This document provides an overview of information security. It defines information and discusses its lifecycle and types. It then defines information security and its key components - people, processes, and technology. It discusses threats to information security and introduces ISO 27001, the international standard for information security management. The document outlines ISO 27001's history, features, PDCA process, domains, and some key control clauses around information security policy, organization of information security, asset management, and human resources security.

1. INFORMATIONSECURITYINFORMATION SECURITYRiham Yassin

2. Sawsan Megahed

3. Ahmed MoussaAGENDAWhat is Information?

4. What is Information Security?

5. What is RISK?

6. An Introduction to ISO for information technology

7. User Responsibilities2

8. INFORMATION'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:20053

9. INFORMATIONLIFECYCLEInformation can beCreated

10. Stored

11. Destroyed

12. Processed

13. Transmitted

14. Used – (For proper & improper purposes)

15. Corrupted

16. Lost

17. Stolen4

18. INFORMATIONTYPESPrinted or written on paper

19. Stored electronically

20. Transmitted by post or using electronics means

21. Shown on corporate videos

22. Displayed / published on web

23. Verbal – spoken in conversations‘…Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’(BS ISO 27002:2005)5

24. INFORMATIONSECURITYWhat Is Information SecurityThe quality or state of being secure to be free from danger

25. Security is achieved using several strategies

26. Security is achieved using several strategies simultaneously or used in combination with one another

27. Security is recognized as essential to protect vital processes and the systems that provide those processes

28. Security is not something you buy, it is something you do6

29. INFORMATIONSECURITYWhat Is Information SecurityThe architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together

30. Monitored 24x7

31. Having People, Processes, Technology, policies, procedures,

32. Security is for PPT and not only for appliances or devices6/16/20117Mohan Kamat

33. INFOSECCOMPONENTSOrganization StaffPEOPLEBusiness ProcessesPROCESSESTechnology used by OrganisationTECHNOLOGY6/16/20118Mohan Kamat

34. PEOPLEPeople “Who we are”People who use or interact with the Information include:Share Holders / Owners

35. Management

36. Employees

37. Business Partners

38. Service providers

39. Contractors

40. Customers / Clients

41. Regulators etc…6/16/20119Mohan Kamat

42. PROCESSProcess “what we do”The processes refer to "work practices" or workflow. Processes are the repeatable steps to accomplish business objectives. Typical process in our IT Infrastructure could include:Helpdesk / Service management

43. Incident Reporting and Management

44. Change Requests process

45. Request fulfillment

46. Access management

47. Identity management

48. Service Level / Third-party Services Management

49. IT procurement process etc...10

50. TECHNOLOGYTechnology “what we use to improve what we do”Network Infrastructure:Cabling, Data/Voice Networks and equipment

51. Telecommunications services (PABX), including VoIP services , ISDN , Video Conferencing

52. Server computers and associated storage devices

53. Operating software for server computers

54. Communications equipment and related hardware.

55. Intranet and Internet connections

56. VPNs and Virtual environments

57. Remote access services

58. Wireless connectivity6/16/201111Mohan Kamat

59. TECHNOLOGYTechnology “what we use to improve what we do”Application software:Finance and assets systems, including Accounting packages, Inventory management, HR systems, Assessment and reporting systems