SlideShare a Scribd company logo

PECB Webinar: The alignment of Information Security in Service Management

PECB
PECB

The webinar covers: • Using ISO 27001 and/or COBIT as a framework • Defining the proper KPI’s • Information security in service management Presenter: This session was presented by Arthur Donkers, Managing Partner of ITSX and a PECB Certified Trainer with more than 30 years of experience. Link of the recorded session published on YouTube: https://youtu.be/epYUd3mzKzo

Education
1 of 42
Service Management and Infosec How do they work together?
Agenda What is this all about? Who am I? Align what? Now what?
Why? Can service management and infosec live happily ever after? And why bother in the first place?
Who am I? Interested in info sec, technology and organisation Trainer for PECB (ISO27001, 27005, 31000) Convinced that Infosec is a means to an end, not a purpose in itself arthur@itsx.com
And please … Don’t call Information Security cyber …
Managing expectations This webinar contains some opinions and personal views that are meant to trigger your own questions and considerations. Service management, infosec and other domains used to be islands. If you want to serve your customer by providing best of breed, you need to build bridges.
ITIL ITIL (Information Technology Service Library): a set of practices for IT Service Management aligns IT services and business needs Focus on delivering what the business needs the ‘what’ … ITIL is copyright of Axelos
ITIL ‘loop’
ISO20000-1 SMS (Service Management System) standard requirements for a service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS Focus on managing service delivery the ‘how’
Service Management System
Quality A key factor for proper service delivery is the quality of the service delivered. According to ISO 8402-1986 standard, quality is defined as: "the totality of features and characteristics of a product or service that bears its ability to satisfy stated or implied needs."
Quality Stated needs are clearly described, i.e. the things the customers wants. Implied needs are inferred, often the non- functional requirements, or requirements that are taken for granted.
Is infosec stated or implied? This depends on the scope of the service and customer! A managed firewall service has stated security requirements. A cloud based service often has implied security requirements.
Make all infosec requirements clear First thing that needs to be done is to make all infosec requirements clear and stated. Business needs and drivers are leading! • Business Impact analysis • Data classification • Risk assessments
RA and BIA
Infosec requirements How do you make sure your requirements are complete? Use an information security framework! • COBIT • ISO27001 • PCI/DSS • HIPAA
COBIT process model
ISO27001 ISMS
Aligning ISO27001 ISO 27001:2013 consists of two parts: ISMS requirements (mandatory for certification) Chapters 4 to 10 from the standard Control framework, Annex A ( ‘the list’) 14 domains with security controls Annex A is also available as ISO27002 guideline http://www.iso27001security.com/ is a good source of information
ISO27001, context This requires you to understand the context, environment, needs and expectations of interested parties and stakeholders. Infosec must support the business goals and assure proper service delivery by understanding needs and expectations. (Chapter 4)
ISO27001, context Make sure you understand the context of the service, the related business goals and associated security requirements! Make sure the security requirements are traceable in the service delivery.
ISO27001, leadership Top management must demonstrate leadership and commitment and provide resources. Organisation must support proper service delivery on all levels, including fulfilling the security requirements, and make sufficient resources available. (Chapter 5)
ISO27001, leadership Clear and visible commitment is key for succes. Information security should be an integral part and not an add-on or bandaid. This must be clear throughout the organisation.
ISO27001, planning Use a process based approach to managing risks and clarify infosec objectives. Objective of security requirements must be clear from service management point of view and risks must be identified, analyzed and treated in a planned and organized way. (Chapter 6)
ISO27001, planning It is necessary to think and plan ahead. Include information security from the start in your service delivery. Retrofitting security is difficult, ineffective, costly, will delay your project and does not serve the customer at the end of the day.
ISO27001, support Adequate and competent resources must be used, documentation must be maintained. Use skilled professionals and tools to fulfill the security requirements, document the way things should work. (Chapter 7)
ISO27001, support Information security is a specialized field which requires skills, experience and proper tools. Use them! If you only have a hammer, all your problems look like a nail… (Maslov)
ISO27001, operation Daily management of risk, changes and documentation, to maintain and assure required security levels. Part of the service operation is assuring its required security levels. (Chapter 8)
ISO27001, operation Security should be part of your service level and daily operations must be geared towards maintaining the expected security level. Most security frameworks provide controls for security operations (ISO27002)
ISO27001, performance evaluation Monitor, measure, analyze and evaluate the performance of the ISMS and controls. Measure the effectiveness of security in the service and improve where necessary. KPI and KRI reports. (Chapter 9)
ISO27001, performance evaluation You need to make sure you can ‘measure’ the security levels in your service. Define KPI’s and KRI’s (Key Risk Indicators) that can be used in reports. Define desired security levels in SLA’s. This gives you a means to improve on security and increase effectiveness and efficiency.
ISO27001, improvement Use findings from audits, problem management and reviews to continuously improve security. Aim for improving the effectiveness and efficiency of security within the service, as part of the whole improvement process. (Chapter 10)
ISO27001, improvement
ISO27001, summary These areas are part of the mandatory ISO27001 standard. Their goal is to get in control of information security, using a plan-do-check-act approach. IMHO: this is easy to align with service delivery, as most of these models are based on PDCA as well, infosec is ‘just’ an additional quality aspect.
ISO27002, control domains To support implementing information security, the Annex A (or ISO27002) is available. It is not mandatory but it is a good checklist to make sure you don’t forget important controls. 14 domains, more than just IT!
ISO27002, control domains
ISO27002, highlights Chapter 5: policies Sets the standards, principles and goals Chapter 6: organisation of information security Who is responsible, roles and decisionmaking Chapter 8: Asset management What do we need to protect
ISO27002, highlights Chapter 12: operations security Security in your daily systems management Chapter 13: communications security Security in your daily network management Chapter 14: Systems acquisition Security requirements in outsourcing and development
ISO27002, highlights Chapter 15: supplier relationships Addressing security requirements with your suppliers Chapter 16: incident management What to do when something goes wrong Chapter 17: Business continuity How to guarantee delivery of service
ISO27002, highlights Chapter 18: compliance Make sure all laws, regulations and standards are abided by and adhered to.
Critical successfactors Delivering quality to customer is central Work from the business goals and drivers Commitment across the whole organisation
Finally… In the end, it is all about people and communication

Recommended

Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionAn Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
PT Datacomm Diangraha
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticeMicrosoft Private Cloud
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
Rundeck
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
Suman Debnath
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...
Amazon Web Services
 

Recommended

Cloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalCloud Services Integration Automation-External
Cloud Services Integration Automation-ExternalSukumar Nayak
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak
 
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm SolutionAn Easy Way to Adopt Hybrid Cloud, Datacomm Solution
An Easy Way to Adopt Hybrid Cloud, Datacomm Solution
PT Datacomm Diangraha
 
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Security for Cloud Computing: 10 Steps to Ensure Success V3.0
Cloud Standards Customer Council
 
Presentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticePresentation on How to build your Windows Azure Practice
Presentation on How to build your Windows Azure PracticeMicrosoft Private Cloud
 
Introducing PagerDuty Process Automation
Introducing PagerDuty Process AutomationIntroducing PagerDuty Process Automation
Introducing PagerDuty Process Automation
Rundeck
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
Suman Debnath
 
How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...How News Corp Secured Their Digital Transformation through Identity and Acces...
How News Corp Secured Their Digital Transformation through Identity and Acces...
Amazon Web Services
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloud
Sourabh Saxena
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
David J Rosenthal
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
RapidValue
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
RightScale
 
Azure Hybid
Azure HybidAzure Hybid
Azure Hybid
Thomas Treml
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Chad Lawler
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
Cloud Oracle
Cloud Oracle Cloud Oracle
Cloud Oracle
Fran Navarro
 
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale Webinar: Key Considerations For Cloud Migration and PortabilityRightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Cloud Migration Strategy
Cloud Migration StrategyCloud Migration Strategy
Cloud Migration Strategy
CipherSpace
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeDavid Linthicum
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
Rex Wang
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
Mike Kavis
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
Amazon Web Services
 
Innovating with AWS: How Microservices on AWS Can Transform Your Business
Innovating with AWS: How Microservices on AWS Can Transform Your BusinessInnovating with AWS: How Microservices on AWS Can Transform Your Business
Innovating with AWS: How Microservices on AWS Can Transform Your Business
Amazon Web Services
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas Technology
Unnikrishnan P
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Alicja Sieminska
 
Word formation
Word formationWord formation
Word formationRama Younes
 
Royal Cyber Inc. IBM DevOps® Expertise
Royal Cyber Inc. IBM DevOps® ExpertiseRoyal Cyber Inc. IBM DevOps® Expertise
Royal Cyber Inc. IBM DevOps® Expertise
Noman Butt
 

More Related Content

What's hot

Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
Maganathin Veeraragaloo
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloud
Sourabh Saxena
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
David J Rosenthal
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
RapidValue
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
RightScale
 
Azure Hybid
Azure HybidAzure Hybid
Azure Hybid
Thomas Treml
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Chad Lawler
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Graeme Wood
 
Cloud Oracle
Cloud Oracle Cloud Oracle
Cloud Oracle
Fran Navarro
 
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale Webinar: Key Considerations For Cloud Migration and PortabilityRightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
Techcello
 
Cloud Migration Strategy
Cloud Migration StrategyCloud Migration Strategy
Cloud Migration Strategy
CipherSpace
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeDavid Linthicum
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
Rex Wang
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
Mike Kavis
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
Amazon Web Services
 
Innovating with AWS: How Microservices on AWS Can Transform Your Business
Innovating with AWS: How Microservices on AWS Can Transform Your BusinessInnovating with AWS: How Microservices on AWS Can Transform Your Business
Innovating with AWS: How Microservices on AWS Can Transform Your Business
Amazon Web Services
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerationsMike Kavis
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas Technology
Unnikrishnan P
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Alicja Sieminska
 

What's hot (20)

Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Cloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloudCloud computing and migration strategies to cloud
Cloud computing and migration strategies to cloud
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 
Azure Hybid
Azure HybidAzure Hybid
Azure Hybid
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Vmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend MicroVmware Seminar Security & Compliance for the cloud with Trend Micro
Vmware Seminar Security & Compliance for the cloud with Trend Micro
 
Cloud Oracle
Cloud Oracle Cloud Oracle
Cloud Oracle
 
RightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale Webinar: Key Considerations For Cloud Migration and PortabilityRightScale Webinar: Key Considerations For Cloud Migration and Portability
RightScale Webinar: Key Considerations For Cloud Migration and Portability
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Cloud Migration Strategy
Cloud Migration StrategyCloud Migration Strategy
Cloud Migration Strategy
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First Time
 
Oracle Cloud Computing Strategy
Oracle Cloud Computing StrategyOracle Cloud Computing Strategy
Oracle Cloud Computing Strategy
 
Cloud Computing Design Considerations
Cloud Computing Design ConsiderationsCloud Computing Design Considerations
Cloud Computing Design Considerations
 
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
(BAC302) Using AWS to Create a Low Cost, Secure Backup Environment for Your O...
 
Innovating with AWS: How Microservices on AWS Can Transform Your Business
Innovating with AWS: How Microservices on AWS Can Transform Your BusinessInnovating with AWS: How Microservices on AWS Can Transform Your Business
Innovating with AWS: How Microservices on AWS Can Transform Your Business
 
Cloud security design considerations
Cloud security design considerationsCloud security design considerations
Cloud security design considerations
 
Seven Seas Technology
Seven Seas TechnologySeven Seas Technology
Seven Seas Technology
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 

Viewers also liked

Royal Cyber Inc. IBM DevOps® Expertise
Royal Cyber Inc. IBM DevOps® ExpertiseRoyal Cyber Inc. IBM DevOps® Expertise
Royal Cyber Inc. IBM DevOps® Expertise
Noman Butt
 
Data Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar RecordingData Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar Recording
Bradley Arant Boult Cummings LLP
 
ISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and recordsISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and records
Manoj Vakekattil
 
Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...
Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...
Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...
CA Technologies
 
Evolution of the DevOps Quality Management Office
Evolution of the DevOps Quality Management OfficeEvolution of the DevOps Quality Management Office
Evolution of the DevOps Quality Management Office
Capgemini
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
Ramiro Cid
 
What and why of process excellence models
What and why of process excellence modelsWhat and why of process excellence models
What and why of process excellence models
LN Mishra CBAP
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
Robert Sell
 
DevOps Patterns - Team Topologies
DevOps Patterns - Team TopologiesDevOps Patterns - Team Topologies
DevOps Patterns - Team Topologies
Matthew Skelton
 
Word formation FCE
Word formation FCEWord formation FCE
Word formation FCE
Carmen Fernández
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
CA Technologies
 

Viewers also liked (14)

Word formation
Word formationWord formation
Word formation
 
Royal Cyber Inc. IBM DevOps® Expertise
Royal Cyber Inc. IBM DevOps® ExpertiseRoyal Cyber Inc. IBM DevOps® Expertise
Royal Cyber Inc. IBM DevOps® Expertise
 
Data Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar RecordingData Breach: Hot Topics in Information Security Trends Webinar Recording
Data Breach: Hot Topics in Information Security Trends Webinar Recording
 
ISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and recordsISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and records
 
Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...
Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...
Case Study: GM Financial Builds a Sustainable, Holistic, Continuous Delivery ...
 
Evolution of the DevOps Quality Management Office
Evolution of the DevOps Quality Management OfficeEvolution of the DevOps Quality Management Office
Evolution of the DevOps Quality Management Office
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 
What and why of process excellence models
What and why of process excellence modelsWhat and why of process excellence models
What and why of process excellence models
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
 
NTC ISO/IEC 27001
NTC ISO/IEC 27001 NTC ISO/IEC 27001
NTC ISO/IEC 27001
 
DevOps Patterns - Team Topologies
DevOps Patterns - Team TopologiesDevOps Patterns - Team Topologies
DevOps Patterns - Team Topologies
 
Word formation FCE
Word formation FCEWord formation FCE
Word formation FCE
 
DevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than TechnologyDevOps: A Culture Transformation, More than Technology
DevOps: A Culture Transformation, More than Technology
 

Similar to PECB Webinar: The alignment of Information Security in Service Management

Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
ITIL Indonesia
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and ismsSeptafiansyah P
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
ssuser00d6eb
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
ramya119
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
Network Intelligence India
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and ismsSeptafiansyah P
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
Yerlin Sturdivant
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
acinfotec
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 

Similar to PECB Webinar: The alignment of Information Security in Service Management (20)

Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 

Recently uploaded (20)

Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 

PECB Webinar: The alignment of Information Security in Service Management

  • 1. Service Management and Infosec How do they work together?
  • 2. Agenda What is this all about? Who am I? Align what? Now what?
  • 3. Why? Can service management and infosec live happily ever after? And why bother in the first place?
  • 4. Who am I? Interested in info sec, technology and organisation Trainer for PECB (ISO27001, 27005, 31000) Convinced that Infosec is a means to an end, not a purpose in itself arthur@itsx.com
  • 5. And please … Don’t call Information Security cyber …
  • 6. Managing expectations This webinar contains some opinions and personal views that are meant to trigger your own questions and considerations. Service management, infosec and other domains used to be islands. If you want to serve your customer by providing best of breed, you need to build bridges.
  • 7. ITIL ITIL (Information Technology Service Library): a set of practices for IT Service Management aligns IT services and business needs Focus on delivering what the business needs the ‘what’ … ITIL is copyright of Axelos
  • 9. ISO20000-1 SMS (Service Management System) standard requirements for a service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS Focus on managing service delivery the ‘how’
  • 11. Quality A key factor for proper service delivery is the quality of the service delivered. According to ISO 8402-1986 standard, quality is defined as: "the totality of features and characteristics of a product or service that bears its ability to satisfy stated or implied needs."
  • 12. Quality Stated needs are clearly described, i.e. the things the customers wants. Implied needs are inferred, often the non- functional requirements, or requirements that are taken for granted.
  • 13. Is infosec stated or implied? This depends on the scope of the service and customer! A managed firewall service has stated security requirements. A cloud based service often has implied security requirements.
  • 14. Make all infosec requirements clear First thing that needs to be done is to make all infosec requirements clear and stated. Business needs and drivers are leading! • Business Impact analysis • Data classification • Risk assessments
  • 16. Infosec requirements How do you make sure your requirements are complete? Use an information security framework! • COBIT • ISO27001 • PCI/DSS • HIPAA
  • 19. Aligning ISO27001 ISO 27001:2013 consists of two parts: ISMS requirements (mandatory for certification) Chapters 4 to 10 from the standard Control framework, Annex A ( ‘the list’) 14 domains with security controls Annex A is also available as ISO27002 guideline http://www.iso27001security.com/ is a good source of information
  • 20. ISO27001, context This requires you to understand the context, environment, needs and expectations of interested parties and stakeholders. Infosec must support the business goals and assure proper service delivery by understanding needs and expectations. (Chapter 4)
  • 21. ISO27001, context Make sure you understand the context of the service, the related business goals and associated security requirements! Make sure the security requirements are traceable in the service delivery.
  • 22. ISO27001, leadership Top management must demonstrate leadership and commitment and provide resources. Organisation must support proper service delivery on all levels, including fulfilling the security requirements, and make sufficient resources available. (Chapter 5)
  • 23. ISO27001, leadership Clear and visible commitment is key for succes. Information security should be an integral part and not an add-on or bandaid. This must be clear throughout the organisation.
  • 24. ISO27001, planning Use a process based approach to managing risks and clarify infosec objectives. Objective of security requirements must be clear from service management point of view and risks must be identified, analyzed and treated in a planned and organized way. (Chapter 6)
  • 25. ISO27001, planning It is necessary to think and plan ahead. Include information security from the start in your service delivery. Retrofitting security is difficult, ineffective, costly, will delay your project and does not serve the customer at the end of the day.
  • 26. ISO27001, support Adequate and competent resources must be used, documentation must be maintained. Use skilled professionals and tools to fulfill the security requirements, document the way things should work. (Chapter 7)
  • 27. ISO27001, support Information security is a specialized field which requires skills, experience and proper tools. Use them! If you only have a hammer, all your problems look like a nail… (Maslov)
  • 28. ISO27001, operation Daily management of risk, changes and documentation, to maintain and assure required security levels. Part of the service operation is assuring its required security levels. (Chapter 8)
  • 29. ISO27001, operation Security should be part of your service level and daily operations must be geared towards maintaining the expected security level. Most security frameworks provide controls for security operations (ISO27002)
  • 30. ISO27001, performance evaluation Monitor, measure, analyze and evaluate the performance of the ISMS and controls. Measure the effectiveness of security in the service and improve where necessary. KPI and KRI reports. (Chapter 9)
  • 31. ISO27001, performance evaluation You need to make sure you can ‘measure’ the security levels in your service. Define KPI’s and KRI’s (Key Risk Indicators) that can be used in reports. Define desired security levels in SLA’s. This gives you a means to improve on security and increase effectiveness and efficiency.
  • 32. ISO27001, improvement Use findings from audits, problem management and reviews to continuously improve security. Aim for improving the effectiveness and efficiency of security within the service, as part of the whole improvement process. (Chapter 10)
  • 34. ISO27001, summary These areas are part of the mandatory ISO27001 standard. Their goal is to get in control of information security, using a plan-do-check-act approach. IMHO: this is easy to align with service delivery, as most of these models are based on PDCA as well, infosec is ‘just’ an additional quality aspect.
  • 35. ISO27002, control domains To support implementing information security, the Annex A (or ISO27002) is available. It is not mandatory but it is a good checklist to make sure you don’t forget important controls. 14 domains, more than just IT!
  • 37. ISO27002, highlights Chapter 5: policies Sets the standards, principles and goals Chapter 6: organisation of information security Who is responsible, roles and decisionmaking Chapter 8: Asset management What do we need to protect
  • 38. ISO27002, highlights Chapter 12: operations security Security in your daily systems management Chapter 13: communications security Security in your daily network management Chapter 14: Systems acquisition Security requirements in outsourcing and development
  • 39. ISO27002, highlights Chapter 15: supplier relationships Addressing security requirements with your suppliers Chapter 16: incident management What to do when something goes wrong Chapter 17: Business continuity How to guarantee delivery of service
  • 40. ISO27002, highlights Chapter 18: compliance Make sure all laws, regulations and standards are abided by and adhered to.
  • 41. Critical successfactors Delivering quality to customer is central Work from the business goals and drivers Commitment across the whole organisation
  • 42. Finally… In the end, it is all about people and communication