Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • ISO 27001-2005 Awareness

    Загружено:

    qadir147
    101 просмотров14 страниц
    ISO 27001-2005 Awareness

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PPT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    ISO 27001-2005 Awareness

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    101 просмотров14 страниц

    ISO 27001-2005 Awareness

    Загружено:

    qadir147
    ISO 27001-2005 Awareness

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 14

    ISO 27001:2005

    Information Security Standard


    A brief Overview

    Information
    Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected. Printed or written on paper Stored electronically Transmitted by mail or electronic means Spoken in conversations

    What is Information Security


    ISO 27001 defines this as preservation of:

    Achieving Information Security


    4 Ps of Information Security

    3 Basic Principles for ISMS


    Confidentiality
    Ensuring that information is accessible only to those authorised to have access. Safeguarding the accuracy and completeness of information and processing methods. Ensuring that authorised users have access to information and associated assets when required.

    Integrity

    Availability

    ISMS Relationships
    11 Domains of ISO27001

    Procedural

    Technical

    Information Assets Physical Integrity

    People

    2006 IBM Corporation

    11 Domains of ISO 27001


    1.
    2. 3.

    Security Policy
    Organization of Information Security Asset Management

    4.
    5. 6.

    Human Resources Security


    Physical & Environmental Security Access Control

    7.
    8. 9.

    Communications & Operations Management


    Information Systems acquisition, development and maintenance Compliance

    10. Business Continuity Management


    11. Information Security Incident management

    What is ISO 27001?


    International Standard for Information Security Management

    Specifications for Information Security Management


    Code of practice for Information Security Management Can be Certified by Certification Bodies Applicable to all industry sectors

    ISO 27001 Drivers

    Corporate Governance
    Increased Risk Awareness Competition Customer Expectation

    Market Expectation
    Market Image Legislative drivers

    Reasons for seeking Certification according to BSI-DISC Survey

    Few Benefits of Compliance


    Effective Controls of Information Security Market Differentiation Confidence to trading partners,stakeholders and
    customers

    ONLY standard with global acceptance

    Legislative Compliance

    ISO 27001:2005 PDCA

    ISO 27001 can be..


    Without genuine support from the top- a Failure
    Without proper implementation-a burden With full support,proper implementation and
    ongoing commitment a

    major benefit

    ISO 27001:2005 Information Security

    GSDC certified against ISO/IEC 27001:2005 standard


    - 27 April 2006

    ITD GD completed the 1st Surveillance Audit March


    2007

    ITD GD is scheduled for the combined 2nd & 3rd


    Surveillance Audit 24th to 26th March 2008

    THANK YOU

    Вам также может понравиться