SlideShare a Scribd company logo
1 of 13
Integrated implementation of ISO/IEC
2000-1 and ISO/IEC 27000-series
ISO/IEC 27013
By:
Septafiansyah Dwi P.
Institut Teknologi Bandung
ITSM or SMS
IT service management, is a concept that combines with system
management, network management, system development
management and incident management, problem
management, service management, security and so on helping
enterprises to manage the process of
constructing, implement, maintaining, and planning for IT system
through effective management method (Tang, 2009).
ISO 20000 – Standart in IT Service
Management
What is it?
The formulation of ITIL practices into an international standard
Management of 13 key IT services to meet business requirements
(predominantly internally focused)
Specifies a number of closely related processes that brought together will
help ensure that an organisation delivers managed IT services to its internal
customers
Comprehensive but not exhaustive
Planning, implementing, monitoring, improvement of new and changed
services
The benefits ISO 20000
• A consistent approach to service management
• IT service provision becomes measurable and accountable
• Consistent levels of service are agreed
• Improved communication flows between IT and the business
• IT gain better understanding of the business requirement
• Reduced risk of business failure
• A reduction in the number of avoidable and repeat incidents
• Higher availability of systems and services
Service management system
1. Scope
1.1. General
1.2.
Application
2.Nor
mativ
e
refren
ces
3.
Terms
and
defini
tions
4. SMS general requirements
4.1.
Management
responsibility
4.2.
Governance
of processes
operated by
other parties
4.3
Documentati
on
management
4.4 Resource
management
Establish and
improvethe
SMS ..
5. Design and transition of
new or changed service
5.1 General
5.2 Plan new
or changed
services
5.3 Design
and
development
of new or
changed
services
5.4
Transition of
new or
changed
services
6. Service delivery process
6.1 Service
level
management
6.2 Service
reporting
6.3 Service
continuity
and
availability
management
6.4
Budgeting
and
accounting
for services
6.5 Capacity
management
6.6
Information
security
management
7. Relationsip
process
7.1. Business
relationship
management
7.2 Supplier
management
8. Resolution
process
8.1. Incident
and service
request
management
8.2 Problem
management
9. Control process
9.1
Configuration
management
9.2 Change
management
9.3 Release
and
deployment
management
Implementing PDCA to service managment
Plan
•Establishing
•Documenting
•Agreeing SMS
Do
•Implementing
•Operating the SMS
Check
•Monitoring,
•Measuring,
•Reviewing SMS
Act
•Improving the SMS
•Improving the service
Policies Objectives Plans Process
Service Management System
SMS
Service
Management
Process
Service
Indonesia Hot Topic Issue
ISO27001
ISO27001 is the standard for establishing, controlling, monitoring and
improving an Information Security Management System (ISMS). It
provides the requirements for an ISMS framework as well as 133
controls (much like the “shalls” in ISO 20000.) (Implement ISO, 2012)
It is compatible with other standards such as NIST 800-53, ISO
27005, COSO, Detiknas. and uses a risk-based assesment approach to
determine the scope of its implementation within an organisation. The
main goals of the ISO 27001 standard are to manage information
security, maintain business continuity and comply with regulation. It
addresses all information,physical security, environmental
aspects, outsourcing issues, etc.
The benefits ISO27000
• Reduction in possibly damaging/embarrassing information leaks and
failures
• Total risk mitigation, security of brand equity
• Reduction in costs due to fewer security incidents
• Common policies and control across the whole organisation
• Increased staff awareness
• Better monitored and audited systems and information flows
• The risk significantly reduced
“where does the ISO 20000-1 fit in with ISO 27001?”
Organization
ISO/ IEC 27001 ISO/ IEC 2000-1
Spesific to
ISO/ IEC 27001
Clasification of
informat ion
Informat ion asset
managment
Spesific to
ISO/ IEC 2000-1
Budgeting and
accounting for
service
Business
relationship
managment
Design and
t ransition of new
and changed
services
Service level
managment
Resource
management
Risk assesment
Roles and
responbilities
Informat ion securit y
management
Service continuit y
and avaibilit y
management
Supplier
management
Capacit y
management
Change
management
Incident and
service request
management
Problem
management
Release and
deployement
management
Shared parts (some overlaps, some
diferences)
Common parts (identical between standarts)
- Cont inual Improvement - PDCA
- Legal and regulat ory compliance - Training and awarness
- Management Review - Document at ion management
Focus on
serviceFocus on
informat ion asset s
Advantages in integrated management
system
감사합니다

More Related Content

What's hot

What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergKinverg
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedJisc
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid   the ceo guide to implement iso 27001Mr. ahmed obaid   the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001qualitysummit
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr  WafulaInformation Security Management Systems(ISMS) By Dr  Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 

What's hot (20)

What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice?
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learned
 
ISO 27001:2013 - Changes
ISO 27001:2013 -  ChangesISO 27001:2013 -  Changes
ISO 27001:2013 - Changes
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
Isms
IsmsIsms
Isms
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid   the ceo guide to implement iso 27001Mr. ahmed obaid   the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr  WafulaInformation Security Management Systems(ISMS) By Dr  Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 

Viewers also liked

Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition  ISO Consultant Implementation Certification...Iso 9001 2015 Quality Transition  ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...Robert Jasper
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
Benefits of Integrated Management Systems
Benefits of Integrated Management SystemsBenefits of Integrated Management Systems
Benefits of Integrated Management SystemsPECB
 
Integrated Management System
  Integrated Management System  Integrated Management System
Integrated Management SystemMASIT MACEDONIA
 
(5) integrated management system (ims)
(5) integrated management system (ims)(5) integrated management system (ims)
(5) integrated management system (ims)ThetSu2
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )Ascent World
 
ISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGYISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGYArul Nambi
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management Systemjamaluddin ma'ruf
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims   integrated management system  implementation steps-lakshy rev00-240914Ims   integrated management system  implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Lakshy Management Consultant Pvt Ltd
 
Qms kick off meeting ppt
Qms kick off meeting pptQms kick off meeting ppt
Qms kick off meeting pptANUPAM RAY
 
ISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management PrinciplesISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management PrinciplesKaren Sharick
 

Viewers also liked (15)

Simpeg
SimpegSimpeg
Simpeg
 
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition  ISO Consultant Implementation Certification...Iso 9001 2015 Quality Transition  ISO Consultant Implementation Certification...
Iso 9001 2015 Quality Transition ISO Consultant Implementation Certification...
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
Benefits of Integrated Management Systems
Benefits of Integrated Management SystemsBenefits of Integrated Management Systems
Benefits of Integrated Management Systems
 
Integrated management systems
Integrated management systemsIntegrated management systems
Integrated management systems
 
Integrated Management System
  Integrated Management System  Integrated Management System
Integrated Management System
 
(5) integrated management system (ims)
(5) integrated management system (ims)(5) integrated management system (ims)
(5) integrated management system (ims)
 
Ims (integrated Management system )
Ims (integrated Management system )Ims (integrated Management system )
Ims (integrated Management system )
 
ISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGYISO 9001 IMPLEMENTATION METHODOLOGY
ISO 9001 IMPLEMENTATION METHODOLOGY
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management System
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims   integrated management system  implementation steps-lakshy rev00-240914Ims   integrated management system  implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914
 
Qms kick off meeting ppt
Qms kick off meeting pptQms kick off meeting ppt
Qms kick off meeting ppt
 
ISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management PrinciplesISO 9001:2015 Quality Management Principles
ISO 9001:2015 Quality Management Principles
 
Introduction to ISO 9001:2015
Introduction to ISO 9001:2015Introduction to ISO 9001:2015
Introduction to ISO 9001:2015
 
The new ISO 9001:2015
The new ISO 9001:2015The new ISO 9001:2015
The new ISO 9001:2015
 

Similar to Integrating sms and isms

Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Meghna Verma
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Processkadhar_masthan
 
Benefits of Implementing ISO 20000 within your Organization
 Benefits of Implementing ISO 20000 within your Organization Benefits of Implementing ISO 20000 within your Organization
Benefits of Implementing ISO 20000 within your OrganizationPECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...Tromenz Learning
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business ValueHyTrust
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wpketanaagja
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 

Similar to Integrating sms and isms (20)

Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
 
Benefits of Implementing ISO 20000 within your Organization
 Benefits of Implementing ISO 20000 within your Organization Benefits of Implementing ISO 20000 within your Organization
Benefits of Implementing ISO 20000 within your Organization
 
Iso 27001 isms
Iso 27001 ismsIso 27001 isms
Iso 27001 isms
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Iso 27001 isms - white paper
Iso 27001   isms -   white paperIso 27001   isms -   white paper
Iso 27001 isms - white paper
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
 
Tripwire Iso 27001 Wp
Tripwire Iso 27001 WpTripwire Iso 27001 Wp
Tripwire Iso 27001 Wp
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Integrating sms and isms

  • 1. Integrated implementation of ISO/IEC 2000-1 and ISO/IEC 27000-series ISO/IEC 27013 By: Septafiansyah Dwi P. Institut Teknologi Bandung
  • 2. ITSM or SMS IT service management, is a concept that combines with system management, network management, system development management and incident management, problem management, service management, security and so on helping enterprises to manage the process of constructing, implement, maintaining, and planning for IT system through effective management method (Tang, 2009).
  • 3. ISO 20000 – Standart in IT Service Management What is it? The formulation of ITIL practices into an international standard Management of 13 key IT services to meet business requirements (predominantly internally focused) Specifies a number of closely related processes that brought together will help ensure that an organisation delivers managed IT services to its internal customers Comprehensive but not exhaustive Planning, implementing, monitoring, improvement of new and changed services
  • 4. The benefits ISO 20000 • A consistent approach to service management • IT service provision becomes measurable and accountable • Consistent levels of service are agreed • Improved communication flows between IT and the business • IT gain better understanding of the business requirement • Reduced risk of business failure • A reduction in the number of avoidable and repeat incidents • Higher availability of systems and services
  • 5. Service management system 1. Scope 1.1. General 1.2. Application 2.Nor mativ e refren ces 3. Terms and defini tions 4. SMS general requirements 4.1. Management responsibility 4.2. Governance of processes operated by other parties 4.3 Documentati on management 4.4 Resource management Establish and improvethe SMS .. 5. Design and transition of new or changed service 5.1 General 5.2 Plan new or changed services 5.3 Design and development of new or changed services 5.4 Transition of new or changed services 6. Service delivery process 6.1 Service level management 6.2 Service reporting 6.3 Service continuity and availability management 6.4 Budgeting and accounting for services 6.5 Capacity management 6.6 Information security management 7. Relationsip process 7.1. Business relationship management 7.2 Supplier management 8. Resolution process 8.1. Incident and service request management 8.2 Problem management 9. Control process 9.1 Configuration management 9.2 Change management 9.3 Release and deployment management
  • 6. Implementing PDCA to service managment Plan •Establishing •Documenting •Agreeing SMS Do •Implementing •Operating the SMS Check •Monitoring, •Measuring, •Reviewing SMS Act •Improving the SMS •Improving the service Policies Objectives Plans Process Service Management System SMS Service Management Process Service
  • 8. ISO27001 ISO27001 is the standard for establishing, controlling, monitoring and improving an Information Security Management System (ISMS). It provides the requirements for an ISMS framework as well as 133 controls (much like the “shalls” in ISO 20000.) (Implement ISO, 2012) It is compatible with other standards such as NIST 800-53, ISO 27005, COSO, Detiknas. and uses a risk-based assesment approach to determine the scope of its implementation within an organisation. The main goals of the ISO 27001 standard are to manage information security, maintain business continuity and comply with regulation. It addresses all information,physical security, environmental aspects, outsourcing issues, etc.
  • 9. The benefits ISO27000 • Reduction in possibly damaging/embarrassing information leaks and failures • Total risk mitigation, security of brand equity • Reduction in costs due to fewer security incidents • Common policies and control across the whole organisation • Increased staff awareness • Better monitored and audited systems and information flows • The risk significantly reduced
  • 10. “where does the ISO 20000-1 fit in with ISO 27001?”
  • 11. Organization ISO/ IEC 27001 ISO/ IEC 2000-1 Spesific to ISO/ IEC 27001 Clasification of informat ion Informat ion asset managment Spesific to ISO/ IEC 2000-1 Budgeting and accounting for service Business relationship managment Design and t ransition of new and changed services Service level managment Resource management Risk assesment Roles and responbilities Informat ion securit y management Service continuit y and avaibilit y management Supplier management Capacit y management Change management Incident and service request management Problem management Release and deployement management Shared parts (some overlaps, some diferences) Common parts (identical between standarts) - Cont inual Improvement - PDCA - Legal and regulat ory compliance - Training and awarness - Management Review - Document at ion management Focus on serviceFocus on informat ion asset s
  • 12. Advantages in integrated management system

Editor's Notes

  1. Perumusan praktek ITIL ke dalam standar internasional Pengelolaan 13 layanan TI kunci untuk memenuhi kebutuhan bisnis (terutama berfokus secara internal) Menentukan sejumlah proses terkait erat yang membawa bersama-sama akan membantu memastikan bahwa organisasi memberikan layanan TI berhasil pelanggan internal Komprehensif tapi tidak menyeluruh Perencanaan, pelaksanaan, pemantauan, perbaikan layanan baru dan berubah
  2. Integrated SMS and ISMSIt is ISO 27001 which fits in to ISO 20000 and specifically in Section 6.6 Information Security Management.  This section addresses information security policy, controls and changes/incidents as related to IT-based information.  ISO 27001 can provide much further details and information in terms of setting up security elements in your organisation.  ISO 27001 tells you “how” to do it rather than stating that you “have” to do it.In other words, aim to combine some of the implementation activities such as the auditreview / risk assesment.  There are advantages to having a single audit team to look at both Management Systems.  This eliminates redundancies and gives good value for money and make organitization established one of aspect in good delivery service.  As stated above, both standards use common management approaches, are both based on processes and also use the PDCA principles. 
  3. There are a number of advantages in implementing an integrated management system which takes into account not only the services provided but also the protection of information assets. These benefits can be experienced whether one standard is implemented before the other, or both standards are implemented simultaneously. Management and organizational processes, in particular, can derive benefit from the similarities between the International Standards and their common objectives. Key benefits of an integrated implementation include: a) the credibility, to internal or external customers of the organization, of an effective and secure service; b) the lower cost of an integrated programme of two projects, where achieving both service management and information security are part of an organization’s strategy; c) a reduction in implementation time due to the integrated development of processes common to both standards; d) elimination of unnecessary duplication; e) a greater understanding by service management and security personnel of each others’ viewpoints;