SlideShare a Scribd company logo

Information security-management-system

Download as PPT, PDF
I
intellisenseit

This document discusses information security management systems (ISMS). It defines information and its lifecycle, including how information can be created, stored, processed, transmitted, used, lost, corrupted, etc. It then defines the key aspects of information security - integrity, availability, and confidentiality. It emphasizes that information is a valuable asset for organizations that needs to be protected. The document outlines some of the main components of establishing an ISMS, including risk management, policies, training, and processes. It also discusses ISO 27001 as the international standard for ISMS and its various control areas.

Technology
1 of 18
INFORMATION SECURITY Management System Dr Kalpesh Parikh INFORMATION SECURITY - Management (ISMS)
INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information? “Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected.” BS 7799-1:2000
INFORMATION SECURITY Management System Dr Kalpesh Parikh Types of Information • Printed or written on paper • Stored electronically • Transmitted by post or using electronic means • Shown on corporate videos • Verbal - spoken in conversations “…...Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected” (ISO/IEC 17799: 2000)
INFORMATION SECURITY Management System Dr Kalpesh Parikh Information Lifecycle Information can be: Created Stored Destroyed ? Processed Transmitted Used (for proper and improper purposes) Lost ! Corrupted !
INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information Security Integrity Safeguarding the accuracy & completeness of information and processing methods Availability Ensuring that authorized users have access to information and associated assets when required Confidentiality Ensuring that information is accessible only to those authorized to have access
INFORMATION SECURITY Management System Dr Kalpesh Parikh How to Achieve Information Security •Attitude Building •Efforts v/s Value of Asset •Segmentation •Harmonization •Concept of Insurance •Managing Risk •Objective Evidence through Monitoring and Analysis
INFORMATION SECURITY Management System Dr Kalpesh Parikh Why Information Security Management System? Information is an Asset • Not known even if stolen • Challenge is you don’t know – how to know • Theoretically any information can get stolen • Affects every one • Technical and Technology is subset of complete domain • Dynamic in nature • Very complex to manage
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Commitment You have my full commitment….. Apart from money, time resources and attention and just so long as I don’t have to be involved
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG – Predictability Default Style
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG - Risk Management – Onion Structure Technology Environment Information Human Firewall Standards Policies T r a i n i n g P r o c e s s e s Management
INFORMATION SECURITY Management System Dr Kalpesh Parikh Plan-Do-Check-Act Cycle of ISMS
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS – Information assets and Valuation • An inventory of all important assets shall be drawn up and maintained. Accountability shall be defined. • What are Assets ? Organisation assigns value to something Eg. Information assets, paper doc, s/w , physical, people, company image and reputation, services. • Which Assets ? Asset materially affect delivery of product/service by their absence or degradation. • Valuation What System – 0 to 5 (Quantitative) - low to very high (Qualitative)
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Assessment Threat : “Potential to cause an unwanted incident which may result in harm to a system or organization and its assets” Eg. Natural disaster, Human, Technological, Theft/Loss Vulnerability: A vulnerability is a weakness/hole in an organisation’s Information System. Eg. Unprotected cabling, unstable power grid, wrong allocation of password
INFORMATION SECURITY Management System Dr Kalpesh Parikh Risk: The possibility of incurring misfortune or loss; hazard (to expose to danger or loss) At Risk: Vulnerable; likely to be lost /damaged Security Risk: Potential that a given threat will exploit vulnerabilities to cause loss or damage to an asset or group of Info Asset. Measuring Risk: Risk = Value X Threat X Vulnerability X Probability of asset of Happening ISMS - Risk Assessment
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Treatment Plan Coordinated document defining the actions to reduce unacceptable risks and implement the required controls to protect information. Direction : Treat, Transfer, Terminate, Tolerate Treatment : Define an acceptable level of residual risk constantly review Threat and Vulnerabilities Review exiting controls apply additional security controls introducing policy and procedures Controls: Which Controls ? / Selection of Control
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Statement of Applicability (SOA) •The statement of Applicability is a critique of the objectives and controls, which the organization has selected as suitable to its business needs. The statement will also record exclusion of any controls. • Risk Assessment will determine which controls should be implemented • Justification of which controls are relevant and not relevant
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISO 27001 (ISMS) Control Areas 1. Security Policy 2. Security Organization 3. Asset Classification and Control 4. Personnel Security 5. Physical and Environmental Security 6. Communications and Operations Management 7. Access Control 8. Systems Development and Maintenance 9. Business Continuity Planning 10. Compliance
INFORMATION SECURITY Management System Dr Kalpesh Parikh

Recommended

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 

Recommended

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPTADEPT TECHNOLOGY
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

More Related Content

What's hot

ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+DesignAlfred Ouyang
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 

What's hot (20)

Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk Management
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security Architecture
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Information Security
Information SecurityInformation Security
Information Security
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Information security
Information securityInformation security
Information security
 
2 Security Architecture+Design
2 Security Architecture+Design2 Security Architecture+Design
2 Security Architecture+Design
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Security architecture
Security architectureSecurity architecture
Security architecture
 

Viewers also liked

Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooMaxime Chambreuil
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Nicholas Davis
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...IndependentCertificationServices
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Evolución Familia ISO 27000 a octubre del 2016
Evolución Familia ISO 27000 a octubre del 2016Evolución Familia ISO 27000 a octubre del 2016
Evolución Familia ISO 27000 a octubre del 2016Ricardo Urbina Miranda
 
Manajemen Risiko
Manajemen RisikoManajemen Risiko
Manajemen Risikoulianiati
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Accounting information system
Accounting information systemAccounting information system
Accounting information systemSAKET KASHYAP
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 

Viewers also liked (20)

Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Manage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with OdooManage your Information Security Management System (ISMS) with Odoo
Manage your Information Security Management System (ISMS) with Odoo
 
Jurnal rangkuman
Jurnal rangkumanJurnal rangkuman
Jurnal rangkuman
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Security
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...Information systems 365 lecture four - Security Policy Development, Data Clas...
Information systems 365 lecture four - Security Policy Development, Data Clas...
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
Evolución Familia ISO 27000 a octubre del 2016
Evolución Familia ISO 27000 a octubre del 2016Evolución Familia ISO 27000 a octubre del 2016
Evolución Familia ISO 27000 a octubre del 2016
 
Manajemen Risiko
Manajemen RisikoManajemen Risiko
Manajemen Risiko
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Accounting information system
Accounting information systemAccounting information system
Accounting information system
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
Personnel policies
Personnel policiesPersonnel policies
Personnel policies
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Information security management
Information security managementInformation security management
Information security management
 

Similar to Information security-management-system

Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisEvan Francen
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
001_Cybersecurity Fundamentals Security Principles.pdf
001_Cybersecurity Fundamentals Security Principles.pdf001_Cybersecurity Fundamentals Security Principles.pdf
001_Cybersecurity Fundamentals Security Principles.pdfchandrabaguswinardi
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topicsOlajide Kuku
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational contentOlajide Kuku
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTShenlydailymotion
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.pptHasnolAhmad2
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Fameworklneut03
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
The Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementThe Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementKeySys Health
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)U.S. News Healthcare of Tomorrow
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptxStevenTharp2
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Information security - 360 Degree Approach
Information security - 360 Degree ApproachInformation security - 360 Degree Approach
Information security - 360 Degree Approachharsh arora
 

Similar to Information security-management-system (20)

1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
001_Cybersecurity Fundamentals Security Principles.pdf
001_Cybersecurity Fundamentals Security Principles.pdf001_Cybersecurity Fundamentals Security Principles.pdf
001_Cybersecurity Fundamentals Security Principles.pdf
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
information security presentation topics
information security presentation topicsinformation security presentation topics
information security presentation topics
 
educational content, educational contented educational content
educational content, educational contented educational contenteducational content, educational contented educational content
educational content, educational contented educational content
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTSINFORMATION SECURITY STUDY GUIDE for STUDENTS
INFORMATION SECURITY STUDY GUIDE for STUDENTS
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
Risk Assessment Famework
Risk Assessment FameworkRisk Assessment Famework
Risk Assessment Famework
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
The Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk ManagementThe Fundamentals of HIPAA Privacy & Security Risk Management
The Fundamentals of HIPAA Privacy & Security Risk Management
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
 
L1_Introduction.pptx
L1_Introduction.pptxL1_Introduction.pptx
L1_Introduction.pptx
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in Dubai
 
Information security - 360 Degree Approach
Information security - 360 Degree ApproachInformation security - 360 Degree Approach
Information security - 360 Degree Approach
 

More from intellisenseit

Internal Process Audit
Internal Process AuditInternal Process Audit
Internal Process Auditintellisenseit
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management Systemintellisenseit
 
Ooh mswh profile (ERP for OUT of HOME Media)
Ooh mswh profile (ERP for OUT of HOME Media)Ooh mswh profile (ERP for OUT of HOME Media)
Ooh mswh profile (ERP for OUT of HOME Media)intellisenseit
 
Agro mswh profile (Agro Trading ERP)
Agro mswh profile (Agro Trading ERP)Agro mswh profile (Agro Trading ERP)
Agro mswh profile (Agro Trading ERP)intellisenseit
 
Intellisense it profile
Intellisense it profileIntellisense it profile
Intellisense it profileintellisenseit
 
IntellisenseIT infraMSWH (Construction ERP)
IntellisenseIT infraMSWH (Construction ERP)IntellisenseIT infraMSWH (Construction ERP)
IntellisenseIT infraMSWH (Construction ERP)intellisenseit
 

More from intellisenseit (9)

ABC of Adding Value
ABC of Adding ValueABC of Adding Value
ABC of Adding Value
 
Android primer
Android primerAndroid primer
Android primer
 
Corporate Governance
Corporate GovernanceCorporate Governance
Corporate Governance
 
Internal Process Audit
Internal Process AuditInternal Process Audit
Internal Process Audit
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management System
 
Ooh mswh profile (ERP for OUT of HOME Media)
Ooh mswh profile (ERP for OUT of HOME Media)Ooh mswh profile (ERP for OUT of HOME Media)
Ooh mswh profile (ERP for OUT of HOME Media)
 
Agro mswh profile (Agro Trading ERP)
Agro mswh profile (Agro Trading ERP)Agro mswh profile (Agro Trading ERP)
Agro mswh profile (Agro Trading ERP)
 
Intellisense it profile
Intellisense it profileIntellisense it profile
Intellisense it profile
 
IntellisenseIT infraMSWH (Construction ERP)
IntellisenseIT infraMSWH (Construction ERP)IntellisenseIT infraMSWH (Construction ERP)
IntellisenseIT infraMSWH (Construction ERP)
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 

Information security-management-system

  • 1. INFORMATION SECURITY Management System Dr Kalpesh Parikh INFORMATION SECURITY - Management (ISMS)
  • 2. INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information? “Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected.” BS 7799-1:2000
  • 3. INFORMATION SECURITY Management System Dr Kalpesh Parikh Types of Information • Printed or written on paper • Stored electronically • Transmitted by post or using electronic means • Shown on corporate videos • Verbal - spoken in conversations “…...Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected” (ISO/IEC 17799: 2000)
  • 4. INFORMATION SECURITY Management System Dr Kalpesh Parikh Information Lifecycle Information can be: Created Stored Destroyed ? Processed Transmitted Used (for proper and improper purposes) Lost ! Corrupted !
  • 5. INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information Security Integrity Safeguarding the accuracy & completeness of information and processing methods Availability Ensuring that authorized users have access to information and associated assets when required Confidentiality Ensuring that information is accessible only to those authorized to have access
  • 6. INFORMATION SECURITY Management System Dr Kalpesh Parikh How to Achieve Information Security •Attitude Building •Efforts v/s Value of Asset •Segmentation •Harmonization •Concept of Insurance •Managing Risk •Objective Evidence through Monitoring and Analysis
  • 7. INFORMATION SECURITY Management System Dr Kalpesh Parikh Why Information Security Management System? Information is an Asset • Not known even if stolen • Challenge is you don’t know – how to know • Theoretically any information can get stolen • Affects every one • Technical and Technology is subset of complete domain • Dynamic in nature • Very complex to manage
  • 8. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Commitment You have my full commitment….. Apart from money, time resources and attention and just so long as I don’t have to be involved
  • 9. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG – Predictability Default Style
  • 10. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG - Risk Management – Onion Structure Technology Environment Information Human Firewall Standards Policies T r a i n i n g P r o c e s s e s Management
  • 11. INFORMATION SECURITY Management System Dr Kalpesh Parikh Plan-Do-Check-Act Cycle of ISMS
  • 12. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS – Information assets and Valuation • An inventory of all important assets shall be drawn up and maintained. Accountability shall be defined. • What are Assets ? Organisation assigns value to something Eg. Information assets, paper doc, s/w , physical, people, company image and reputation, services. • Which Assets ? Asset materially affect delivery of product/service by their absence or degradation. • Valuation What System – 0 to 5 (Quantitative) - low to very high (Qualitative)
  • 13. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Assessment Threat : “Potential to cause an unwanted incident which may result in harm to a system or organization and its assets” Eg. Natural disaster, Human, Technological, Theft/Loss Vulnerability: A vulnerability is a weakness/hole in an organisation’s Information System. Eg. Unprotected cabling, unstable power grid, wrong allocation of password
  • 14. INFORMATION SECURITY Management System Dr Kalpesh Parikh Risk: The possibility of incurring misfortune or loss; hazard (to expose to danger or loss) At Risk: Vulnerable; likely to be lost /damaged Security Risk: Potential that a given threat will exploit vulnerabilities to cause loss or damage to an asset or group of Info Asset. Measuring Risk: Risk = Value X Threat X Vulnerability X Probability of asset of Happening ISMS - Risk Assessment
  • 15. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Treatment Plan Coordinated document defining the actions to reduce unacceptable risks and implement the required controls to protect information. Direction : Treat, Transfer, Terminate, Tolerate Treatment : Define an acceptable level of residual risk constantly review Threat and Vulnerabilities Review exiting controls apply additional security controls introducing policy and procedures Controls: Which Controls ? / Selection of Control
  • 16. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Statement of Applicability (SOA) •The statement of Applicability is a critique of the objectives and controls, which the organization has selected as suitable to its business needs. The statement will also record exclusion of any controls. • Risk Assessment will determine which controls should be implemented • Justification of which controls are relevant and not relevant
  • 17. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISO 27001 (ISMS) Control Areas 1. Security Policy 2. Security Organization 3. Asset Classification and Control 4. Personnel Security 5. Physical and Environmental Security 6. Communications and Operations Management 7. Access Control 8. Systems Development and Maintenance 9. Business Continuity Planning 10. Compliance
  • 18. INFORMATION SECURITY Management System Dr Kalpesh Parikh