SlideShare a Scribd company logo

The Missing Circle of ISMS (LL-ISMS)

Download as PPTX, PDF
M
Masoud Hayeri Khyavi

Information security management (ISMS) subject is a new area which has been discussed in various companies and organizations and many large and small security companies also are thinking of investigating on this topic. However experience has shown that imitation of a scientific and technological issue and its implementation at the national level not only showed best real effect of that ever(but also) has caused a huge waste of resources. In this paper, we have an idea for localization of ISMS which in regard to ISO standards and importance of this subject, prepares the facility and best area for research and work on ISMS. In this essay we introduce a new circle which cover a new level in ISMS subject.

Engineering
1 of 12
The missing circle of ISMS Masoud Hayeri Khyavi Mina Rahimi Research Institute for ICT (Iran Telecommunication Research Center) 1 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) • Information Security Management System (ISMS) • Why? • How? Information security Certificate ISO 27001 2 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) Why ISMS? (Management view) • Security management and planning are the fundamental infrastructure for security layout in organizations. • In today modern life we are witnessing the transferring of huge amount of data and information that can be very important or vice versa nonsense data. • Information security management system or ISMS is a critical and management system which prepare a secure layout for information transferring and exchange, saving data and processing. • With a good ISMS , You can get ISO 27001 certificate for your organization. 3 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) Why ISMS? (Personnel view) There is an important question that what is happening to personnel and people who are not in top level but are working in the heart of company? • Is information security management system complete without them? • Implementing of information security management system in organization or just in small part of organization will create constraints and limitations for colleagues and coworkers which almost bring dissatisfaction and negative view for both personnel and customers who are dealing with organization. • From psychological point of view, unintentionally a resistant power would be appear against this constraints and limitations. 4 ACM SIGMIS Computers and People Research 2015
Information Security Management System(ISMS) How we can implement ISMS? • PDCA is core of ISMS. • PDCA is a model and framework which in fact covers the circle of planning, executing, evaluating and running; this circle should be continuously done with the protection and positive force from management side. BUT WE DON’T WANT TALKING ABOUT “PDCA” CIRCLE, WE WANT FIND MISSING CIRCLE, DO YOU KNOW WHERE IS IT? 5 ACM SIGMIS Computers and People Research 2015
Challenges against ISMS Management Decide and order to begin ISMS process, but there are challenges: • Fear/Resistance to change, • Increased cost, • Inadequate knowledge as to approach, • Seemingly huge task, • Limit Knowledge. 6 ACM SIGMIS Computers and People Research 2015
ISMS Critical Success Factors • Information security policy, objectives, and activities that reflect business objectives • Approach to information security consistent with the organizational culture • Visible support and commitment from all levels of management • A good understanding of the information security requirements, risk assessment and risk management • Effective of marketing of information security to all the staff and others • Distribution of guidance on information security to all the staff and others • Adequate financial support • Appropriate awareness, training and education • Effective information security incident management process 7 ACM SIGMIS Computers and People Research 2015
New Idea appears! • We are trying to definite other circle beside PDCA circle which is called ISMS "missing circle“. • This circle is related to non-management layer and is the ISMS sub-level or low- level- ISMS (LL-ISMS). • LL-ISMS is the complement of main ISMS. • In regards of organizational goal can be installed inner ISMS or beside that which personnel and customers would be the main directors. • With this new circle distinguishing risks and threats in organization would be easier and faster, besides, control enforcement and reaction against threats would be quicker, so in other hand, risk management would be improved. • Each of the functions of LL-ISMS (internal or external) has interactional structure with main ISMS. We defined four phase for LL-ISMS with the names of: Feel Do’ Think Help 8 ACM SIGMIS Computers and People Research 2015
The missing circle arises(New Phases appear) 9 ACM SIGMIS Computers and People Research 2015
How LL-ISMS helps ISMS? Concerning a complete circle which connects management level with non-management levels, will further consolidate the security system and will minimize the challenges especially in ISMS implementation. LL-ISMS will brings benefits and advantages such as: • Security standards have been prepared with thinking of their authors and supporters and have been presented trough an "overall solution". ISMS scheme via standards, plays the backbone and infrastructure for security body of an organization and following that in wider area such as country, but all conditions and areas are not the same, so the skeleton should be compatible in special manner which in any condition tolerates the pressure and guaranties the highest reliability. • With the suggestion idea from the authors of this essay, we are able to find a suitable answer for each of security requirements, cause the personnel of the lower layer in organization with the states of Feel and Think would recognize the reason of each of them by themselves and perhaps in some cases with their suggestions and new ideas increase the efficiency of security scheme and decreases the cost. With this idea we are going to localize the ISMS. Furthermore this new circle will bring an invisible connection between security management level and its subsets which advantages in trust and confidence in the firm. 10 ACM SIGMIS Computers and People Research 2015
And at end • Other merits of these two circles near each other are interconnection between different management levels, flexibility, personnel's responsibilities and customers' commitments for themselves and for their firms (they know themselves effective in their organization) and etc. the most important gift which this circle brings as a new subject in security area is "security near each other with mutual trust beside". 11 ACM SIGMIS Computers and People Research 2015
Thank you for your attention & Any question? m.hayery@itrc.ac.ir rahimi7@itrc.ac.ir 12 ACM SIGMIS Computers and People Research 2015

Recommended

CISSPills #3.03
CISSPills #3.03CISSPills #3.03
CISSPills #3.03
Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
Prime Infoserv
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
TapOffice
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
CISM.pdf
CISM.pdfCISM.pdf
CISM.pdf
tsaaroacademy
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
 

Recommended

CISSPills #3.03
CISSPills #3.03CISSPills #3.03
CISSPills #3.03
Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
Prime Infoserv
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docxRunning Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
TapOffice
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
centralohioissa
 
CISM.pdf
CISM.pdfCISM.pdf
CISM.pdf
tsaaroacademy
 
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyoneSavings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
 
All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
Metaorange
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
Metaorange
 
Information architecture for men in kilts slideshare
Information architecture for men in kilts slideshareInformation architecture for men in kilts slideshare
Information architecture for men in kilts slideshare
Billy Cripe
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
write31
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
4934bk
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
CSCJournals
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
IOSR Journals
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
EC-Council
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
Yann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
Vincent Bellamy
 
ISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJRene Jaspe, CISSP®, CSSLP®
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
Michael Ball
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
Stacy Willis
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
infosec train
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
Joseph DeFever
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 

More Related Content

Similar to The Missing Circle of ISMS (LL-ISMS)

All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
Metaorange
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
Metaorange
 
Information architecture for men in kilts slideshare
Information architecture for men in kilts slideshareInformation architecture for men in kilts slideshare
Information architecture for men in kilts slideshare
Billy Cripe
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
write31
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
4934bk
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
CSCJournals
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
IOSR Journals
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
EC-Council
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
Yann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
Vincent Bellamy
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
Michael Ball
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
Stacy Willis
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
infosec train
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
Joseph DeFever
 

Similar to The Missing Circle of ISMS (LL-ISMS) (20)

All About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdfAll About Cybersecurity Frameworks.pdf
All About Cybersecurity Frameworks.pdf
 
All About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptxAll About Cybersecurity Frameworks.pptx
All About Cybersecurity Frameworks.pptx
 
Information architecture for men in kilts slideshare
Information architecture for men in kilts slideshareInformation architecture for men in kilts slideshare
Information architecture for men in kilts slideshare
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
 
Please respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docxPlease respond words Discuss how the concepts and.docx
Please respond words Discuss how the concepts and.docx
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
ISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJ
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Top 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptxTop 10 Interview Questions for Risk Analyst.pptx
Top 10 Interview Questions for Risk Analyst.pptx
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
SIEM Buyer's Guide
SIEM Buyer's GuideSIEM Buyer's Guide
SIEM Buyer's Guide
 

Recently uploaded

一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
JoytuBarua2
 
Building Electrical System Design & Installation
Building Electrical System Design & InstallationBuilding Electrical System Design & Installation
Building Electrical System Design & Installation
symbo111
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
Divya Somashekar
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
ongomchris
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
veerababupersonal22
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 

Recently uploaded (20)

一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
 
Building Electrical System Design & Installation
Building Electrical System Design & InstallationBuilding Electrical System Design & Installation
Building Electrical System Design & Installation
 
block diagram and signal flow graph representation
block diagram and signal flow graph representationblock diagram and signal flow graph representation
block diagram and signal flow graph representation
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
space technology lecture notes on satellite
space technology lecture notes on satellitespace technology lecture notes on satellite
space technology lecture notes on satellite
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 

The Missing Circle of ISMS (LL-ISMS)

  • 1. The missing circle of ISMS Masoud Hayeri Khyavi Mina Rahimi Research Institute for ICT (Iran Telecommunication Research Center) 1 ACM SIGMIS Computers and People Research 2015
  • 2. Information Security Management System(ISMS) • Information Security Management System (ISMS) • Why? • How? Information security Certificate ISO 27001 2 ACM SIGMIS Computers and People Research 2015
  • 3. Information Security Management System(ISMS) Why ISMS? (Management view) • Security management and planning are the fundamental infrastructure for security layout in organizations. • In today modern life we are witnessing the transferring of huge amount of data and information that can be very important or vice versa nonsense data. • Information security management system or ISMS is a critical and management system which prepare a secure layout for information transferring and exchange, saving data and processing. • With a good ISMS , You can get ISO 27001 certificate for your organization. 3 ACM SIGMIS Computers and People Research 2015
  • 4. Information Security Management System(ISMS) Why ISMS? (Personnel view) There is an important question that what is happening to personnel and people who are not in top level but are working in the heart of company? • Is information security management system complete without them? • Implementing of information security management system in organization or just in small part of organization will create constraints and limitations for colleagues and coworkers which almost bring dissatisfaction and negative view for both personnel and customers who are dealing with organization. • From psychological point of view, unintentionally a resistant power would be appear against this constraints and limitations. 4 ACM SIGMIS Computers and People Research 2015
  • 5. Information Security Management System(ISMS) How we can implement ISMS? • PDCA is core of ISMS. • PDCA is a model and framework which in fact covers the circle of planning, executing, evaluating and running; this circle should be continuously done with the protection and positive force from management side. BUT WE DON’T WANT TALKING ABOUT “PDCA” CIRCLE, WE WANT FIND MISSING CIRCLE, DO YOU KNOW WHERE IS IT? 5 ACM SIGMIS Computers and People Research 2015
  • 6. Challenges against ISMS Management Decide and order to begin ISMS process, but there are challenges: • Fear/Resistance to change, • Increased cost, • Inadequate knowledge as to approach, • Seemingly huge task, • Limit Knowledge. 6 ACM SIGMIS Computers and People Research 2015
  • 7. ISMS Critical Success Factors • Information security policy, objectives, and activities that reflect business objectives • Approach to information security consistent with the organizational culture • Visible support and commitment from all levels of management • A good understanding of the information security requirements, risk assessment and risk management • Effective of marketing of information security to all the staff and others • Distribution of guidance on information security to all the staff and others • Adequate financial support • Appropriate awareness, training and education • Effective information security incident management process 7 ACM SIGMIS Computers and People Research 2015
  • 8. New Idea appears! • We are trying to definite other circle beside PDCA circle which is called ISMS "missing circle“. • This circle is related to non-management layer and is the ISMS sub-level or low- level- ISMS (LL-ISMS). • LL-ISMS is the complement of main ISMS. • In regards of organizational goal can be installed inner ISMS or beside that which personnel and customers would be the main directors. • With this new circle distinguishing risks and threats in organization would be easier and faster, besides, control enforcement and reaction against threats would be quicker, so in other hand, risk management would be improved. • Each of the functions of LL-ISMS (internal or external) has interactional structure with main ISMS. We defined four phase for LL-ISMS with the names of: Feel Do’ Think Help 8 ACM SIGMIS Computers and People Research 2015
  • 9. The missing circle arises(New Phases appear) 9 ACM SIGMIS Computers and People Research 2015
  • 10. How LL-ISMS helps ISMS? Concerning a complete circle which connects management level with non-management levels, will further consolidate the security system and will minimize the challenges especially in ISMS implementation. LL-ISMS will brings benefits and advantages such as: • Security standards have been prepared with thinking of their authors and supporters and have been presented trough an "overall solution". ISMS scheme via standards, plays the backbone and infrastructure for security body of an organization and following that in wider area such as country, but all conditions and areas are not the same, so the skeleton should be compatible in special manner which in any condition tolerates the pressure and guaranties the highest reliability. • With the suggestion idea from the authors of this essay, we are able to find a suitable answer for each of security requirements, cause the personnel of the lower layer in organization with the states of Feel and Think would recognize the reason of each of them by themselves and perhaps in some cases with their suggestions and new ideas increase the efficiency of security scheme and decreases the cost. With this idea we are going to localize the ISMS. Furthermore this new circle will bring an invisible connection between security management level and its subsets which advantages in trust and confidence in the firm. 10 ACM SIGMIS Computers and People Research 2015
  • 11. And at end • Other merits of these two circles near each other are interconnection between different management levels, flexibility, personnel's responsibilities and customers' commitments for themselves and for their firms (they know themselves effective in their organization) and etc. the most important gift which this circle brings as a new subject in security area is "security near each other with mutual trust beside". 11 ACM SIGMIS Computers and People Research 2015
  • 12. Thank you for your attention & Any question? m.hayery@itrc.ac.ir rahimi7@itrc.ac.ir 12 ACM SIGMIS Computers and People Research 2015