SlideShare a Scribd company logo

ISO 27001 INFORMATION TECHNOLOGY MANAGEMENT SYSTEM

Rozil Anwar
Rozil Anwar

The new ISO 45001:2018 standard for Occupational health and safety is now an ISO standard unlike previous version OHSAS 18001 standard.  Its core text remains similar to ISO 9001:2015 standard and other ISO standards having 10 clauses.

Education
1 of 7
Download to read offline
ISO 27001:2013 Information Security Management System For more questions please mail me at anwarrose16@gmail.com RA
ISO 27001 ◦ ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
Summary of Clauses ◦ Clause 1: Scope ◦ Clause 2: Normative References ◦ Clause 3: Terms and Definitions ◦ Clause 4: Context of Organisation ◦ Clause 5: Leadership ◦ Clause 6: Planning ◦ Clause 7: Support ◦ Clause 8: Operation ◦ Clause 9: Performance Evaluation ◦ Clause 10: Continual Improvement 8.1 Operational Planning and Control 8.2 Information security risk assessment 8.3 Information security risk treatment 6.1 Actions to address risk and opportunities 6.2 IT objectives and planning to achieve them
Controls Hierarchy Manual Require human intervention Vs. Automated Rely on computers to reduce human intervention Detective Preventive Designed to search for and identify errors after they have occurred Designed to discourage or preempt errors or irregularities from occurring Vs.
ISO 27002: Code of Practice for Information Security Management
Security Domains – ISO 27001:2013 1. Scope, Information Security Management System 2. Information Security Policies (A.5) 3. Organization of Information Security (A.6) 4. Human Resource Security (A.7) 5. Asset Management (A.8) 6. Access Control (A.9) 7. Cryptography (A.10) 8. Physical and Environmental Security (A.11) 9. Operations Security (A.12) 10. Communications Security (A.13) 11. System Acquisition, Development, and Maintenance (A.14) 12. Supplier Relationships (A.15) 13. Information Security Incident Management (A.16) 14. Information Security Aspects of Business Continuity Management (A.17) 15. Compliance (A.18) ◦ & risk assessment… 114 Controls Annex A
Risk Assessment- Asset Based # Document Purpose Owner 1 Asset Register Identify critical business information, where it exists, and who owns it Respective Team 2 Risk Assessment Identify potential data loss or security threats and resulting impact to the business Respective Team 3 Risk Treatment Plan (RTP) Define the preferred procedure the organization should follow in the event of a security breach. Additional security controls to be implemented are recommended here. Respective Team 4 Implementation Procedure Lists all current controls in place to ensure security. Once additional controls from RTP are implemented, they will be added here. Respective Team • Accept • Mitigate • Transfer • Avoid Lists all applicable controls from the previous slide

Recommended

ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
The State of Automation in Security
The State of Automation in SecurityThe State of Automation in Security
The State of Automation in SecurityAlgoSec
 
Top Threats Facing Organizations Cloud / SaaS Data
Top Threats Facing Organizations Cloud / SaaS DataTop Threats Facing Organizations Cloud / SaaS Data
Top Threats Facing Organizations Cloud / SaaS DataSysCloud
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...iFour Consultancy
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTaking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTripwire
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 

Recommended

ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
The State of Automation in Security
The State of Automation in SecurityThe State of Automation in Security
The State of Automation in SecurityAlgoSec
 
Top Threats Facing Organizations Cloud / SaaS Data
Top Threats Facing Organizations Cloud / SaaS DataTop Threats Facing Organizations Cloud / SaaS Data
Top Threats Facing Organizations Cloud / SaaS DataSysCloud
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...iFour Consultancy
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTaking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTripwire
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
SECURITY
SECURITYSECURITY
SECURITYTony Fanelli
 
The Connors Group Cyber Security Infographic
The Connors Group Cyber Security Infographic The Connors Group Cyber Security Infographic
The Connors Group Cyber Security Infographic The Connors Group
 
ISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An IntorductionISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An Intorductionn|u - The Open Security Community
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local GovDonald E. Hester
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Identifying critical security controls
Identifying critical security controlsIdentifying critical security controls
Identifying critical security controlsElizabeth Baker, JD, CRCMP
 
Why safety management software needed?
Why safety management software needed?Why safety management software needed?
Why safety management software needed?ConvergePoint
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Comparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkComparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkPooja Soni
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaiFour Consultancy
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005Fuangwith Sopharath
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
HIPAA Safeguard Slides
HIPAA Safeguard SlidesHIPAA Safeguard Slides
HIPAA Safeguard Slidesprojectwinner
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramTammy Clark
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase
 

More Related Content

What's hot

The Connors Group Cyber Security Infographic
The Connors Group Cyber Security Infographic The Connors Group Cyber Security Infographic
The Connors Group Cyber Security Infographic The Connors Group
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local GovDonald E. Hester
 
Why safety management software needed?
Why safety management software needed?Why safety management software needed?
Why safety management software needed?ConvergePoint
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiMike Walker
 
Comparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkComparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkPooja Soni
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaiFour Consultancy
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
HIPAA Safeguard Slides
HIPAA Safeguard SlidesHIPAA Safeguard Slides
HIPAA Safeguard Slidesprojectwinner
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramTammy Clark
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICSjohnsdeepsecure
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...PECB
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 

What's hot (20)

SECURITY
SECURITYSECURITY
SECURITY
 
The Connors Group Cyber Security Infographic
The Connors Group Cyber Security Infographic The Connors Group Cyber Security Infographic
The Connors Group Cyber Security Infographic
 
ISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An IntorductionISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An Intorduction
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov2017 IT Control Environment for Local Gov
2017 IT Control Environment for Local Gov
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Identifying critical security controls
Identifying critical security controlsIdentifying critical security controls
Identifying critical security controls
 
Why safety management software needed?
Why safety management software needed?Why safety management software needed?
Why safety management software needed?
 
ISO 27001 Certification in Dubai
ISO 27001 Certification in DubaiISO 27001 Certification in Dubai
ISO 27001 Certification in Dubai
 
Comparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkComparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT framework
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in India
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
 
HIPAA Safeguard Slides
HIPAA Safeguard SlidesHIPAA Safeguard Slides
HIPAA Safeguard Slides
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
 
Deep secure holistic protection for ICS
Deep secure holistic protection for ICSDeep secure holistic protection for ICS
Deep secure holistic protection for ICS
 
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
ISO 27001 control A17 (Continuity on Information Security), and ISO 22301: co...
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 

Similar to ISO 27001 INFORMATION TECHNOLOGY MANAGEMENT SYSTEM

ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2ControlCase
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirementshumanus2
 
Step-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity FrameworkStep-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity FrameworkOnsite Helper
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAMatt Moneypenny
 
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Jerimi Soma
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Tammy Clark
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™CPaschal
 

Similar to ISO 27001 INFORMATION TECHNOLOGY MANAGEMENT SYSTEM (20)

ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2Continual Compliance for PCI DSS, E13PA and ISO 27001/2
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
Step-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity FrameworkStep-by-Step Implementation of the Essential 8 Cybersecurity Framework
Step-by-Step Implementation of the Essential 8 Cybersecurity Framework
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Overcoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRAOvercoming the Challenges of Conducting a SRA
Overcoming the Challenges of Conducting a SRA
 
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 

Recently uploaded

Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 

ISO 27001 INFORMATION TECHNOLOGY MANAGEMENT SYSTEM

  • 1. ISO 27001:2013 Information Security Management System For more questions please mail me at anwarrose16@gmail.com RA
  • 2. ISO 27001 ◦ ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.
  • 3. Summary of Clauses ◦ Clause 1: Scope ◦ Clause 2: Normative References ◦ Clause 3: Terms and Definitions ◦ Clause 4: Context of Organisation ◦ Clause 5: Leadership ◦ Clause 6: Planning ◦ Clause 7: Support ◦ Clause 8: Operation ◦ Clause 9: Performance Evaluation ◦ Clause 10: Continual Improvement 8.1 Operational Planning and Control 8.2 Information security risk assessment 8.3 Information security risk treatment 6.1 Actions to address risk and opportunities 6.2 IT objectives and planning to achieve them
  • 4. Controls Hierarchy Manual Require human intervention Vs. Automated Rely on computers to reduce human intervention Detective Preventive Designed to search for and identify errors after they have occurred Designed to discourage or preempt errors or irregularities from occurring Vs.
  • 5. ISO 27002: Code of Practice for Information Security Management
  • 6. Security Domains – ISO 27001:2013 1. Scope, Information Security Management System 2. Information Security Policies (A.5) 3. Organization of Information Security (A.6) 4. Human Resource Security (A.7) 5. Asset Management (A.8) 6. Access Control (A.9) 7. Cryptography (A.10) 8. Physical and Environmental Security (A.11) 9. Operations Security (A.12) 10. Communications Security (A.13) 11. System Acquisition, Development, and Maintenance (A.14) 12. Supplier Relationships (A.15) 13. Information Security Incident Management (A.16) 14. Information Security Aspects of Business Continuity Management (A.17) 15. Compliance (A.18) ◦ & risk assessment… 114 Controls Annex A
  • 7. Risk Assessment- Asset Based # Document Purpose Owner 1 Asset Register Identify critical business information, where it exists, and who owns it Respective Team 2 Risk Assessment Identify potential data loss or security threats and resulting impact to the business Respective Team 3 Risk Treatment Plan (RTP) Define the preferred procedure the organization should follow in the event of a security breach. Additional security controls to be implemented are recommended here. Respective Team 4 Implementation Procedure Lists all current controls in place to ensure security. Once additional controls from RTP are implemented, they will be added here. Respective Team • Accept • Mitigate • Transfer • Avoid Lists all applicable controls from the previous slide