This document is a presentation on information security and business continuity. It covers topics such as ISO 27001 on information security, risk management, laws relating to information security in Qatar, and examples of product recalls due to incidents. The presentation provides an overview of ISO 27001, including its structure following the PDCA model and the roles of internal and external interested parties. It also discusses why information needs protection due to threats and vulnerabilities, and the principles of information security management systems.

1. www.intertek.com1
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 1Issue 2 © Intertek QATAR www.intertek.com
1
Welcome to the Seminar on
INFORMATION SECURITY
(ISO 27001:2015)
&
BUSINESS CONTINUTIY
(ISO 22301:2013)
QATAR 25th
November 2015

2. www.intertek.com2
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 2www.intertek.com2Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview Today we shall be covering following topics
INFORMATION SECURITY
BUSINESS CONTINUITY
RISK MANAGEMENT

3. www.intertek.com3
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 3Issue 2 © Intertek QATAR www.intertek.com
3
AN ORIENTATION
Welcome to the Seminar on ISO 27001:2013- QATAR

4. www.intertek.com4
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 4
4

5. www.intertek.com5
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 5
5

6. www.intertek.com6
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 6
CQIMC LA PPT 2 Ver 0.2 6
Hackers target business secrets
28 March 2011 http://www.bbc.co.uk/news/technology-12864666
• Intellectual property and business secrets target for cyber thieves
• McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code.
• It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres.
• The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an
insider or cyber thieves.
• In some cases, companies made the job of the criminals easier because they did little to censor useful information
about a corporate's culture or structure revealed in e-mails and other messages.
• 2010 -Stuxnet virus targeted industrial plant equipment.
• 2011-attacks on petrochemical firms, the London Stock Exchange, the European Commission .

7. www.intertek.com7
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 7
7CQIMC LA PPT 2 Ver 0.2

8. www.intertek.com8
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 8
8
Some Videos
MASSIVE PERSONAL DATA
BREACH IN US ?PRINTERS
VULNERABILITIES ?

9. www.intertek.com9
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 9
9

10. www.intertek.com10
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 10
InformationThe value of information goes beyond the written words, numbers and images:
knowledge, concepts, ideas and brands are examples of intangible forms of
information. In an interconnected world, information and related processes,
systems, networks and personnel involved in their operation, handling
and protection are assets that, like other important business assets, are valuable
to an organization’s business and consequently deserve or require protection
against various hazards.
ISO/IEC 27002:2013
Ver2.0 21 June 2014

11. www.intertek.com11
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 11
11
WHAT IS
OF INFORMATION ?

12. www.intertek.com12
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 12
Availability – the property of being accessible and
usable upon demand by an authorised
entity
The elements of information security
12
CQIMC LA PPT 2 Ver 0.2

13. www.intertek.com13
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 13
Information
CQIMC LA PPT 2 Ver 0.2 13
act of informing –
what is conveyed or represented by a particular arrangement or sequence of things.
data as processed, stored, or transmitted by a computer.
facts provided or learned about something or someone.

14. www.intertek.com14
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 14
Where is information residing .?
14
Information – is of value to the organization, consequently requires adequate protection!
Information needs to be protected !

15. www.intertek.com15
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 15
15
Standards Considered in this Module
REQUIREMENT - CERTIFIABLE GUIDELINES – NON - CERTIFIABLE

16. www.intertek.com16Issue 2 © Intertek QATAR www.intertek.com 16
Information Security OverviewInformation Security Overview
www.intertek.com16Issue 1 © Intertek QATAR www.intertek.com
ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW
ISO 27001 : 2013

17. www.intertek.com17
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 17
17

18. www.intertek.com18
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 18www.intertek.com18Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview
EXTERNAL INTERESTED PARTIES INTERNAL INTEREST ED PARTIES
A
B
C
D
E
G
F
H
ISO 27001:2013

19. www.intertek.com19
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 19www.intertek.com19Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview

20. www.intertek.com20
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 20www.intertek.com20Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview

21. www.intertek.com21
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 21
Information security
Information security –
preservation of confidentiality, Integrity and availability of information .
In addition, other properties, such as authenticity, accountability (2.2), non-
repudiation (2.49), and reliability (2.56) can also be involved.
21

22. www.intertek.com22
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 22
Need to secure Information ?
22
YES >YES > because of THREATS & VULNERABILITIESbecause of THREATS & VULNERABILITIES

23. www.intertek.com23
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 23
23
Info Security Attack can impact

24. www.intertek.com24
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 24
24
ISO 27000:2014
ISMS PRINCIPLES

25. www.intertek.com25
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 25
The structure of ISO 27001:2013
CQIMC LA PPT 2 Ver 0.2
ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in
order to be aligned with all the other management standards – this is
already evident in ISO 22301, the new business continuity management
standard. The main clauses now in all the management standards is /
and :
0 Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
5 Leadership
6 Planning
7 Support
8 Operation
P D C A ISO 27001:2013 Clauses
PLAN 1, 4, 5, 6 & 7 > PLANNING, 4, 5, 6 & 7 > PLANNING
DO 8 > OPERATION
CHECK 9 > PERFORMANCE EVALUATION9 > PERFORMANCE EVALUATION
ACT 10 > IMPROVEMENT10 > IMPROVEMENT

26. www.intertek.com26
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 26www.intertek.com26Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview

27. www.intertek.com27
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 27www.intertek.com27Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview
ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in
order to be aligned with all the other management standards – this is
already evident in ISO 22301, the new business continuity management
standard. The main clauses now in all the management standards is /
and :
0 Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
5 Leadership
6 Planning

28. www.intertek.com28
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 28
28
1. Qatar HR Law 2009;
2. Qatar Law of Trademark & Commercial Indications Law no. 3 1978;
3. Qatar Copywrite Law no.25 1995;
4. Qatar Public Telecommunications Law no.13 1987;
LAWS OF THE LAND – Impacting Information Security

29. www.intertek.com29
Information Security OverviewInformation Security Overview
Issue 2 © Intertek QATAR www.intertek.com 29www.intertek.com29Issue 1 © Intertek QATAR www.intertek.com
Information Security OverviewInformation Security Overview 4 PHASES OF RISK MANAGEMENT

30. www.intertek.com30Issue 2 © Intertek QATAR www.intertek.com 30
Information Security OverviewInformation Security Overview
www.intertek.com30Issue 1 © Intertek QATAR www.intertek.com
ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW
30
Incident > Product Withdrawal and Product Recall
Mattel recalls 1.5 million toys:
http://www.youtube.com/watch?v=NlsvfXAQ5v8&fea
Lead contamination – Toxic levels of Lead pain
lawsuit:
http://www.youtube.com/watch?v=3DL4dleEz7I

31. www.intertek.com31Issue 2 © Intertek QATAR www.intertek.com 31
Information Security OverviewInformation Security Overview
www.intertek.com31Issue 1 © Intertek QATAR www.intertek.com
ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW
The 2009 Toyota 9 Million Car Recall
Toyota Motor Corp. recalled approximately 9 million vehicles in the United States, which was the company’s
largest-ever U.S. recall. The purpose of the recall was to address quality assurance and quality control
problems with a removable floor mat that could cause accelerators to get stuck and potentially lead to a crash.
(Source: Toyota recalls 3.8 million vehicles, MSNBC.com)
Incident > Product Withdrawal and Product Recall

32. www.intertek.com32Issue 2 © Intertek QATAR www.intertek.com 32
Information Security OverviewInformation Security Overview
www.intertek.com32Issue 1 © Intertek QATAR www.intertek.com
ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO
PERFECTION / NON-CONFORMANCE

33. www.intertek.com33Issue 2 © Intertek QATAR www.intertek.com 33
Information Security OverviewInformation Security Overview
www.intertek.com33Issue 1 © Intertek QATAR www.intertek.com
ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO
PERFECTION / NON-CONFORMANCE

34. www.intertek.com34Issue 2 © Intertek QATAR www.intertek.com 34
Information Security OverviewInformation Security Overview
www.intertek.com34Issue 1 © Intertek QATAR www.intertek.com
ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW
Now let us understand BCMS
THANK YOU !