Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

Published byNickolas Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What."— Presentation transcript:

1 ISO27001 Introduction to Information Security

2 Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What is our involvement? The confidential, availability and integrity of information How do we check we’re compliant? Regular Internal and External audits Information Security Overview

3 What is ISO27001? How can we protect information? How does this affect my work? Examples Summary Introduction to Information Security

4 An International Information Security Standard What is ISO27001? Documented Operational Procedures Prerequisite for working with clients Designed to identify, manage and reduce threats to restricted information Certificated by an external certification body ISO27001:2005 Information Security Management System (ISMS) Co-ordinated for Transversal by an Information Security Forum

5 How can we protect information? Availability - Ensure the availability of information at point of need, e.g. through our recording and reporting processes Confidentiality - Protect confidentiality by ensuring that all information is locked away or stored on Transversal’s Servers and dispose of information safely Integrity - Verify the integrity of information received or produced

6 Confidentiality Loss of client data Loss of contract data Loss of personal data Integrity Accuracy of data handling Accuracy of client data handling Data input error Availability Power failure Information misfiling Information loss (Backup) Communications loss How can we protect information? Examples of Confidentiality, Integrity and Availability

7 Observe information security standards in using our systems https://isms.cluster.local What can we do to protect information? Keep confidential or restricted information locked away when not in use Report Breaches, actual or suspected, and any issues to your team leader or manager Use Complex Passwords and Lock the Computer Desktop on leaving desk

8 How does this affect my work? The implemented procedures are there to protect you, not hinder you! Co-operate with external auditors, they are reviewing the system not you! Assist Management to identify areas for review and comply with the resulting procedural changes

9 How does this affect my work? Where information confidentiality, integrity or availability might be at risk - report it to your team leader/manager Familiarise yourself with the ISMS Manual and all relevant Information Security Policies and Procedures

10 RESTRICTED Any information that should only be viewed by authorised persons. Any information which relates to an identifiable individual and, hence, is covered by the Data Protection Act. OTHER Any information that could reasonably be made available to the general public. How does this affect my work? Transversal has two information classifications, these are:

11 RESTRICTED Internal communications, Intranet site information, internal operational information. Management reports, organisation plans & personnel files Financial Records Backups Customers Information & Records. Commercially sensitive data such as contract proposal’s or agreements, customer contact lists. OTHER Annual Reports, publicity material, brochures, advice leaflets and Internet site information. How does this affect my work? Examples of information types within the classifications are:

12 Examples for Information Security Incidents The FSA has fined Zurich £2,275,000 for the loss of 46,000 customers’ personal details from the loss an unencrypted back-up tape during a routine transfer to a storage facility.” “The FSA has fined Norwich Union Life £1.26 million for not having effective systems and controls in place to protect customers' confidential information. These failings resulted in a number of actual and attempted frauds against Norwich Union Life's customers.” “ The FSA fined Nationwide £980,000 for failing to manage its information security risks following the theft of a laptop from an employee's home. ” Merchant Securities Group stockbroker has been fined £77,000 by the FSA for failing to protect its customers from identity fraud – despite the firm not having had a data breach.

13 Summary ISO27001 Information Security Management  International Standard for the management of information security  Customers expectation and potential contractual requirement  We are all responsible for the security of information  Confidentiality, Integrity and Availability  Documented Policies and Procedures  Report suspected issues to team leader/manager  Co-operate with internal and external auditors

14 Raising the bar, delivering excellence

Download ppt "ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What."

Similar presentations

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Internal Controls What Are They And Why Should I Care? 1.

Internal Controls What Are They And Why Should I Care? 1.
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Property Management Overview

Property Management Overview
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Securing Information in the Higher Education Office.

Securing Information in the Higher Education Office.

Similar presentations

Ads by Google