Schema on read is obsolete. Welcome metaprogramming..pdf
GRC2-KSA.ppt
1. Governance, Risk & Compliance
Using
ISO 27001, ISO 20000 & ISO 22301
Sharing the Leading Best Practices in One Project
2. Agenda
Introduction
The components of the Good Governance
– ISO 27001- Protecting the Information
– ISO 20,000 – Ensuring the Best IT Service
Management
– ISO 22301 – Ensuring the Continuity of the
Business
Checklist
Conclusion
14. The Must have Standard.
Information Security and
ISO 27001
15. What is ISO 27001?
ISO 27001 is the Standard of Information Security
Two Parts
– ISO 27001: Specifications
– ISO 27002: Code of Practices
Uniqueness of ISO 27001
– Standard
– 114 Annex A Controls
17. ISO 27000 Series..
Anxiously Waiting for…
– 27000: Fundamentals and Vocabulary
– 27001: ISMS Auditable and certifiable requirements
– 27002: Replaced ISO 17799
– 27003: ISMS Implementation Guidelines
– 27004: ISMS Measurement
– 27005: ISMS Risk Management
– 27006: Guide to the certification/registration process for accredited ISMS
certification/registration bodies
– 27007: Guidance for those auditing Information Security Management
Systems against ISO 27001
– 27031: Information security management guidelines for
telecommunications
21. ITIL
It is all about the ‘Service’
IT is recognized as ‘Service Provider’
– To be more specific IT is Service Provider to it’s
customer Business Users
23. Deming Cycle
William Edwards Deming
– (October 14, 1900 – December 20, 1993) was
Statistician.
– Best known for his work in Japan.
– From 1950 onward he taught top management
how to improve
Design (and thus service),
Product quality,
Testing and s