceHealth, Safety and Security through Compliance
Health, Safety and Security through Compliance
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
I N F O R M A T I O N & C Y B E R S E C U R I T Y A U D I T S
 
ISO 9001 implementation in IT Companies
ISO 9001 implementation in IT CompaniesISO 9001 implementation in IT Companies
ISO 9001 implementation in IT Companies
 
ISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .pptISO 27001 Certification in indiamain .ppt
ISO 27001 Certification in indiamain .ppt
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
certificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).pptcertificacion ISO 27001 bogota (Spain).ppt
certificacion ISO 27001 bogota (Spain).ppt
 
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
✅ WHY IS ISO 20000-1 CERTIFICATION A GOOD IDEA FOR YOUR ORGANIZATION GROWTH?
 
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
 
Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...
 
ISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.pptISO 27001 Certification-Article mod 3.ppt
ISO 27001 Certification-Article mod 3.ppt
 
ISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).pptISO 27001 Certification(Israel).ppt
ISO 27001 Certification(Israel).ppt
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

It security iso 27001

  • 1. Zertifizierung Sales Presentation M t f I f ti S t Zerifizierung Management of Information Systems 27/05/2015Iris Maaß 2015 1
  • 2. ContentsContents  Benefit of information management systems  Significance of certification  Overview of the central information management systems  ISO 9001 Quality Management focusing on IT  ISO 27001 Information Security Management System (ISMS) ISO 27001 Information Security Management System (ISMS)  ISO 20000-1 Service Management System (SMS)  ISO 22301 Business Continuity Management System (BCM)ISO 22301 Business Continuity Management System (BCM)  Decision-making aid: What standard is the right one for your company?  Arguments for certification by TÜV NORD CERT  What happens when you come to us  Further information 27/05/2015Iris Maaß 2015 2
  • 3. Benefits of information management systemsBenefits of information management systems  Quality and finances are managed, as are the company's important resources such as personnel, required material  Similarly data security, risks and operational continuity must be managed as a major company resourcemanaged as a major company resource.  Data risks increase in proportion to the relocation of business onto the internet via online shops and to the extent external service providers are used (Cloud Computing, Outsourcing)  Half of all hacking attacks worldwide are aimed at companies with a maximum of 2500 employees (not only large corporations area maximum of 2500 employees (not only large corporations are affected) [Symantec study]  Anyone offering IT services externally (B2B or B2C) must ensure there is trust in his services 27/05/2015Iris Maaß 2015 3
  • 4. Significance of certificationSignificance of certification  Any audit conducted by a neutral, independent organisation on your management system ensures the confidence of the market O hi hl lifi d dit hi hli ht b th l f b t Our highly qualified auditors highlight both examples of best practice in your system and weak points, thus helping you to improve  The decision to obtain certification signalises in the company that i l t ti f th t t i j timplementation of the management system is a major concern to you  When the date is set for certification this will mobilise the necessary forces to implement the management system l t l d h d l ( i i i t )completely and on schedule (overcoming inner resistance) 27/05/2015Iris Maaß 2015 4
  • 5. Overview of the possible standards relating to ITOverview of the possible standards relating to IT Focus ISO 9001 ISO 27001 ISO 20000-1 ISO 22301 Management system Yes Yes Yes Yes Accredited Yes Yes Yes YesAccredited Yes Yes Yes Yes Manual, CIP, goals Yes Yes Yes Yes Statement to the outside Quality Data security IT service quality Business continuity Customer General Security Service level RiskCustomer requirement General Security Service level agreements Risk management Regulatory requirements/ Yes Yes - - requirements/ data protection 27/05/2015Iris Maaß 2015 5
  • 6. Overview of information management systemsOverview of information management systems  ISO 9001 certifies the fundamental structure of a management system based on customer orientation  Certification to ISO 27001, 20000-1 and ISO 22301 represent specialisations with different points of focusspecialisations with different points of focus.  ISO 27001: Security of information including qualitative, operational, business continuity and IT service-related requirements; special consideration of risk management  Is the important foundation for the IT architecture  ISO 20000-1 is the pure view of the IT services as a service ISO 20000-1 is the pure view of the IT services as a service process  ISO 22301 focuses on the continuous business sequence and manages the critical business processes; the risks of operational interruptions are identified, examined and evaluated 27/05/2015Iris Maaß 2015 6
  • 7. ISO 27001 Information Security ManagementISO 27001 Information Security Management  An Information Security Management SystemAn Information Security Management System (ISMS) is that part of the whole management system which covers the following on the basis of a business risk approach:business risk approach:  the development,  implementation,implementation,  conduct,  surveillance,  review,  maintenance  and improvement of the information security 27/05/2015Iris Maaß 2015 7
  • 8. ISO 27001 Information Security Management SystemISO 27001 Information Security Management System  Good information is a major value added factor in the company  Confidentiality, availability and integrity should be the basis for the evaluation of information I f ti i t ( i l ) Information is an asset (a precious value)  An ISMS (Information Security Management System) counteracts risks and guarantees information securityg y  Alongside adverse influences, statutory, regulatory and contractual provisions are taken into account in the ISMS  Certification is appropriate for all organisations and companies for whom IT and Data possess a special value  Certification can also proceed in combination with ISO 9001 ISO Certification can also proceed in combination with ISO 9001, ISO 20000-1 and/or ISO 22301 27/05/2015Iris Maaß 2015 8
  • 9. ISO 27001 Information Security Management SystemISO 27001 Information Security Management System Benefits of certification according to ISO 27001:  Reveals weak points in the handling of information  Sensitises employees and enhances risk awareness  Minimises risks  Creates confidence in the organisation, among customers, partners and investorspartners and investors 27/05/2015Iris Maaß 2015 9
  • 10. ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  IT security can be considered from 2 angles: Accredited certification according to ISO 27001 (ISO 27001 native) Approach of the Federal Office for Information Security (BSI basic protection)protection) Management-based view (top down), business-oriented approach Component-based view (bottom up), approach specific to the authority Procedures to guarantee the ISMS are detemined by the organisation itself, evaluation according to risk methodology Formal procedure according to BSI 100- 2: Introduction of all requirements according to BSI basic protection manualevaluation according to risk methodology of the organisation according to BSI basic protection manual (rigid check list) Certification by accredited certification body TÜV NORD CERT, certificate Audit by recognised and licensed auditor at TÜV NORD CERT; certificate issuedbody TÜV NORD CERT, certificate issued by TÜV NORD CERT at TÜV NORD CERT; certificate issued by BSI Recognised worldwide Recognised in Germany 27/05/2015Iris Maaß 2015 10
  • 11. ISO 27001 native and BSI basic protectionISO 27001 native and BSI basic protection  Both approaches have their justification  We recommend ISO 27001 native because it can be tailored to your needs in your company and the certificate is also recognised in international business transactionsin international business transactions  The ISMS Auditors at TÜV NORD CERT are licensed for both and can offer you both audits or a combination of the two 27/05/2015Iris Maaß 2015 11
  • 12. ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  Internationally recognised standard defines the requirements for a professional IT Service Management System  80% of the IT budget is connected directly with the service processes  high cost relevance of efficient processesprocesses  high cost relevance of efficient processes  Enables organisations to measure objectively their capability to render services and making it comparable (benchmarking)  Orientation of IT Services (in-house or external) towards the needs of customers or the requirements of the core business R d ti f ti i k d li ith t t l Reduction of operative risks and compliance with contractual assurances (Service Level Agreements)  Integration of the process-based approach of the ISO systems withIntegration of the process based approach of the ISO systems with PDCA cycle and continuous improvement with the requirements for IT service processes 27/05/2015Iris Maaß 2015 12
  • 13. ISO 20000-1 Service Management SystemISO 20000-1 Service Management System  ISO 20000 helps assure high service quality in terms of cost efficiency and risk consideration ProcessProcess efficiency Coverage of risks Cost efficiency Beste iservice quality 27/05/2015Iris Maaß 2015 13
  • 14. ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Formerly BS 25999-2  This concerns maintenance of business operations despite serious impairment (power failure, pandemic, political events) Ri k i d l d t h h l ti Risk scenarios are developed to show how regular operation can be resumed in the shortest possible time after a break due to disruption  Reduction of damage, threats  Certification offers independent, qualified statement on efficiency d d f th ti l d t ti fand soundness of the contingency plans and restoration of business operations  In addition information can be found in a Code of PracticeIn addition information can be found in a Code of Practice according to BS 25999-1 27/05/2015Iris Maaß 2015 14
  • 15. ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management  Certification recommended for larger SMEs and large enterprises  Important in particular where there is greater global networking of partners, suppliers and in the case of hived-off sub-processes C tifi ti fi th i t f t f iti l Certifications confirms the existence of a system for critical business processes in order to continue the system in exceptional cases  Certainty concerning the validity of a company's own risk management P iti i li bl b i t b tifi ti t th Positioning as reliable business partner by certification to the outside world 27/05/2015Iris Maaß 2015 15
  • 16. What standard is the right one for your company?What standard is the right one for your company? ISO 9001 Focus on customer orientation and management system in general  Introduction to the subject of management systems ISO 27001 For all companies where data handling plays a role  Service providers, IT companies, banks + insurance i t di i bli i tit ticompanies, trading companies, public institutions ISO 20000-1 IT service providers, service centres within organisations ISO 22301 SME l i f kf f 2000ISO 22301 SMEs or large companies from workforce of 2000 up, public utilities (power plants), all organisations where continuous business operations are of vital importance 27/05/2015Iris Maaß 2015 16
  • 17. Reasons for accredited certificationReasons for accredited certification  Numerous voluntary quality marks flood the market  Their scope is normally restricted to the German market  Voluntary quality marks are normally only based on house t d d ( dit dstandards (no accredited surveillance) Benefits of international standards from this presentation:p  Worldwide recognition (International Standardization Organisation)  Certifier TÜV NORD CERT is accredited  Surveillance of certification by the accreditation body (DAkkS; German accreditation body which conducts the statutory surveillance for Germany)surveillance for Germany)  Internationally certification is subject to surveillance by accreditation bodies in Europe and worldwide acc. to same rules in every country  certification acc. to ISO standards is sounder 27/05/2015Iris Maaß 2015 17
  • 18. What happens when you come to usWhat happens when you come to us 1. Provisional offer by our Sales Department 2. If offer is accepted 3. A suitable suitor is assigned 4. You receive a written confirmation 5. Auditor contacts you to discuss a time frame for the certification, clarification of open questionsclarification of open questions 6. Despatch of an audit schedule approx. 4 weeks prior to audit date 7. Stage 1 For first certification establishment of certifiability of yourg y y organisation with report 8. Stage 2 Audit in your company with report 9. Certification decision in the certification body 10. Issuance of a certification if result of audit is positive 27/05/2015Iris Maaß 2015 18
  • 19. Training course at TÜV NORD Akademie for information managementinformation management  Chief Information Security Officer -CISO (TÜV)–examination Chi f I f ti S it Offi CISO (TÜV) Chief Information Security Officer-CISO (TÜV)  Information Security Management  Information Security Officer ISO (TÜV) examination Information Security Officer ISO (TÜV)-examination  Information Security Officer-ISO (TÜV)  IT Basic Protection Expert (TÜV)IT Basic Protection Expert (TÜV)  IT Basic Protection Expert (TÜV) examination - IT law compact Contact: TÜV NORD Akademie email: akademie@tuev-nord.de Tel.: 0800 8888020 (toll-free service number in Germany) 27/05/2015Iris Maaß 2015 19
  • 20. Contact: Iris Maaß imaass@tuev-nord.de Phone: +49 511 9986 2660Phone: +49 511 9986 2660 27/05/2015Iris Maaß 2015 20