Governance, Risk & Compliance Using ISO 27001, ISO & ISO 22301

Slides:

Advertisements

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Advertisements

Developing a Risk-Based Information Security Program

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Security Controls – What Works

ISO/IEC Winnie Chan BADM 559 Professor Shaw 12/15/2008.

Educore Training & Consultancy. About Us Who we are ? Educore providing services, software based solutions and products for management,

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Brian Markham Director, DIT Compliance and Risk Services May 1, 2014

1Product certification CASCO Comms/ International Organization for Standardization.

Roadmap to ISO Accreditation

ITIL as a Standard for Service Process Management Tavipark Sreesurichan.

SecureAware Building an Information Security Management System.

Evolving IT Framework Standards (Compliance and IT)

ISA 562 Internet Security Theory & Practice

Lec#3 Project Quality Management Ghazala Amin. 2 Quality Specialist-Job responsibility Responsibilities Reports monitoring and measurement of processes.

Introduction to ISO 9000 Standards 2/24Introduction to ISO 9000 and the management system concept A few words about ISO Refer to “ISO” not I-S-O Because.

Bring Your Business into the 21 st Century : Part 1 WasteExpo 2011 Improving Your Financial Management System.

GRC - Governance, Risk MANAGEMENT, and Compliance

Chapter Three IT Risks and Controls.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

BIMCO driving – Maritime Environmental & Efficiency Management BIMCO seminar – in association with Fathom 2 June , Nor Shipping, Norway.

EXCiPACT TM EXCiPACT TM International Pharmaceutical Excipients Certification Minimize risks – maximize benefits.

Challenges in Infosecurity Practices at IT Organizations

The ISO Standards Get Familiar or Stay Away? PrivaTech Consulting Presenter: Fazila Nurani, B.A.Sc., (E.Eng.), LL.B., CIPP/C.

Presented by : Miss Vrindah Chaundee

Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

CISSP Best Practices Guide to the Basics of Certified Information Systems Security Professional 1 The Certified Information System Security Professional.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Providing Exclusive Services: Business Oriented Document Management Solution for Enterprise Alexander Mitrovich, Director Corporate Clients Nikolay Priezhiy.

Adaptive Processes Consulting Pvt. Ltd. An ISO 9001:2000 Certified Company This document is the property of and proprietary to.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

IT Controls Global Technology Auditing Guide 1.

Solutions4Business Inc. “Your Consulting Partner for Strategic Supply Chain Initiatives” Mark Hehl Senior Consultant Solutions4Business Inc.

ISO. What is a standard? Standards are written guidelines which help to do things, or make things, more efficiently or more safely. Standards are written.

UNITED REPUBLIC OF TANZANIA President’s Office-Public Service Management e-Government Agency Information Security Management (ISM) June, © e-Government.

2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.

Accounting and Information Systems: a powerful combination.

Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.

© | Hansan Global | All Rights Reserved 1 INTRODUCTION TO IT SERVICE MANAGEMENT Hansan Global Pte Ltd.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

Disaster recovery planning

ISO Certification Consultancy Information regarding various International management systems and certification consultancy offered by Punyam Management.

July 21, 2016 Susie Neal Director QMS Compliance UTC

Dr. Yeffry Handoko Putra, M.T

Training Course on Integrated Management System for Regulatory Body

COMP532 IT INFRASTRUCTURE

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

MODELOS DE GESTIÓN DE CALIDAD

ISO Smart and Sustainable Cities developments

Learn Your Information Security Management System

Overview of ISO 9001:2015 –Quality Management SysteM

IS4680 Security Auditing for Compliance

I have many checklists: how do I get started with cyber security?

سيستم مديريت امنيت اطلاعات

ISO 30300:2011 Management systems for records

July 21, 2016 Susie Neal Director QMS Compliance UTC

همسویی چارچوب‏هاو به‏روشهای حاکمیت و مدیریت فناوری اطلاعات

RECORDS AND INFORMATION

Alignment of COBIT to Botswana IT Audit Methodology

توانمند سازی ممیزی با رویکرد IT GRC در گروه شرکت‌های مپنا

ISO Smart and Sustainable Cities developments

GRC - A Strategic Approach

Configuration Management

Capitalize on Your Business’s Technology

3. Software Quality Management

Presentation transcript:

Governance, Risk & Compliance Using ISO 27001, ISO 20000 & ISO 22301 Sharing the Leading Best Practices in One Project

Agenda Introduction The components of the Good Governance Checklist ISO 27001- Protecting the Information ISO 20,000 – Ensuring the Best IT Service Management ISO 22301 – Ensuring the Continuity of the Business Checklist Conclusion

GRC

Importance of GRC GRC Projects are must for various reasons GRC has Crossed V1 Speed.

Three Important Components of IT

What is Governance? Governance is all about: Applying the Best Practices Ensuring the Proper Control Effective and Efficient Management In a Single Sentence…. It is the “Protection Umbrella”, which is the Responsibility of Senior Management and Board of Directors.

What is the Solution?

The Solution Explore Standards

Gartner Hype Cycle

Managing the Expectations

Gartner’s View

Selecting Top 3 Standards for Comprehensive Coverage

Comprehensive Governance Coverage Information Security ISO 27001 (IT) Service Management System ISO 20,000 Business Continuity ISO 22301

Information Security and ISO 27001 The Must have Standard.

What is ISO 27001? ISO 27001 is the Standard of Information Security Two Parts ISO 27001: Specifications ISO 27002: Code of Practices Uniqueness of ISO 27001 Standard 114 Annex A Controls

ISO 27001

ISO 27000 Series.. Anxiously Waiting for… 27000: Fundamentals and Vocabulary 27001: ISMS Auditable and certifiable requirements 27002: Replaced ISO 17799 27003: ISMS Implementation Guidelines 27004: ISMS Measurement 27005: ISMS Risk Management 27006: Guide to the certification/registration process for accredited ISMS certification/registration bodies 27007: Guidance for those auditing Information Security Management Systems against ISO 27001 27031: Information security management guidelines for telecommunications

ISO 20,000 for (IT) Service Management System

ISO 20000

ITIL V3.0

ITIL It is all about the ‘Service’ IT is recognized as ‘Service Provider’ To be more specific IT is Service Provider to it’s customer Business Users

Based on Deming Cycle

Deming Cycle William Edwards Deming (October 14, 1900 – December 20, 1993) was Statistician. Best known for his work in Japan. From 1950 onward he taught top management how to improve Design (and thus service), Product quality, Testing and s

ISO 22301 for Business Continuity Management

Importance of BCM

What is a Disaster?

Storage Recovery Strategy

In Summary….

Fast Track Implementation

No Standardization is No Excuse

Thank You!