SlideShare a Scribd company logo

ISO 27001 2013 isms final overview

Download as PPS, PDF
N
Naresh Rao

This document is a presentation on information security and business continuity. It covers topics such as ISO 27001 on information security, risk management, laws relating to information security in Qatar, and examples of product recalls due to incidents. The presentation provides an overview of ISO 27001, including its structure following the PDCA model and the roles of internal and external interested parties. It also discusses why information needs protection due to threats and vulnerabilities, and the principles of information security management systems.

Business
1 of 34
www.intertek.com1 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 1Issue 2 © Intertek QATAR www.intertek.com 1 Welcome to the Seminar on INFORMATION SECURITY (ISO 27001:2015) & BUSINESS CONTINUTIY (ISO 22301:2013) QATAR 25th November 2015
www.intertek.com2 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 2www.intertek.com2Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview Today we shall be covering following topics INFORMATION SECURITY BUSINESS CONTINUITY RISK MANAGEMENT
www.intertek.com3 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 3Issue 2 © Intertek QATAR www.intertek.com 3 AN ORIENTATION Welcome to the Seminar on ISO 27001:2013- QATAR
www.intertek.com4 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 4 4
www.intertek.com5 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 5 5
www.intertek.com6 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 6 CQIMC LA PPT 2 Ver 0.2 6 Hackers target business secrets 28 March 2011 http://www.bbc.co.uk/news/technology-12864666 • Intellectual property and business secrets target for cyber thieves • McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code. • It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres. • The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an insider or cyber thieves. • In some cases, companies made the job of the criminals easier because they did little to censor useful information about a corporate's culture or structure revealed in e-mails and other messages. • 2010 -Stuxnet virus targeted industrial plant equipment. • 2011-attacks on petrochemical firms, the London Stock Exchange, the European Commission .
www.intertek.com7 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 7 7CQIMC LA PPT 2 Ver 0.2
www.intertek.com8 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 8 8 Some Videos MASSIVE PERSONAL DATA BREACH IN US ?PRINTERS VULNERABILITIES ?
www.intertek.com9 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 9 9
www.intertek.com10 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 10 InformationThe value of information goes beyond the written words, numbers and images: knowledge, concepts, ideas and brands are examples of intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets that, like other important business assets, are valuable to an organization’s business and consequently deserve or require protection against various hazards. ISO/IEC 27002:2013 Ver2.0 21 June 2014
www.intertek.com11 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 11 11 WHAT IS OF INFORMATION ?
www.intertek.com12 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 12 Availability – the property of being accessible and usable upon demand by an authorised entity The elements of information security 12 CQIMC LA PPT 2 Ver 0.2
www.intertek.com13 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 13 Information CQIMC LA PPT 2 Ver 0.2 13 act of informing – what is conveyed or represented by a particular arrangement or sequence of things. data as processed, stored, or transmitted by a computer. facts provided or learned about something or someone.
www.intertek.com14 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 14 Where is information residing .? 14 Information – is of value to the organization, consequently requires adequate protection! Information needs to be protected !
www.intertek.com15 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 15 15 Standards Considered in this Module REQUIREMENT - CERTIFIABLE GUIDELINES – NON - CERTIFIABLE
www.intertek.com16Issue 2 © Intertek QATAR www.intertek.com 16 Information Security OverviewInformation Security Overview www.intertek.com16Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW ISO 27001 : 2013
www.intertek.com17 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 17 17
www.intertek.com18 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 18www.intertek.com18Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview EXTERNAL INTERESTED PARTIES INTERNAL INTEREST ED PARTIES A B C D E G F H ISO 27001:2013
www.intertek.com19 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 19www.intertek.com19Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
www.intertek.com20 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 20www.intertek.com20Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
www.intertek.com21 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 21 Information security Information security – preservation of confidentiality, Integrity and availability of information . In addition, other properties, such as authenticity, accountability (2.2), non- repudiation (2.49), and reliability (2.56) can also be involved. 21
www.intertek.com22 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 22 Need to secure Information ? 22 YES >YES > because of THREATS & VULNERABILITIESbecause of THREATS & VULNERABILITIES
www.intertek.com23 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 23 23 Info Security Attack can impact
www.intertek.com24 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 24 24 ISO 27000:2014 ISMS PRINCIPLES
www.intertek.com25 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 25 The structure of ISO 27001:2013 CQIMC LA PPT 2 Ver 0.2 ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation P D C A ISO 27001:2013 Clauses PLAN 1, 4, 5, 6 & 7 > PLANNING, 4, 5, 6 & 7 > PLANNING DO 8 > OPERATION CHECK 9 > PERFORMANCE EVALUATION9 > PERFORMANCE EVALUATION ACT 10 > IMPROVEMENT10 > IMPROVEMENT
www.intertek.com26 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 26www.intertek.com26Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
www.intertek.com27 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 27www.intertek.com27Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning
www.intertek.com28 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 28 28 1. Qatar HR Law 2009; 2. Qatar Law of Trademark & Commercial Indications Law no. 3 1978; 3. Qatar Copywrite Law no.25 1995; 4. Qatar Public Telecommunications Law no.13 1987; LAWS OF THE LAND – Impacting Information Security
www.intertek.com29 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 29www.intertek.com29Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview 4 PHASES OF RISK MANAGEMENT
www.intertek.com30Issue 2 © Intertek QATAR www.intertek.com 30 Information Security OverviewInformation Security Overview www.intertek.com30Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW 30 Incident > Product Withdrawal and Product Recall Mattel recalls 1.5 million toys: http://www.youtube.com/watch?v=NlsvfXAQ5v8&fea Lead contamination – Toxic levels of Lead pain lawsuit: http://www.youtube.com/watch?v=3DL4dleEz7I
www.intertek.com31Issue 2 © Intertek QATAR www.intertek.com 31 Information Security OverviewInformation Security Overview www.intertek.com31Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW The 2009 Toyota 9 Million Car Recall Toyota Motor Corp. recalled approximately 9 million vehicles in the United States, which was the company’s largest-ever U.S. recall. The purpose of the recall was to address quality assurance and quality control problems with a removable floor mat that could cause accelerators to get stuck and potentially lead to a crash. (Source: Toyota recalls 3.8 million vehicles, MSNBC.com) Incident > Product Withdrawal and Product Recall
www.intertek.com32Issue 2 © Intertek QATAR www.intertek.com 32 Information Security OverviewInformation Security Overview www.intertek.com32Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
www.intertek.com33Issue 2 © Intertek QATAR www.intertek.com 33 Information Security OverviewInformation Security Overview www.intertek.com33Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
www.intertek.com34Issue 2 © Intertek QATAR www.intertek.com 34 Information Security OverviewInformation Security Overview www.intertek.com34Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW Now let us understand BCMS THANK YOU !

Recommended

ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 

Recommended

ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 

More Related Content

What's hot

Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
NA Putra
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 

What's hot (20)

Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 

Viewers also liked

Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
Verde Ventures Pvt. Ltd.
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
APEXMarCom
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
blank_CV_template_Microsoft_Word
blank_CV_template_Microsoft_Wordblank_CV_template_Microsoft_Word
blank_CV_template_Microsoft_Wordkhulekani nxumalo
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsHow to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 Reports
Salvi Jansen
 
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
iFour Consultancy
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001
Dipin Sharma
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
Satya P. Joshi
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
iFour Consultancy
 
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurança
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurançaMemória de aula 05 segurança e auditoria de sistemas - organizando a segurança
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurançaPaulo Garcia
 

Viewers also liked (19)

Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013Friday Forum ISO 27001: 2013
Friday Forum ISO 27001: 2013
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
 
blank_CV_template_Microsoft_Word
blank_CV_template_Microsoft_Wordblank_CV_template_Microsoft_Word
blank_CV_template_Microsoft_Word
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsHow to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 Reports
 
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
 
Damco iso 27001
Damco iso 27001Damco iso 27001
Damco iso 27001
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
 
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurança
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurançaMemória de aula 05 segurança e auditoria de sistemas - organizando a segurança
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurança
 

Similar to ISO 27001 2013 isms final overview

Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management OverviewNaresh Rao
 
Risk management overview
Risk management overviewRisk management overview
Risk management overview
Naresh Rao
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
SecPod
 
How to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNowHow to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNow
SecPod
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
ssuser365526
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
EBERTE
 
Chapter 01 - Exploring the Network
Chapter 01 - Exploring the NetworkChapter 01 - Exploring the Network
Chapter 01 - Exploring the Network
Yaser Rahmati
 
CCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The NetworkCCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The Network
Vuz Dở Hơi
 
Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02
Mustapha Kohili
 
Chapter 1 : Exploring the Network
Chapter 1 : Exploring the NetworkChapter 1 : Exploring the Network
Chapter 1 : Exploring the Network
teknetir
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
Moti Sagey מוטי שגיא
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
Jack Shaffer
 
01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection
Directorate of Information Security | Ditjen Aptika
 
Kubernetes Hardening Guidance
Kubernetes Hardening GuidanceKubernetes Hardening Guidance
Kubernetes Hardening Guidance
Alex492583
 
CIP IT Governance 5.0 Solution Guide for ArcSight Logger
CIP IT Governance 5.0 Solution Guide for ArcSight LoggerCIP IT Governance 5.0 Solution Guide for ArcSight Logger
CIP IT Governance 5.0 Solution Guide for ArcSight Logger
protect724rkeer
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
Ivan Carmona
 
How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?
SecPod
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11
Hamza Malik
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
TI Safe
 

Similar to ISO 27001 2013 isms final overview (20)

Risk Management Overview
Risk Management OverviewRisk Management Overview
Risk Management Overview
 
Risk management overview
Risk management overviewRisk management overview
Risk management overview
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
How to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNowHow to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNow
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
 
Chapter 01 - Exploring the Network
Chapter 01 - Exploring the NetworkChapter 01 - Exploring the Network
Chapter 01 - Exploring the Network
 
CCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The NetworkCCNAv5 - S1: Chapter 1 Exploring The Network
CCNAv5 - S1: Chapter 1 Exploring The Network
 
Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02Itninstructorpptchapter1final 141024004546-conversion-gate02
Itninstructorpptchapter1final 141024004546-conversion-gate02
 
Chapter 1 : Exploring the Network
Chapter 1 : Exploring the NetworkChapter 1 : Exploring the Network
Chapter 1 : Exploring the Network
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
 
Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018Cybersecurity Presentation at WVONGA spring meeting 2018
Cybersecurity Presentation at WVONGA spring meeting 2018
 
01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection01. Critical Information Infrastructure Protection
01. Critical Information Infrastructure Protection
 
Kubernetes Hardening Guidance
Kubernetes Hardening GuidanceKubernetes Hardening Guidance
Kubernetes Hardening Guidance
 
CIP IT Governance 5.0 Solution Guide for ArcSight Logger
CIP IT Governance 5.0 Solution Guide for ArcSight LoggerCIP IT Governance 5.0 Solution Guide for ArcSight Logger
CIP IT Governance 5.0 Solution Guide for ArcSight Logger
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomi
 
How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?
 
Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11Ccna v5-S1-Chapter 11
Ccna v5-S1-Chapter 11
 
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim[CLASS2014] Palestra Técnica - Franzvitor Fiorim
[CLASS2014] Palestra Técnica - Franzvitor Fiorim
 

Recently uploaded

Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
anasabutalha2013
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
zechu97
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 

Recently uploaded (20)

Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
anas about venice for grade 6f about venice
anas about venice for grade 6f about veniceanas about venice for grade 6f about venice
anas about venice for grade 6f about venice
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 

ISO 27001 2013 isms final overview

  • 1. www.intertek.com1 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 1Issue 2 © Intertek QATAR www.intertek.com 1 Welcome to the Seminar on INFORMATION SECURITY (ISO 27001:2015) & BUSINESS CONTINUTIY (ISO 22301:2013) QATAR 25th November 2015
  • 2. www.intertek.com2 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 2www.intertek.com2Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview Today we shall be covering following topics INFORMATION SECURITY BUSINESS CONTINUITY RISK MANAGEMENT
  • 3. www.intertek.com3 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 3Issue 2 © Intertek QATAR www.intertek.com 3 AN ORIENTATION Welcome to the Seminar on ISO 27001:2013- QATAR
  • 4. www.intertek.com4 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 4 4
  • 5. www.intertek.com5 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 5 5
  • 6. www.intertek.com6 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 6 CQIMC LA PPT 2 Ver 0.2 6 Hackers target business secrets 28 March 2011 http://www.bbc.co.uk/news/technology-12864666 • Intellectual property and business secrets target for cyber thieves • McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code. • It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres. • The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an insider or cyber thieves. • In some cases, companies made the job of the criminals easier because they did little to censor useful information about a corporate's culture or structure revealed in e-mails and other messages. • 2010 -Stuxnet virus targeted industrial plant equipment. • 2011-attacks on petrochemical firms, the London Stock Exchange, the European Commission .
  • 7. www.intertek.com7 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 7 7CQIMC LA PPT 2 Ver 0.2
  • 8. www.intertek.com8 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 8 8 Some Videos MASSIVE PERSONAL DATA BREACH IN US ?PRINTERS VULNERABILITIES ?
  • 9. www.intertek.com9 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 9 9
  • 10. www.intertek.com10 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 10 InformationThe value of information goes beyond the written words, numbers and images: knowledge, concepts, ideas and brands are examples of intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets that, like other important business assets, are valuable to an organization’s business and consequently deserve or require protection against various hazards. ISO/IEC 27002:2013 Ver2.0 21 June 2014
  • 11. www.intertek.com11 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 11 11 WHAT IS OF INFORMATION ?
  • 12. www.intertek.com12 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 12 Availability – the property of being accessible and usable upon demand by an authorised entity The elements of information security 12 CQIMC LA PPT 2 Ver 0.2
  • 13. www.intertek.com13 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 13 Information CQIMC LA PPT 2 Ver 0.2 13 act of informing – what is conveyed or represented by a particular arrangement or sequence of things. data as processed, stored, or transmitted by a computer. facts provided or learned about something or someone.
  • 14. www.intertek.com14 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 14 Where is information residing .? 14 Information – is of value to the organization, consequently requires adequate protection! Information needs to be protected !
  • 15. www.intertek.com15 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 15 15 Standards Considered in this Module REQUIREMENT - CERTIFIABLE GUIDELINES – NON - CERTIFIABLE
  • 16. www.intertek.com16Issue 2 © Intertek QATAR www.intertek.com 16 Information Security OverviewInformation Security Overview www.intertek.com16Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW ISO 27001 : 2013
  • 17. www.intertek.com17 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 17 17
  • 18. www.intertek.com18 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 18www.intertek.com18Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview EXTERNAL INTERESTED PARTIES INTERNAL INTEREST ED PARTIES A B C D E G F H ISO 27001:2013
  • 19. www.intertek.com19 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 19www.intertek.com19Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
  • 20. www.intertek.com20 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 20www.intertek.com20Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
  • 21. www.intertek.com21 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 21 Information security Information security – preservation of confidentiality, Integrity and availability of information . In addition, other properties, such as authenticity, accountability (2.2), non- repudiation (2.49), and reliability (2.56) can also be involved. 21
  • 22. www.intertek.com22 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 22 Need to secure Information ? 22 YES >YES > because of THREATS & VULNERABILITIESbecause of THREATS & VULNERABILITIES
  • 23. www.intertek.com23 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 23 23 Info Security Attack can impact
  • 24. www.intertek.com24 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 24 24 ISO 27000:2014 ISMS PRINCIPLES
  • 25. www.intertek.com25 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 25 The structure of ISO 27001:2013 CQIMC LA PPT 2 Ver 0.2 ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation P D C A ISO 27001:2013 Clauses PLAN 1, 4, 5, 6 & 7 > PLANNING, 4, 5, 6 & 7 > PLANNING DO 8 > OPERATION CHECK 9 > PERFORMANCE EVALUATION9 > PERFORMANCE EVALUATION ACT 10 > IMPROVEMENT10 > IMPROVEMENT
  • 26. www.intertek.com26 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 26www.intertek.com26Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
  • 27. www.intertek.com27 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 27www.intertek.com27Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning
  • 28. www.intertek.com28 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 28 28 1. Qatar HR Law 2009; 2. Qatar Law of Trademark & Commercial Indications Law no. 3 1978; 3. Qatar Copywrite Law no.25 1995; 4. Qatar Public Telecommunications Law no.13 1987; LAWS OF THE LAND – Impacting Information Security
  • 29. www.intertek.com29 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 29www.intertek.com29Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview 4 PHASES OF RISK MANAGEMENT
  • 30. www.intertek.com30Issue 2 © Intertek QATAR www.intertek.com 30 Information Security OverviewInformation Security Overview www.intertek.com30Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW 30 Incident > Product Withdrawal and Product Recall Mattel recalls 1.5 million toys: http://www.youtube.com/watch?v=NlsvfXAQ5v8&fea Lead contamination – Toxic levels of Lead pain lawsuit: http://www.youtube.com/watch?v=3DL4dleEz7I
  • 31. www.intertek.com31Issue 2 © Intertek QATAR www.intertek.com 31 Information Security OverviewInformation Security Overview www.intertek.com31Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW The 2009 Toyota 9 Million Car Recall Toyota Motor Corp. recalled approximately 9 million vehicles in the United States, which was the company’s largest-ever U.S. recall. The purpose of the recall was to address quality assurance and quality control problems with a removable floor mat that could cause accelerators to get stuck and potentially lead to a crash. (Source: Toyota recalls 3.8 million vehicles, MSNBC.com) Incident > Product Withdrawal and Product Recall
  • 32. www.intertek.com32Issue 2 © Intertek QATAR www.intertek.com 32 Information Security OverviewInformation Security Overview www.intertek.com32Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
  • 33. www.intertek.com33Issue 2 © Intertek QATAR www.intertek.com 33 Information Security OverviewInformation Security Overview www.intertek.com33Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
  • 34. www.intertek.com34Issue 2 © Intertek QATAR www.intertek.com 34 Information Security OverviewInformation Security Overview www.intertek.com34Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW Now let us understand BCMS THANK YOU !

Editor's Notes

  1. The meaning of “Information” having value to the owner (individual / equipment)…information flows always from Sender to Receiver. If the information is breached (even cause may be very trivial), loss happens to the owner and the other party gets benefitted.
  2. The Information restores in three media – Electronic Media and / or Human Brain and / or Documents Also note that the controls on vulnerabilities, can be put on electronic media and / or Documents …human brain..only personnel intent cannot be conrolled
  3. Confidentiality : property that information is not made available or disclosed to unauthorized individuals, entities, or processes Integrity : property of accuracy and completeness Availability : property of being accessible and usable upon demand by an authorized entity In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.
  4. Principles are the basis of believes… guides one to be in right direction. Just like 8 Management Principles. Information Security Management System also has basic 9 principles in place, which Organization has to implement and an Auditor