Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A Business View
Who Am I
M.S.Sripati
Information Security Enthusiast and Student
ISMS Implementer
CISA (cleared exam in June 2008)
What Am I NOT going to talk about
Nothing technical
Nothing on what is information security (this is NULL

chapter, for ...
What Am I going to talk about
Some cases where regular firewalls and web application

security measures fail
What is ISO...
Can you save your
organization from
these cases?
Someone using you ID card to enter into a secure

premise and steal/alter/delete some information
Copy/paste by develope...
Some unknown third party vendor working on your computer;
Someone asking for a password posing as client;
Some random m...
So, what does it all
mean?
Noteworthy points
Changing nature of security incidents;
System ownage through an un-suspecting user click;
Info-sec as...
Implementer’s
Dilemma
Web Application
Security

Legal Compliance
(HIPAA, PCI-DSS,
Data Protection Act)

Human Awareness
Quotient (Technical
and ...
Copied From:- http://pumapac.org/
Saving Private Ryan 
What is ISO 27001
Specifies the requirements for establishing a comprehensive

Information Security Management System (IS...
PDCA Process

ISMS PROCESS

Interested
Parties

Management Responsibility

Interested
Parties

PLAN

Establish
ISMS

DO

A...
Information
Security Policy
Organisation of
Information
Security

Compliance

Business
Continuity
Planning

en
id
nf
Co

y...
Thank You
M.S.Sripati
Upcoming SlideShare
Loading in …5
×

Null - ISO 27001 : A Business View

767 views

Published on

Published in: Technology
  • Practical experience is an integral part of any educational process. the only way people can understand what they had to actually learn. HelpWriting.net
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Null - ISO 27001 : A Business View

  1. 1. A Business View
  2. 2. Who Am I M.S.Sripati Information Security Enthusiast and Student ISMS Implementer CISA (cleared exam in June 2008)
  3. 3. What Am I NOT going to talk about Nothing technical Nothing on what is information security (this is NULL chapter, for god sake!) Not much on some basic terms (Google devo bhav||)
  4. 4. What Am I going to talk about Some cases where regular firewalls and web application security measures fail What is ISO 27001 and how does it helps us
  5. 5. Can you save your organization from these cases?
  6. 6. Someone using you ID card to enter into a secure premise and steal/alter/delete some information Copy/paste by developer Password sharing Kevin Mitnick (!) Unlocked desktops/laptops Password re-use Writing passwords down on paper Natural Calamities Legal fines (in case of data breach – HIPAA, PCI-DSS) Work backlog in antivirus companies Someone trying to get your personal data so that he/she can sell it in underground
  7. 7. Some unknown third party vendor working on your computer; Someone asking for a password posing as client; Some random mail asking you to click so that you can receive some money immediately; Social networking sites; Farmville and other third party apps; Employee having high access to data/information and who has a shady past; No frisking of housekeeping personnel, putting information systems at risk (think about hardware key-loggers) Taking pictures of code using a camera phone and third party app on it (think about an android app AD) Data getting lost because of a natural calamity (fire, flood, earthquake, etc) and having a business requirement to start work as soon as possible;
  8. 8. So, what does it all mean?
  9. 9. Noteworthy points Changing nature of security incidents; System ownage through an un-suspecting user click; Info-sec as a business, both legit, and non-legit; Human as a weak link in info-sec chain; Changing legal landscape (HIPAA, PCI-DSS); Changing business landscape (threats to India from BRIC);
  10. 10. Implementer’s Dilemma
  11. 11. Web Application Security Legal Compliance (HIPAA, PCI-DSS, Data Protection Act) Human Awareness Quotient (Technical and Non-technical) Network Security (Firewall, IDS, IPS, Antivirus, etc.) http://gallery.trupela.com/
  12. 12. Copied From:- http://pumapac.org/
  13. 13. Saving Private Ryan 
  14. 14. What is ISO 27001 Specifies the requirements for establishing a comprehensive Information Security Management System (ISMS) helping to achieve information security and to give assurance to interested parties. Interested Parties are Share Holders / Owners  Management  Employees  Business Partners  Service providers  Contractors  Customers / Clients  Regulators etc…
  15. 15. PDCA Process ISMS PROCESS Interested Parties Management Responsibility Interested Parties PLAN Establish ISMS DO ACT Implement & Operate the ISMS Information Security Requirements & Expectations Maintain & Improve CHECK Monitor & Monitor & Review ISMS Managed Information Security
  16. 16. Information Security Policy Organisation of Information Security Compliance Business Continuity Planning en id nf Co y lit ia t In t eg r ity Incident Management Asset Management Human Resource Security Availability System Development & Maintenance Physical Security Access Control Communication & Operations Management
  17. 17. Thank You M.S.Sripati

×