SlideShare a Scribd company logo

The Missing Circle of ISMS (LL-ISMS)

Download as PPTX, PDF
M
Masoud Hayeri Khyavi

Information security management (ISMS) subject is a new area which has been discussed in various companies and organizations and many large and small security companies also are thinking of investigating on this topic. However experience has shown that imitation of a scientific and technological issue and its implementation at the national level not only showed best real effect of that ever(but also) has caused a huge waste of resources. In this paper, we have an idea for localization of ISMS which in regard to ISO standards and importance of this subject, prepares the facility and best area for research and work on ISMS. In this essay we introduce a new circle which cover a new level in ISMS subject.

Engineering
1 of 12
The missing circle of ISMS Masoud Hayeri Khyavi Mina Rahimi Research Institute for ICT (Iran Telecommunication Research Center) 1 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) • Information Security Management System (ISMS) • Why? • How? Information security Certificate ISO 27001 2 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) Why ISMS? (Management view) • Security management and planning are the fundamental infrastructure for security layout in organizations. • In today modern life we are witnessing the transferring of huge amount of data and information that can be very important or vice versa nonsense data. • Information security management system or ISMS is a critical and management system which prepare a secure layout for information transferring and exchange, saving data and processing. • With a good ISMS , You can get ISO 27001 certificate for your organization. 3 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) Why ISMS? (Personnel view) There is an important question that what is happening to personnel and people who are not in top level but are working in the heart of company? • Is information security management system complete without them? • Implementing of information security management system in organization or just in small part of organization will create constraints and limitations for colleagues and coworkers which almost bring dissatisfaction and negative view for both personnel and customers who are dealing with organization. • From psychological point of view, unintentionally a resistant power would be appear against this constraints and limitations. 4 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) How we can implement ISMS? • PDCA is core of ISMS. • PDCA is a model and framework which in fact covers the circle of planning, executing, evaluating and running; this circle should be continuously done with the protection and positive force from management side. BUT WE DON’T WANT TALKING ABOUT “PDCA” CIRCLE, WE WANT FIND MISSING CIRCLE, DO YOU KNOW WHERE IS IT? 5 ACM SIGMIS Computers and People Research 2015
Challenges against ISMS Management Decide and order to begin ISMS process, but there are challenges: • Fear/Resistance to change, • Increased cost, • Inadequate knowledge as to approach, • Seemingly huge task, • Limit Knowledge. 6 ACM SIGMIS Computers and People Research 2015
ISMS Critical Success Factors • Information security policy, objectives, and activities that reflect business objectives • Approach to information security consistent with the organizational culture • Visible support and commitment from all levels of management • A good understanding of the information security requirements, risk assessment and risk management • Effective of marketing of information security to all the staff and others • Distribution of guidance on information security to all the staff and others • Adequate financial support • Appropriate awareness, training and education • Effective information security incident management process 7 ACM SIGMIS Computers and People Research 2015
New Idea appears! • We are trying to definite other circle beside PDCA circle which is called ISMS "missing circle“. • This circle is related to non-management layer and is the ISMS sub-level or low- level- ISMS (LL-ISMS). • LL-ISMS is the complement of main ISMS. • In regards of organizational goal can be installed inner ISMS or beside that which personnel and customers would be the main directors. • With this new circle distinguishing risks and threats in organization would be easier and faster, besides, control enforcement and reaction against threats would be quicker, so in other hand, risk management would be improved. • Each of the functions of LL-ISMS (internal or external) has interactional structure with main ISMS. We defined four phase for LL-ISMS with the names of: Feel Do’ Think Help 8 ACM SIGMIS Computers and People Research 2015
The missing circle arises(New Phases appear) 9 ACM SIGMIS Computers and People Research 2015
How LL-ISMS helps ISMS? Concerning a complete circle which connects management level with non-management levels, will further consolidate the security system and will minimize the challenges especially in ISMS implementation. LL-ISMS will brings benefits and advantages such as: • Security standards have been prepared with thinking of their authors and supporters and have been presented trough an "overall solution". ISMS scheme via standards, plays the backbone and infrastructure for security body of an organization and following that in wider area such as country, but all conditions and areas are not the same, so the skeleton should be compatible in special manner which in any condition tolerates the pressure and guaranties the highest reliability. • With the suggestion idea from the authors of this essay, we are able to find a suitable answer for each of security requirements, cause the personnel of the lower layer in organization with the states of Feel and Think would recognize the reason of each of them by themselves and perhaps in some cases with their suggestions and new ideas increase the efficiency of security scheme and decreases the cost. With this idea we are going to localize the ISMS. Furthermore this new circle will bring an invisible connection between security management level and its subsets which advantages in trust and confidence in the firm. 10 ACM SIGMIS Computers and People Research 2015
And at end • Other merits of these two circles near each other are interconnection between different management levels, flexibility, personnel's responsibilities and customers' commitments for themselves and for their firms (they know themselves effective in their organization) and etc. the most important gift which this circle brings as a new subject in security area is "security near each other with mutual trust beside". 11 ACM SIGMIS Computers and People Research 2015
Thank you for your attention & Any question? m.hayery@itrc.ac.ir rahimi7@itrc.ac.ir 12 ACM SIGMIS Computers and People Research 2015

Recommended

CISSPills #3.03
CISSPills #3.03CISSPills #3.03
CISSPills #3.03Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfTapOffice
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
CISM.pdf
CISM.pdfCISM.pdf
CISM.pdftsaaroacademy
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyonesammart93
 

Recommended

CISSPills #3.03
CISSPills #3.03CISSPills #3.03
CISSPills #3.03Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxhealdkathaleen
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfTapOffice
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
CISM.pdf
CISM.pdfCISM.pdf
CISM.pdftsaaroacademy
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyonesammart93
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfMetaorange
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange
 
Information architecture for men in kilts slideshare
Information architecture for men in kilts slideshareInformation architecture for men in kilts slideshare
Information architecture for men in kilts slideshareBilly Cripe
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxwrite31
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx4934bk
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
ISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJRene Jaspe, CISSP®, CSSLP®
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxinfosec train
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's GuideJoseph DeFever
 
Databricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdfDatabricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdfVinayVadlagattu
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxkalpana413121
 

More Related Content

Similar to The Missing Circle of ISMS (LL-ISMS)

All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfMetaorange
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxMetaorange
 
Information architecture for men in kilts slideshare
Information architecture for men in kilts slideshareInformation architecture for men in kilts slideshare
Information architecture for men in kilts slideshareBilly Cripe
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxwrite31
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx4934bk
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxinfosec train
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 

Similar to The Missing Circle of ISMS (LL-ISMS) (20)

All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
 
Information architecture for men in kilts slideshare
Information architecture for men in kilts slideshareInformation architecture for men in kilts slideshare
Information architecture for men in kilts slideshare
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
ISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJ
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
 

Recently uploaded

Databricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdfDatabricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdfVinayVadlagattu
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxkalpana413121
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...josephjonse
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesChandrakantDivate1
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...ronahami
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...ssuserdfc773
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Ramkumar k
 
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...Payal Garg #K09
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 
Danikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdfDanikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdfthietkevietthinh
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)ChandrakantDivate1
 
Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2ChandrakantDivate1
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesChandrakantDivate1
 
Compressing and Sparsifying LLM in GenAI Applications
Compressing and Sparsifying LLM in GenAI ApplicationsCompressing and Sparsifying LLM in GenAI Applications
Compressing and Sparsifying LLM in GenAI ApplicationsMFatihSIRA
 
8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessor8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessorAshwiniTodkar4
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementDr. Deepak Mudgal
 

Recently uploaded (20)

Databricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdfDatabricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals .pdf
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
Max. shear stress theory-Maximum Shear Stress Theory ​ Maximum Distortional ...
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
Danikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdfDanikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdf
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)
 
Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
Compressing and Sparsifying LLM in GenAI Applications
Compressing and Sparsifying LLM in GenAI ApplicationsCompressing and Sparsifying LLM in GenAI Applications
Compressing and Sparsifying LLM in GenAI Applications
 
8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessor8086 Microprocessor Architecture: 16-bit microprocessor
8086 Microprocessor Architecture: 16-bit microprocessor
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Ground Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth ReinforcementGround Improvement Technique: Earth Reinforcement
Ground Improvement Technique: Earth Reinforcement
 

The Missing Circle of ISMS (LL-ISMS)

  • 1. The missing circle of ISMS Masoud Hayeri Khyavi Mina Rahimi Research Institute for ICT (Iran Telecommunication Research Center) 1 ACM SIGMIS Computers and People Research 2015
  • 2. Information Security Management System(ISMS) • Information Security Management System (ISMS) • Why? • How? Information security Certificate ISO 27001 2 ACM SIGMIS Computers and People Research 2015
  • 3. Information Security Management System(ISMS) Why ISMS? (Management view) • Security management and planning are the fundamental infrastructure for security layout in organizations. • In today modern life we are witnessing the transferring of huge amount of data and information that can be very important or vice versa nonsense data. • Information security management system or ISMS is a critical and management system which prepare a secure layout for information transferring and exchange, saving data and processing. • With a good ISMS , You can get ISO 27001 certificate for your organization. 3 ACM SIGMIS Computers and People Research 2015
  • 4. Information Security Management System(ISMS) Why ISMS? (Personnel view) There is an important question that what is happening to personnel and people who are not in top level but are working in the heart of company? • Is information security management system complete without them? • Implementing of information security management system in organization or just in small part of organization will create constraints and limitations for colleagues and coworkers which almost bring dissatisfaction and negative view for both personnel and customers who are dealing with organization. • From psychological point of view, unintentionally a resistant power would be appear against this constraints and limitations. 4 ACM SIGMIS Computers and People Research 2015
  • 5. Information Security Management System(ISMS) How we can implement ISMS? • PDCA is core of ISMS. • PDCA is a model and framework which in fact covers the circle of planning, executing, evaluating and running; this circle should be continuously done with the protection and positive force from management side. BUT WE DON’T WANT TALKING ABOUT “PDCA” CIRCLE, WE WANT FIND MISSING CIRCLE, DO YOU KNOW WHERE IS IT? 5 ACM SIGMIS Computers and People Research 2015
  • 6. Challenges against ISMS Management Decide and order to begin ISMS process, but there are challenges: • Fear/Resistance to change, • Increased cost, • Inadequate knowledge as to approach, • Seemingly huge task, • Limit Knowledge. 6 ACM SIGMIS Computers and People Research 2015
  • 7. ISMS Critical Success Factors • Information security policy, objectives, and activities that reflect business objectives • Approach to information security consistent with the organizational culture • Visible support and commitment from all levels of management • A good understanding of the information security requirements, risk assessment and risk management • Effective of marketing of information security to all the staff and others • Distribution of guidance on information security to all the staff and others • Adequate financial support • Appropriate awareness, training and education • Effective information security incident management process 7 ACM SIGMIS Computers and People Research 2015
  • 8. New Idea appears! • We are trying to definite other circle beside PDCA circle which is called ISMS "missing circle“. • This circle is related to non-management layer and is the ISMS sub-level or low- level- ISMS (LL-ISMS). • LL-ISMS is the complement of main ISMS. • In regards of organizational goal can be installed inner ISMS or beside that which personnel and customers would be the main directors. • With this new circle distinguishing risks and threats in organization would be easier and faster, besides, control enforcement and reaction against threats would be quicker, so in other hand, risk management would be improved. • Each of the functions of LL-ISMS (internal or external) has interactional structure with main ISMS. We defined four phase for LL-ISMS with the names of: Feel Do’ Think Help 8 ACM SIGMIS Computers and People Research 2015
  • 9. The missing circle arises(New Phases appear) 9 ACM SIGMIS Computers and People Research 2015
  • 10. How LL-ISMS helps ISMS? Concerning a complete circle which connects management level with non-management levels, will further consolidate the security system and will minimize the challenges especially in ISMS implementation. LL-ISMS will brings benefits and advantages such as: • Security standards have been prepared with thinking of their authors and supporters and have been presented trough an "overall solution". ISMS scheme via standards, plays the backbone and infrastructure for security body of an organization and following that in wider area such as country, but all conditions and areas are not the same, so the skeleton should be compatible in special manner which in any condition tolerates the pressure and guaranties the highest reliability. • With the suggestion idea from the authors of this essay, we are able to find a suitable answer for each of security requirements, cause the personnel of the lower layer in organization with the states of Feel and Think would recognize the reason of each of them by themselves and perhaps in some cases with their suggestions and new ideas increase the efficiency of security scheme and decreases the cost. With this idea we are going to localize the ISMS. Furthermore this new circle will bring an invisible connection between security management level and its subsets which advantages in trust and confidence in the firm. 10 ACM SIGMIS Computers and People Research 2015
  • 11. And at end • Other merits of these two circles near each other are interconnection between different management levels, flexibility, personnel's responsibilities and customers' commitments for themselves and for their firms (they know themselves effective in their organization) and etc. the most important gift which this circle brings as a new subject in security area is "security near each other with mutual trust beside". 11 ACM SIGMIS Computers and People Research 2015
  • 12. Thank you for your attention & Any question? m.hayery@itrc.ac.ir rahimi7@itrc.ac.ir 12 ACM SIGMIS Computers and People Research 2015