Call Girls In Islamabad π―Call Us π03090999379π
Β
we45 ISO-27001 Case Study
1.
2. Contents
! β Overview
! β Pre Engagement Scenario
! β we45 Proposed Solution
! β Post Engagement Scenario
3. Overview
! β As the only Company offering products for extra high voltage data and power
transmission, our client is positioned strongly in high growth geographies and high
growth industries.
! β Net Revenue: $500 Million
! β Centralized IT Services: Firewall & Content Filtering Services, Google Apps, SAP, Cordys,
HRMS.
! β Localized IT Services: Local File Server monitoring and maintenance, Backup and
Restoration and Genereic IT Support (daily operations)
! β No. of Locations: 9
! β Overall IT Employee Strength: 50
! β IT Employee Strength per location: 5
4. Pre - we45- Engagement Scenario
! β ISO 27001 was a critical requirement for the organization from a global market reach
perspective.
! β Non β Standard IT operational procedure across the group
! β Low levels of awareness and understanding on Information Security and ISO 27001
requirements across the group and departments.
! β Non availability of dedicated resources for the ISO 27001 implementation.
! β Lack of in-house technical security competency.
! β Streamlining of existing standard operating procedures was a challenge as each of the 9
locations were following their own standard operating procedure.
! β Existing Information Security Policies & Procedures (ISPP) were ineffective and lacked
technical granularity.
5. we45 Proposed Solution
! β Conducting of a comprehensive workshop on ISO/IEC 27001:2005
! β Identification of an appropriate and effective Scope for the ISO 27001
! β Conducting an IT Risk Assessment based on the OCTAVE Methodology to identify critical assets
and drafting of a Risk Mitigation Plan for the identifed asset βrisk values.
! β Preparation of a Statement of Applicability based on the agreed controls applicable and
identified in the Risk Mitigation Plan
! β Amendment of the existing Information Security Policies & Procedures (ISPP) in aligment to the
ISO 27001 mandates and ensuring that they map to the controls identified earlier on.
! β Technical Assessment (Vulnerability Assessment / Penetration Test) conducted for all 9 locations
on sampled critical information assets and services.
! β Implementation of the ISO/IEC 27001:2005 suggested controls and generation of evidences.
! β Comprehensive ISO/IEC 27001:2005 based (pre-certification) Internal Audit.
6. Implementation β Activity Chart
Activities performed No of we45
Consultants
Effort (in
Working
Days)
Deliverables
1.β Understand Business Environment
2.β ISMS Scope Definition & Documentation
3.β Setting up of Security Steering Committee 2 7
1.β ISMS Scope Documentation
2.β Org. specific high level security policy statement
1.β Risk Assessment
2.β Technical VAPT
3.β Gap Analysis as per ISO/IEC 27001:2005 guidelines
4.β Asset Identification, Valuation & Classification
5.β SOA (Statement of Applicability)
2 15
1.β Risk Assessment Reports
2.β VAPT Reports
3.β Gap Analysis Report
4.β Asset Register
5.β SOA.
Create / Review / Amend Policies & Procedures.
1 30
ISO/IEC 27001:2005 Information Security Policy and
Procedure deck.
ISO/IEC 27001 Implementation Workshops.
1 15
ISO/IEC 27001:2005 Awareness & Implementation
Manual
ISO/IEC 27001:2005 Internal Audit and
Preparation , Follow up & closure of CAPA.
1 7
ISO/IEC 27001:2005 Internal Audit Plan & Report
7. Post Engagement Scenario
! β A successful attainment of the ISO 27001:2005 certification for 9 location at one-go
! β A marked increase in the awareness and knowledge levels of an Information Security
Management System (ISMS) across the organization.
! β Enhanced levels of technical, operational and knowledge on Security Best Practices.
! β A measurable and repeatable IT Operations Process instilled across the organization at
both the Central and Local entities.
! β A sound Incident Management Response and Learning system in place that captures and
reports IT and Non IT security incidents. This is followed up by a root cause analysis,
preventive and corrective action mechanisms.
! β The Sales and Marketing team able to showcase the mature and secure IT practices at
the organization to the global partner and client network