Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by : Miss Vrindah Chaundee

Published byLeslie Augustus Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by : Miss Vrindah Chaundee"— Presentation transcript:

1 Presented by : Miss Vrindah Chaundee
ISO 27000 Presented by : Miss Vrindah Chaundee

2 Agenda Overview of ISO 27000 Series History Why apply ISO 27000?
Areas in ISO 27000 Statistics Examples

3 ISO Series ISO is the generic name assigned for standards related to information security issues and topics. The ISO/IEC series includes information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The ISO series comprises of a family of information security standards that include the ISO and the ISO among others.

4 History 1992 : The Department of Trade and Industry (DTI), which is part of the UK Government, publish a 'Code of Practice for Information Security Management‘ 1995 : This document is amended and re-published by the British Standards Institute (BSI) in 1995 as BS7799 1999 : The first major revision of BS7799 was published. This included many major enhancements 2000 : In December, BS7799 is again re-published, this time as a fast tracked ISO standard. It becomes ISO (or more formally, ISO/IEC 17799)

5 History 2002 : A second part to the standard is published: BS This is an Information Security Management Specification, rather than a code of practice. It begins the process of alignment with other management standards such as ISO 9000 2005 : A new version of ISO is published. This includes two new sections, and closer alignment with BS processes ISO 27001/ ISO is published, replacing BS7799-2, which is withdrawn. 2005+ : The framework keeps evolving

6 Why is ISO 27000 such an important standard in the world of information security?
Confidentiality: protecting sensitive information from unauthorized disclosure Integrity: safeguarding the accuracy and completeness of information/data Availability: ensuring that information and associated services are available to users when required

7 The ISO series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS). The ISMS concept integrates continuous feedback and improvement activities summarized by a ―Plan- Do-Check-Act (PDCA) approach. The ISO standards are applicable to organizations of all types, across industries, and sizes.

8 PDCA Model

9 Areas in ISO 27000

10 10 Domains : To have and to hold
Security Policy : Provides guidelines and management advice for improving information security Organization Security : It is the management structure for security including appointment of qualified personnel, definition and assignment of roles and responsibilities Asset Classification and Control : It facilitates the process of carrying out an inventory and the assessment of organization’s information assets. Personnel Security : It minimizes the risks of human error, theft, fraud or the abusive use of equipment by setting expectations in job responsibilities. Physical and Environmental Security : It include measures to prevent the violation, deterioration or disruption of industrial facilities and data.

11 10 Domains : To have and to hold
Communications and Operations Management : It ensures that adequate and reliable operation of information processing devices prevails within the organisation using preventive measures of various kinds. Access Control : It forms the underlying structure for securing information using access controls to network, systems and application resources. Systems Development and Maintenance : It ensures that security is incorporated into information systems and that security forms an integral part of any network and systems expansion. Business Continuity Management : It focuses on the planning activities for disaster recovery. Compliance : It complies with relevant statutory, regulatory and contractual requirements.

12 IT Security Policy Analysis

13 Analysis of security programs and training practices

14 Analysis of compliance with established standards

15 Analysis of reasons for non-compliance with information security policy

16

17 Examples Keep Clean Ltd Mauritius Mesh & Steel Hinduja TMT

18 Thank You

Download ppt "Presented by : Miss Vrindah Chaundee"

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
The International Security Standard

The International Security Standard
IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.

IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.

Managed Funds Association’s Sound Practices for Hedge Fund Managers 2009 Edition.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Auditing Computer Systems

Auditing Computer Systems
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
ISO Information Security Management

ISO Information Security Management
Security Controls – What Works

Security Controls – What Works
ISO/IEC 27001 Winnie Chan BADM 559 Professor Shaw 12/15/2008.

ISO/IEC Winnie Chan BADM 559 Professor Shaw 12/15/2008.
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
How ISO Standards Relates to Usability:. INTRODUCTION/ Before we can relate the ISO standards to usability, first we need to know what the meaning of.

How ISO Standards Relates to Usability:. INTRODUCTION/ Before we can relate the ISO standards to usability, first we need to know what the meaning of.
ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk 14.06.2005.

ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.

Similar presentations

Ads by Google