SlideShare a Scribd company logo

A basic introduction to iso 27001

Download as PPTX, PDF
S
ShivamSharma909

Information security is a global issue affecting international trading, mobile communications, social media, and the various systems and services that make our digital world and national infrastructures.

Education
1 of 15
www.infosectrain.com A Basic Introduction to ISO 27001
InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.
4 A B a s i c I n t r o d u c t i o n t o I S O 2 7 0 0 1 I n f o r m a t i o n s e c u r i t y i s a g l o b a l i s s u e a f f e c t i n g i n t e r n a t i o n a l t r a d i n g , m o b i l e c o m m u n i c a t i o n s , s o c i a l m e d i a , a n d t h e v a r i o u s s y s t e m s a n d s e r v i c e s t h a t m a k e o u r d i g i t a l w o r l d a n d n a t i o n a l i n f r a s t r u c t u r e s . M a n a g i n g i n f o r m a t i o n s e c u r i t y i s a n e v e n m o r e c r u c i a l i s s u e , a s i t i n c l u d e s u s i n g a n d m a n a g i n g t h e p o l i c i e s , p r o c e d u r e s , p r o c e s s e s , c o n t r o l m e a s u r e s , a n d s u p p o r t i n g a p p l i c a t i o n s , s e r v i c e s , a n d t e c h n o l o g i e s t h a t a r e n e e d e d t o b e p r o t e c t e d . I n f o r m a t i o n s e c u r i t y m a n a g e m e n t n e e d s t o b e e f f e c t i v e , s u i t a b l e , a n d a p p r o p r i a t e i f i t i s t o p r o t e c t i n f o r m a t i o n f r o m t h e r i s k s t h a t b u s i n e s s e s a n d s o c i e t y f a c e i n t h i s d i g i t a l a g e . I n f o r m a t i o n c o u l d b e d i s c l o s e d a n d a c c e s s i b l e t o u n a u t h o r i z e d u s e r s , c o r r u p t e d o r m o d i f i e d e i t h e r i n s o m e u n a u t h o r i z e d o r a c c i d e n t a l w a y o r l o s t o r u n a v a i l a b l e d u e t o a s y s t e m f a i l u r e . A n o r g a n i z a t i o n r e q u i r e s t o a s s e s s i t s r i s k s i n t e r m s o f t h e p o t e n t i a l i m p a c t t h a t a s e c u r i t y i n c i d e n t m i g h t h a v e o n i t s b u s i n e s s a n d t h e l i k e l i h o o d o f t h i s s e c u r i t y i n c i d e n t o c c u r r i n g . I t n e e d s t o a d o p t a n a p p r o a c h t o r i s k a s s e s s m e n t t h a t i s e f f e c t i v e , s u i t a b l e , a n d a p p r o p r i a t e t o i t s b u s i n e s s , a n d t h i s a p p r o a c h i s k n o w n a s I S O i m p l e m e n t a t i o n . C C I S O C e r t i f i c a t i o n
5 T h e I n t e r n a t i o n a l S t a n d a r d s O r g a n i z a t i o n ( I S O ) i s a n o n - g o v e r n m e n t a l o r g a n i z a t i o n t h a t h o l d s a u n i q u e p o s i t i o n b e t w e e n t h e p u b l i c a n d p r i v a t e s e c t o r s . I t s m e m b e r s i n c l u d e n a t i o n a l s t a n d a r d s o r g a n i z a t i o n s w h o o f t e n a r e a p a r t o f g o v e r n m e n t s t r u c t u r e s i n t h e i r c o u n t r i e s o r m a n d a t e d b y t h e s e g o v e r n m e n t s . T h e r o l e o f I S O i s t o f a c i l i t a t e t h e i n t e r n a t i o n a l c o o r d i n a t i o n a n d t h e s t a n d a r d i z a t i o n o f i n d u s t r i a l s t a n d a r d s . To r e a c h t h e s e o b j e c t i v e s , I S O p u b l i s h e s t e c h n i c a l s t a n d a r d s . T h e s e s t a n d a r d s c o n t r i b u t e t o t h e d e v e l o p m e n t , m a n u f a c t u r i n g , a n d d e l i v e r y o f p r o d u c t s a n d s e r v i c e s t h a t a r e m o r e e f f e c t i v e , s a f e r, a n d c l e a r e r. T h e y f a c i l i t a t e f a i r t r a d e b e t w e e n c o u n t r i e s . I n a d d i t i o n , t h e y b r i n g a t e c h n i c a l f o u n d a t i o n f o r h e a l t h , s e c u r i t y, a n d e n v i r o n m e n t a l l e g i s l a t i o n t o g o v e r n m e n t s ; a n d t h e y h e l p t o t r a n s f e r t e c h n o l o g i e s t o d e v e l o p i n g c o u n t r i e s . I S O s t a n d a r d s a r e a l s o u s e d t o p r o t e c t c o n s u m e r s a n d g e n e r a l u s e r s o f p r o d u c t s a n d s e r v i c e s . W h a t i s I S O 2 7 0 0 1 ? I S O 2 7 0 0 1 i s t h e i n t e r n a t i o n a l s t a n d a r d t h a t p r o v i d e s t h e s p e c i f i c a t i o n f o r a n I n f o r m a t i o n S e c u r i t y M a n a g e m e n t S y s t e m ( I S M S ) . T h i s s y s t e m a t i c a p p r o a c h c o n s i s t s o f p e o p l e , p r o c e s s e s , a n d t e c h n o l o g y t h a t h e l p s y o u p r o t e c t a n d m a n a g e a l l y o u r o r g a n i z a t i o n ’ s i n f o r m a t i o n t h r o u g h r i s k m a n a g e m e n t . I t i s a s e t o f n o r m a t i v e r e q u i r e m e n t s f o r e s t a b l i s h i n g , i m p l e m e n t i n g , o p e r a t i n g , m o n i t o r i n g , a n d r e v i e w i n g t o u p d a t e a n d d e v e l o p a n I n f o r m a t i o n S e c u r i t y M a n a g e m e n t S y s t e m ( I S M S ) . I S O 2 7 0 0 1 i s a l s o u s e d f o r s e l e c t i n g s e c u r i t y c o n t r o l s t a i l o r e d t o e a c h o r g a n i z a t i o n ’ s n e e d s b a s e d o n i n d u s t r y b e s t p r a c t i c e s . W h a t i s I S O ?
6 I S O 2 7 0 0 1 c h e c k l i s t A n I S O 2 7 0 0 1 c h e c k l i s t i s u s e d t o d e f i n e i f a n o r g a n i z a t i o n s a t i s f i e s t h e i n t e r n a t i o n a l s t a n d a r d r e q u i r e m e n t s f o r i m p l e m e n t i n g a n e f f i c i e n t I S M S ( I n f o r m a t i o n S e c u r i t y M a n a g e m e n t S y s t e m ) . I n f o r m a t i o n S e c u r i t y O f f i c e r s a p p l y a n I S O 2 7 0 0 1 t e m p l a t e w h e n m a n a g i n g i n t e r n a l I S O 2 7 0 0 1 a u d i t s . T h i s c h e c k l i s t i s d i v i d e d i n t o 1 4 c a t e g o r i e s f r o m s e c t i o n 5 t o s e c t i o n 1 8 , a n d a l l s e c t i o n i n c l u d e s v a r i o u s t h i n g s t h a t a r e a s f o l l o w s : S e c t i o n 5 : I n f o r m a t i o n S e c u r i t y P o l i c i e s  S e c u r i t y p o l i c i e s e x i s t  A l l p o l i c i e s a p p r o v e d b y m a n a g e m e n t  E v i d e n c e o f c o m p l i a n c e S e c t i o n 6 : O r g a n i z a t i o n o f I n f o r m a t i o n S e c u r i t y  R o l e s a n d r e s p o n s i b i l i t i e s d e f i n e d  S e g r e g a t i o n o f d u t i e s d e f i n e d  Ve r i f i c a t i o n b o d y / a u t h o r i t y c o n t a c t e d f o r c o m p l i a n c e v e r i f i c a t i o n  E s t a b l i s h c o n t a c t w i t h s p e c i a l i n t e r e s t g r o u p s r e g a r d i n g c o m p l i a n c e  E v i d e n c e o f i n f o r m a t i o n s e c u r i t y i n p r o j e c t m a n a g e m e n t  D e f i n e d p o l i c y f o r m o b i l e d e v i c e s  D e f i n e d p o l i c y f o r w o r k i n g r e m o t e l y
7 S e c t i o n 7 : H u m a n R e s o u r c e s S e c u r i t y  D e f i n e d p o l i c y f o r s c r e e n i n g e m p l o y e e s p r i o r t o e m p l o y m e n t  D e f i n e d p o l i c y f o r H R t e r m s a n d c o n d i t i o n s o f e m p l o y m e n t  D e f i n e d p o l i c y f o r m a n a g e m e n t r e s p o n s i b i l i t i e s  D e f i n e d p o l i c y f o r i n f o r m a t i o n s e c u r i t y a w a r e n e s s , e d u c a t i o n , a n d t r a i n i n g  D e f i n e d p o l i c y f o r d i s c i p l i n a r y p r o c e s s r e g a r d i n g i n f o r m a t i o n s e c u r i t y  D e f i n e d p o l i c y f o r H R t e r m i n a t i o n o r c h a n g e - o f e m p l o y m e n t p o l i c y r e g a r d i n g i n f o r m a t i o n s e c u r i t y S e c t i o n 8 : A s s e t M a n a g e m e n t  C o m p l e t e i n v e n t o r y l i s t o f a s s e t s  C o m p l e t e o w n e r s h i p l i s t o f a s s e t s  D e f i n e d “ a c c e p t a b l e u s e ” o f a s s e t s p o l i c y  D e f i n e d r e t u r n o f a s s e t s p o l i c y  D e f i n e d p o l i c y f o r c l a s s i f i c a t i o n o f i n f o r m a t i o n  D e f i n e d p o l i c y f o r l a b e l i n g i n f o r m a t i o n  D e f i n e d p o l i c y f o r h a n d l i n g o f a s s e t s
8  D e f i n e d p o l i c y f o r m a n a g e m e n t o f r e m o v a b l e m e d i a  D e f i n e d p o l i c y f o r d i s p o s a l o f m e d i a  D e f i n e d p o l i c y f o r p h y s i c a l m e d i a t r a n s f e r S e c t i o n 9 . A c c e s s C o n t r o l  D e f i n e d p o l i c y f o r u s e r a s s e t r e g i s t r a t i o n a n d d e - r e g i s t r a t i o n  D e f i n e d p o l i c y f o r u s e r a c c e s s p r o v i s i o n i n g  D e f i n e d p o l i c y f o r m a n a g e m e n t o f p r i v i l e g e d a c c e s s r i g h t s  D e f i n e d p o l i c y f o r m a n a g e m e n t o f s e c r e t a u t h e n t i c a t i o n i n f o r m a t i o n o f u s e r s  D e f i n e d p o l i c y f o r r e v i e w o f u s e r a c c e s s r i g h t s  D e f i n e d p o l i c y f o r r e m o v a l o r a d j u s t m e n t o f a c c e s s r i g h t s  D e f i n e d p o l i c y f o r u s e o f s e c r e t a u t h e n t i c a t i o n i n f o r m a t i o n  D e f i n e d p o l i c y f o r i n f o r m a t i o n a c c e s s r e s t r i c t i o n s  D e f i n e d p o l i c y f o r s e c u r e l o g - i n p r o c e d u r e s  D e f i n e d p o l i c y f o r p a s s w o r d m a n a g e m e n t s y s t e m s  D e f i n e d p o l i c y f o r u s e o f p r i v i l e g e d u t i l i t y p r o g r a m s  D e f i n e d p o l i c y f o r a c c e s s c o n t r o l t o p r o g r a m s o u r c e c o d e
9 S e c t i o n 1 0 . C r y p t o g r a p h y  D e f i n e d p o l i c y f o r u s e o f c r y p t o g r a p h i c c o n t r o l s  D e f i n e d p o l i c y f o r k e y m a n a g e m e n t S e c t i o n 11 . P h y s i c a l a n d E n v i r o n m e n t a l S e c u r i t y  D e f i n e d p o l i c y f o r p h y s i c a l s e c u r i t y p e r i m e t e r  D e f i n e d p o l i c y f o r p h y s i c a l e n t r y c o n t r o l s  D e f i n e d p o l i c y f o r s e c u r i n g o f f i c e s , r o o m s , a n d f a c i l i t i e s  D e f i n e d p o l i c y f o r p r o t e c t i o n a g a i n s t e x t e r n a l a n d e n v i r o n m e n t a l t h r e a t s  D e f i n e d p o l i c y f o r w o r k i n g i n s e c u r e a r e a s  D e f i n e d p o l i c y f o r d e l i v e r y a n d l o a d i n g a r e a s  D e f i n e d p o l i c y f o r e q u i p m e n t s i t i n g a n d p r o t e c t i o n  D e f i n e d p o l i c y f o r s u p p o r t i n g u t i l i t i e s  D e f i n e d p o l i c y f o r c a b l i n g s e c u r i t y  D e f i n e d p o l i c y f o r e q u i p m e n t m a i n t e n a n c e
10  D e f i n e d p o l i c y f o r r e m o v a l o f a s s e t s  D e f i n e d p o l i c y f o r s e c u r i t y o f e q u i p m e n t a n d a s s e t s o f f - p r e m i s e s  S e c u r e d i s p o s a l o r r e - u s e o f e q u i p m e n t  D e f i n e d p o l i c y f o r u n a t t e n d e d u s e r e q u i p m e n t  D e f i n e d p o l i c y f o r c l e a r d e s k a n d c l e a r s c r e e n p o l i c y S e c t i o n 1 2 . O p e r a t i o n s S e c u r i t y  D e f i n e d p o l i c y f o r d o c u m e n t e d o p e r a t i n g p r o c e d u r e s  D e f i n e d p o l i c y f o r c h a n g e m a n a g e m e n t  D e f i n e d p o l i c y f o r c a p a c i t y m a n a g e m e n t  D e f i n e d p o l i c y f o r s e p a r a t i o n o f d e v e l o p m e n t , t e s t i n g , a n d o p e r a t i o n a l e n v i r o n m e n t s  D e f i n e d p o l i c y f o r c o n t r o l s a g a i n s t m a l w a r e  D e f i n e d p o l i c y f o r b a c k i n g u p s y s t e m s  D e f i n e d p o l i c y f o r i n f o r m a t i o n b a c k u p  D e f i n e d p o l i c y f o r e v e n t l o g g i n g  D e f i n e d p o l i c y f o r p r o t e c t i o n o f l o g i n f o r m a t i o n  D e f i n e d p o l i c y f o r a d m i n i s t r a t o r a n d o p e r a t o r l o g
11  D e f i n e d p o l i c y f o r c l o c k s y n c h r o n i z a t i o n  D e f i n e d p o l i c y f o r i n s t a l l a t i o n o f s o f t w a r e o n o p e r a t i o n a l s y s t e m s  D e f i n e d p o l i c y f o r m a n a g e m e n t o f t e c h n i c a l v u l n e r a b i l i t i e s  D e f i n e d p o l i c y f o r r e s t r i c t i o n o n s o f t w a r e i n s t a l l a t i o n  D e f i n e d p o l i c y f o r i n f o r m a t i o n s y s t e m a u d i t c o n t r o l S e c t i o n 1 3 . C o m m u n i c a t i o n S e c u r i t y  D e f i n e d p o l i c y f o r n e t w o r k c o n t r o l s  D e f i n e d p o l i c y f o r s e c u r i t y o f n e t w o r k s e r v i c e s  D e f i n e d p o l i c y f o r s e g r e g a t i o n i n n e t w o r k s  D e f i n e d p o l i c y f o r i n f o r m a t i o n t r a n s f e r p o l i c i e s a n d p r o c e d u r e s  D e f i n e d p o l i c y f o r a g r e e m e n t s o n i n f o r m a t i o n t r a n s f e r  D e f i n e d p o l i c y f o r e l e c t r o n i c m e s s a g i n g  D e f i n e d p o l i c y f o r c o n f i d e n t i a l i t y o r n o n - d i s c l o s u r e a g r e e m e n t s  D e f i n e d p o l i c y f o r s y s t e m a c q u i s i t i o n , d e v e l o p m e n t , a n d m a i n t e n a n c e
12 S e c t i o n 1 4 . S y s t e m A c q u i s i t i o n , D e v e l o p m e n t , a n d M a i n t e n a n c e  D e f i n e d p o l i c y f o r i n f o r m a t i o n s e c u r i t y r e q u i r e m e n t s a n a l y s i s a n d s p e c i f i c a t i o n  D e f i n e d p o l i c y f o r s e c u r i n g a p p l i c a t i o n s e r v i c e s o n p u b l i c n e t w o r k s  D e f i n e d p o l i c y f o r p r o t e c t i n g a p p l i c a t i o n s e r v i c e t r a n s a c t i o n s S e c t i o n 1 5 . S u p p l i e r R e l a t i o n s h i p s  D e f i n e d p o l i c y f o r s u p p l i e r r e l a t i o n s h i p s S e c t i o n 1 6 . I n f o r m a t i o n S e c u r i t y I n c i d e n t M a n a g e m e n t  D e f i n e d p o l i c y f o r i n f o r m a t i o n s e c u r i t y m a n a g e m e n t S e c t i o n 1 7 . I n f o r m a t i o n S e c u r i t y A s p e c t s o f B u s i n e s s C o n t i n u i t y M a n a g e m e n t  D e f i n e d p o l i c y f o r r e d u n d a n c i e s S e c t i o n 1 8 . C o m p l i a n c e  D e f i n e d p o l i c y f o r i d e n t i f i c a t i o n o f a p p l i c a b l e l e g i s l a t i o n a n d c o n t r a c t u a l r e q u i r e m e n t s  D e f i n e d p o l i c y f o r i n t e l l e c t u a l p r o p e r t y r i g h t s  D e f i n e d p o l i c y f o r p r o t e c t i o n o f r e c o r d s  D e f i n e d p o l i c y f o r p r i v a c y a n d p r o t e c t i o n o f p e r s o n a l l y i d e n t i f i a b l e i n f o r m a t i o n  D e f i n e d p o l i c y f o r r e g u l a t i o n o f c r y p t o g r a p h i c c o n t r o l
13  D e f i n e d p o l i c y f o r c o m p l i a n c e w i t h s e c u r i t y p o l i c i e s a n d s t a n d a r d s  D e f i n e d p o l i c y f o r t e c h n i c a l c o m p l i a n c e r e v i e w R e a s o n s t o a d o p t I S O 2 7 0 0 1 T h e I S O 2 7 0 0 1 s t a n d a r d p r o v i d e s b e t t e r a w a r e n e s s o f i n f o r m a t i o n s e c u r i t y m e c h a n i s m s t o m e a s u r e t h e e f f e c t i v e n e s s o f t h e m a n a g e m e n t s y s t e m . I t a l s o p r o v i d e s t h e o p p o r t u n i t y t o i d e n t i f y t h e w e a k n e s s e s o f t h e I S M S a n d t o p r o v i d e c o r r e c t i o n s . I t a l s o g i v e s a c c o u n t a b i l i t y t o t h e h i g h e s t m a n a g e m e n t f o r i n f o r m a t i o n s e c u r i t y a n d s a t i s f a c t i o n o f c o n d i t i o n s o f t h e c u s t o m e r a n d o t h e r s t a k e h o l d e r s . H o w c a n I g e t I S O 2 7 0 0 1 C e r t i f i c a t i o n ? I n f o s e c Tr a i n p r o v i d e s c e r t i f i c a t i o n t r a i n i n g a n d n e c e s s a r y p r e p a r a t i o n g u i d a n c e f o r I S O 2 7 0 0 1 c e r t i f i c a t i o n e x a m s . I t i s o n e o f t h e b e s t c o n s u l t i n g o r g a n i z a t i o n s , f o c u s i n g o n a w i d e r a n g e o f I T s e c u r i t y t r a i n i n g . H i g h l y s k i l l e d a n d q u a l i f i e d i n s t r u c t o r s w i t h y e a r s o f i n d u s t r y e x p e r i e n c e t o d e l i v e r i n t e r a c t i v e t r a i n i n g s e s s i o n s o n I S O 2 7 0 0 1 s t a n d a r d c e r t i f i c a t i o n e x a m . Yo u c a n v i s i t t h e f o l l o w i n g l i n k t o p r e p a r e f o r t h e I S O c e r t i f i c a t i o n e x a m .
14
OUR CONTACT A B O U T O U R C O M PA N Y InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. +44 7451208413 sales@infosectrain.co m www.infosectrain.com https://www.facebook.com/Infosectrain/ https://www.linkedin.com/company/infosec-train/ https://www.youtube.com/c/InfosecTrain

Recommended

How to migrate the server to azure
How to migrate the server to azureHow to migrate the server to azure
How to migrate the server to azureShivamSharma909
 
Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019
Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019
Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019Nurul ihsani
 
All about the azure internet of things (io t)
All about the azure internet of things (io t)All about the azure internet of things (io t)
All about the azure internet of things (io t)ShivamSharma909
 
NPPS_Company_Profile
NPPS_Company_ProfileNPPS_Company_Profile
NPPS_Company_ProfileEugen Arnold
 
El matrimonio religioso y civil la union c...
El matrimonio religioso y civil la union c...El matrimonio religioso y civil la union c...
El matrimonio religioso y civil la union c...ManuelCA34
 
CL434 Dissertation
CL434 DissertationCL434 Dissertation
CL434 DissertationGordon Best
 
Presupuesto de producción yarcelys wojcik
Presupuesto de producción yarcelys wojcikPresupuesto de producción yarcelys wojcik
Presupuesto de producción yarcelys wojcikYARCELYS WOJCIK
 
Articulo para compartir (1)
Articulo para compartir (1)Articulo para compartir (1)
Articulo para compartir (1)josevicenteflores
 

Recommended

How to migrate the server to azure
How to migrate the server to azureHow to migrate the server to azure
How to migrate the server to azureShivamSharma909
 
Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019
Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019
Sm,nurul ihsani,hapzi ali, matrix swot, universitas mercu buana,2019Nurul ihsani
 
All about the azure internet of things (io t)
All about the azure internet of things (io t)All about the azure internet of things (io t)
All about the azure internet of things (io t)ShivamSharma909
 
NPPS_Company_Profile
NPPS_Company_ProfileNPPS_Company_Profile
NPPS_Company_ProfileEugen Arnold
 
El matrimonio religioso y civil la union c...
El matrimonio religioso y civil la union c...El matrimonio religioso y civil la union c...
El matrimonio religioso y civil la union c...ManuelCA34
 
CL434 Dissertation
CL434 DissertationCL434 Dissertation
CL434 DissertationGordon Best
 
Presupuesto de producción yarcelys wojcik
Presupuesto de producción yarcelys wojcikPresupuesto de producción yarcelys wojcik
Presupuesto de producción yarcelys wojcikYARCELYS WOJCIK
 
Articulo para compartir (1)
Articulo para compartir (1)Articulo para compartir (1)
Articulo para compartir (1)josevicenteflores
 
Mobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
Mobile Marketing, Code of Ethics, Privacy and Children_Michael HanleyMobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
Mobile Marketing, Code of Ethics, Privacy and Children_Michael HanleySara Quinn
 
The Lessons of the Financial Crisis
The Lessons of the Financial CrisisThe Lessons of the Financial Crisis
The Lessons of the Financial CrisisGordon Best
 
Blog y almacenamiento_en_la_nube (1)
Blog y almacenamiento_en_la_nube (1)Blog y almacenamiento_en_la_nube (1)
Blog y almacenamiento_en_la_nube (1)jennypaolaayure
 
Asian forum prefinal (july 17 2016).pdf1
Asian forum prefinal (july 17 2016).pdf1Asian forum prefinal (july 17 2016).pdf1
Asian forum prefinal (july 17 2016).pdf1Ram Khadka
 
Practical dreaming
Practical dreamingPractical dreaming
Practical dreamingChris Lobsinger
 
Informe presupuesto de produccion
Informe presupuesto de produccionInforme presupuesto de produccion
Informe presupuesto de producciongenesisereuv
 
Corporate Wellness Proposal
Corporate Wellness ProposalCorporate Wellness Proposal
Corporate Wellness ProposalMatt Cuthbertson
 
STRATEGIC MANAGEMENT "14"
STRATEGIC MANAGEMENT "14" STRATEGIC MANAGEMENT "14"
STRATEGIC MANAGEMENT "14" Nurul ihsani
 
Transcription (virtual assistant versus freelancer)
Transcription (virtual assistant versus freelancer)Transcription (virtual assistant versus freelancer)
Transcription (virtual assistant versus freelancer)MargieEntienza
 
Castle View Prospectuas 2014 2015
Castle View Prospectuas 2014 2015Castle View Prospectuas 2014 2015
Castle View Prospectuas 2014 2015Kathryn Evans
 
Comunidad internacional
Comunidad internacionalComunidad internacional
Comunidad internacionalsoledadllc
 
Act comprensión 1
Act comprensión 1Act comprensión 1
Act comprensión 1osman1
 
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...Nurul ihsani
 
Act comprensión 3
Act comprensión 3Act comprensión 3
Act comprensión 3osman1
 
Choosing the right aws certification for you
Choosing the right aws certification for youChoosing the right aws certification for you
Choosing the right aws certification for youShivamSharma909
 
Pee book copy
Pee book copyPee book copy
Pee book copyZeenathulFaridaAbdul1
 
Guide to buying a wallbed
Guide to buying a wallbedGuide to buying a wallbed
Guide to buying a wallbedwallbedsdirect
 
UFO Spotting Handboek
UFO Spotting HandboekUFO Spotting Handboek
UFO Spotting HandboekParashade
 
masterportfolio
masterportfoliomasterportfolio
masterportfolioMohd Iqbal Hashim
 
Portfolio1 Vladimir Konjevic
Portfolio1 Vladimir KonjevicPortfolio1 Vladimir Konjevic
Portfolio1 Vladimir KonjevicVladimir Konjevic
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
CYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfShivamSharma909
 

More Related Content

What's hot

Mobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
Mobile Marketing, Code of Ethics, Privacy and Children_Michael HanleyMobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
Mobile Marketing, Code of Ethics, Privacy and Children_Michael HanleySara Quinn
 
The Lessons of the Financial Crisis
The Lessons of the Financial CrisisThe Lessons of the Financial Crisis
The Lessons of the Financial CrisisGordon Best
 
Blog y almacenamiento_en_la_nube (1)
Blog y almacenamiento_en_la_nube (1)Blog y almacenamiento_en_la_nube (1)
Blog y almacenamiento_en_la_nube (1)jennypaolaayure
 
Asian forum prefinal (july 17 2016).pdf1
Asian forum prefinal (july 17 2016).pdf1Asian forum prefinal (july 17 2016).pdf1
Asian forum prefinal (july 17 2016).pdf1Ram Khadka
 
Informe presupuesto de produccion
Informe presupuesto de produccionInforme presupuesto de produccion
Informe presupuesto de producciongenesisereuv
 
Corporate Wellness Proposal
Corporate Wellness ProposalCorporate Wellness Proposal
Corporate Wellness ProposalMatt Cuthbertson
 
STRATEGIC MANAGEMENT "14"
STRATEGIC MANAGEMENT "14" STRATEGIC MANAGEMENT "14"
STRATEGIC MANAGEMENT "14" Nurul ihsani
 
Transcription (virtual assistant versus freelancer)
Transcription (virtual assistant versus freelancer)Transcription (virtual assistant versus freelancer)
Transcription (virtual assistant versus freelancer)MargieEntienza
 
Castle View Prospectuas 2014 2015
Castle View Prospectuas 2014 2015Castle View Prospectuas 2014 2015
Castle View Prospectuas 2014 2015Kathryn Evans
 
Comunidad internacional
Comunidad internacionalComunidad internacional
Comunidad internacionalsoledadllc
 
Act comprensión 1
Act comprensión 1Act comprensión 1
Act comprensión 1osman1
 
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...Nurul ihsani
 
Act comprensión 3
Act comprensión 3Act comprensión 3
Act comprensión 3osman1
 
Choosing the right aws certification for you
Choosing the right aws certification for youChoosing the right aws certification for you
Choosing the right aws certification for youShivamSharma909
 
Guide to buying a wallbed
Guide to buying a wallbedGuide to buying a wallbed
Guide to buying a wallbedwallbedsdirect
 
UFO Spotting Handboek
UFO Spotting HandboekUFO Spotting Handboek
UFO Spotting HandboekParashade
 
Portfolio1 Vladimir Konjevic
Portfolio1 Vladimir KonjevicPortfolio1 Vladimir Konjevic
Portfolio1 Vladimir KonjevicVladimir Konjevic
 

What's hot (20)

Mobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
Mobile Marketing, Code of Ethics, Privacy and Children_Michael HanleyMobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
Mobile Marketing, Code of Ethics, Privacy and Children_Michael Hanley
 
The Lessons of the Financial Crisis
The Lessons of the Financial CrisisThe Lessons of the Financial Crisis
The Lessons of the Financial Crisis
 
Blog y almacenamiento_en_la_nube (1)
Blog y almacenamiento_en_la_nube (1)Blog y almacenamiento_en_la_nube (1)
Blog y almacenamiento_en_la_nube (1)
 
Asian forum prefinal (july 17 2016).pdf1
Asian forum prefinal (july 17 2016).pdf1Asian forum prefinal (july 17 2016).pdf1
Asian forum prefinal (july 17 2016).pdf1
 
Practical dreaming
Practical dreamingPractical dreaming
Practical dreaming
 
Informe presupuesto de produccion
Informe presupuesto de produccionInforme presupuesto de produccion
Informe presupuesto de produccion
 
Corporate Wellness Proposal
Corporate Wellness ProposalCorporate Wellness Proposal
Corporate Wellness Proposal
 
STRATEGIC MANAGEMENT "14"
STRATEGIC MANAGEMENT "14" STRATEGIC MANAGEMENT "14"
STRATEGIC MANAGEMENT "14"
 
Transcription (virtual assistant versus freelancer)
Transcription (virtual assistant versus freelancer)Transcription (virtual assistant versus freelancer)
Transcription (virtual assistant versus freelancer)
 
Castle View Prospectuas 2014 2015
Castle View Prospectuas 2014 2015Castle View Prospectuas 2014 2015
Castle View Prospectuas 2014 2015
 
Comunidad internacional
Comunidad internacionalComunidad internacional
Comunidad internacional
 
Act comprensión 1
Act comprensión 1Act comprensión 1
Act comprensión 1
 
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
7,sm,nurul ihsani,hapzi ali,business level strategy, universitas mercu buana,...
 
Act comprensión 3
Act comprensión 3Act comprensión 3
Act comprensión 3
 
Choosing the right aws certification for you
Choosing the right aws certification for youChoosing the right aws certification for you
Choosing the right aws certification for you
 
Pee book copy
Pee book copyPee book copy
Pee book copy
 
Guide to buying a wallbed
Guide to buying a wallbedGuide to buying a wallbed
Guide to buying a wallbed
 
UFO Spotting Handboek
UFO Spotting HandboekUFO Spotting Handboek
UFO Spotting Handboek
 
masterportfolio
masterportfoliomasterportfolio
masterportfolio
 
Portfolio1 Vladimir Konjevic
Portfolio1 Vladimir KonjevicPortfolio1 Vladimir Konjevic
Portfolio1 Vladimir Konjevic
 

More from ShivamSharma909

Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
CYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfShivamSharma909
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfShivamSharma909
 
Top 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdfTop 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdfShivamSharma909
 
Top 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdfTop 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdfShivamSharma909
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseShivamSharma909
 
Why cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fitWhy cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fitShivamSharma909
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerShivamSharma909
 
Top 20 azure interview questions
Top 20 azure interview questionsTop 20 azure interview questions
Top 20 azure interview questionsShivamSharma909
 
Top 15 aws security interview questions
Top 15 aws security interview questionsTop 15 aws security interview questions
Top 15 aws security interview questionsShivamSharma909
 
EC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystEC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystShivamSharma909
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingShivamSharma909
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingShivamSharma909
 
Domain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingDomain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingShivamSharma909
 
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack TechniquesDomain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack TechniquesShivamSharma909
 
Domain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance TechniquesDomain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance TechniquesShivamSharma909
 
Domain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical HackingDomain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical HackingShivamSharma909
 
How is az 303 different from az-304
How is az 303 different from az-304How is az 303 different from az-304
How is az 303 different from az-304ShivamSharma909
 

More from ShivamSharma909 (20)

Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
CYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdfCYBERSECURITY Interview Questions for Freshers.pdf
CYBERSECURITY Interview Questions for Freshers.pdf
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdfTop 20 Incident Responder Interview Questions and Answers (1).pdf
Top 20 Incident Responder Interview Questions and Answers (1).pdf
 
Top 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdfTop 25 Azure Architect Interview Questions and Answers.pdf
Top 25 Azure Architect Interview Questions and Answers.pdf
 
Top 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdfTop 20 Azure Administrator Interview Questions.pdf
Top 20 Azure Administrator Interview Questions.pdf
 
Threat Hunting Professional Online Training Course
Threat Hunting Professional Online Training CourseThreat Hunting Professional Online Training Course
Threat Hunting Professional Online Training Course
 
Why cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fitWhy cloud security engineers find CCSE as a perfect fit
Why cloud security engineers find CCSE as a perfect fit
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
Top 20 azure interview questions
Top 20 azure interview questionsTop 20 azure interview questions
Top 20 azure interview questions
 
Top 15 aws security interview questions
Top 15 aws security interview questionsTop 15 aws security interview questions
Top 15 aws security interview questions
 
EC-Council Certified SOC Analyst
EC-Council Certified SOC AnalystEC-Council Certified SOC Analyst
EC-Council Certified SOC Analyst
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
Domain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network HackingDomain 6 of CEH: Wireless Network Hacking
Domain 6 of CEH: Wireless Network Hacking
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application Hacking
 
Domain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter HackingDomain 4 of CEH V11: Network and Perimeter Hacking
Domain 4 of CEH V11: Network and Perimeter Hacking
 
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack TechniquesDomain 3 of CEH v11: System Hacking Phases and Attack Techniques
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
 
Domain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance TechniquesDomain 2 of CEH v11: Reconnaissance Techniques
Domain 2 of CEH v11: Reconnaissance Techniques
 
Domain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical HackingDomain 1 of CEH v11: Information Security and Ethical Hacking
Domain 1 of CEH v11: Information Security and Ethical Hacking
 
How is az 303 different from az-304
How is az 303 different from az-304How is az 303 different from az-304
How is az 303 different from az-304
 

A basic introduction to iso 27001

  • 2. InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.
  • 3.
  • 4. 4 A B a s i c I n t r o d u c t i o n t o I S O 2 7 0 0 1 I n f o r m a t i o n s e c u r i t y i s a g l o b a l i s s u e a f f e c t i n g i n t e r n a t i o n a l t r a d i n g , m o b i l e c o m m u n i c a t i o n s , s o c i a l m e d i a , a n d t h e v a r i o u s s y s t e m s a n d s e r v i c e s t h a t m a k e o u r d i g i t a l w o r l d a n d n a t i o n a l i n f r a s t r u c t u r e s . M a n a g i n g i n f o r m a t i o n s e c u r i t y i s a n e v e n m o r e c r u c i a l i s s u e , a s i t i n c l u d e s u s i n g a n d m a n a g i n g t h e p o l i c i e s , p r o c e d u r e s , p r o c e s s e s , c o n t r o l m e a s u r e s , a n d s u p p o r t i n g a p p l i c a t i o n s , s e r v i c e s , a n d t e c h n o l o g i e s t h a t a r e n e e d e d t o b e p r o t e c t e d . I n f o r m a t i o n s e c u r i t y m a n a g e m e n t n e e d s t o b e e f f e c t i v e , s u i t a b l e , a n d a p p r o p r i a t e i f i t i s t o p r o t e c t i n f o r m a t i o n f r o m t h e r i s k s t h a t b u s i n e s s e s a n d s o c i e t y f a c e i n t h i s d i g i t a l a g e . I n f o r m a t i o n c o u l d b e d i s c l o s e d a n d a c c e s s i b l e t o u n a u t h o r i z e d u s e r s , c o r r u p t e d o r m o d i f i e d e i t h e r i n s o m e u n a u t h o r i z e d o r a c c i d e n t a l w a y o r l o s t o r u n a v a i l a b l e d u e t o a s y s t e m f a i l u r e . A n o r g a n i z a t i o n r e q u i r e s t o a s s e s s i t s r i s k s i n t e r m s o f t h e p o t e n t i a l i m p a c t t h a t a s e c u r i t y i n c i d e n t m i g h t h a v e o n i t s b u s i n e s s a n d t h e l i k e l i h o o d o f t h i s s e c u r i t y i n c i d e n t o c c u r r i n g . I t n e e d s t o a d o p t a n a p p r o a c h t o r i s k a s s e s s m e n t t h a t i s e f f e c t i v e , s u i t a b l e , a n d a p p r o p r i a t e t o i t s b u s i n e s s , a n d t h i s a p p r o a c h i s k n o w n a s I S O i m p l e m e n t a t i o n . C C I S O C e r t i f i c a t i o n
  • 5. 5 T h e I n t e r n a t i o n a l S t a n d a r d s O r g a n i z a t i o n ( I S O ) i s a n o n - g o v e r n m e n t a l o r g a n i z a t i o n t h a t h o l d s a u n i q u e p o s i t i o n b e t w e e n t h e p u b l i c a n d p r i v a t e s e c t o r s . I t s m e m b e r s i n c l u d e n a t i o n a l s t a n d a r d s o r g a n i z a t i o n s w h o o f t e n a r e a p a r t o f g o v e r n m e n t s t r u c t u r e s i n t h e i r c o u n t r i e s o r m a n d a t e d b y t h e s e g o v e r n m e n t s . T h e r o l e o f I S O i s t o f a c i l i t a t e t h e i n t e r n a t i o n a l c o o r d i n a t i o n a n d t h e s t a n d a r d i z a t i o n o f i n d u s t r i a l s t a n d a r d s . To r e a c h t h e s e o b j e c t i v e s , I S O p u b l i s h e s t e c h n i c a l s t a n d a r d s . T h e s e s t a n d a r d s c o n t r i b u t e t o t h e d e v e l o p m e n t , m a n u f a c t u r i n g , a n d d e l i v e r y o f p r o d u c t s a n d s e r v i c e s t h a t a r e m o r e e f f e c t i v e , s a f e r, a n d c l e a r e r. T h e y f a c i l i t a t e f a i r t r a d e b e t w e e n c o u n t r i e s . I n a d d i t i o n , t h e y b r i n g a t e c h n i c a l f o u n d a t i o n f o r h e a l t h , s e c u r i t y, a n d e n v i r o n m e n t a l l e g i s l a t i o n t o g o v e r n m e n t s ; a n d t h e y h e l p t o t r a n s f e r t e c h n o l o g i e s t o d e v e l o p i n g c o u n t r i e s . I S O s t a n d a r d s a r e a l s o u s e d t o p r o t e c t c o n s u m e r s a n d g e n e r a l u s e r s o f p r o d u c t s a n d s e r v i c e s . W h a t i s I S O 2 7 0 0 1 ? I S O 2 7 0 0 1 i s t h e i n t e r n a t i o n a l s t a n d a r d t h a t p r o v i d e s t h e s p e c i f i c a t i o n f o r a n I n f o r m a t i o n S e c u r i t y M a n a g e m e n t S y s t e m ( I S M S ) . T h i s s y s t e m a t i c a p p r o a c h c o n s i s t s o f p e o p l e , p r o c e s s e s , a n d t e c h n o l o g y t h a t h e l p s y o u p r o t e c t a n d m a n a g e a l l y o u r o r g a n i z a t i o n ’ s i n f o r m a t i o n t h r o u g h r i s k m a n a g e m e n t . I t i s a s e t o f n o r m a t i v e r e q u i r e m e n t s f o r e s t a b l i s h i n g , i m p l e m e n t i n g , o p e r a t i n g , m o n i t o r i n g , a n d r e v i e w i n g t o u p d a t e a n d d e v e l o p a n I n f o r m a t i o n S e c u r i t y M a n a g e m e n t S y s t e m ( I S M S ) . I S O 2 7 0 0 1 i s a l s o u s e d f o r s e l e c t i n g s e c u r i t y c o n t r o l s t a i l o r e d t o e a c h o r g a n i z a t i o n ’ s n e e d s b a s e d o n i n d u s t r y b e s t p r a c t i c e s . W h a t i s I S O ?
  • 6. 6 I S O 2 7 0 0 1 c h e c k l i s t A n I S O 2 7 0 0 1 c h e c k l i s t i s u s e d t o d e f i n e i f a n o r g a n i z a t i o n s a t i s f i e s t h e i n t e r n a t i o n a l s t a n d a r d r e q u i r e m e n t s f o r i m p l e m e n t i n g a n e f f i c i e n t I S M S ( I n f o r m a t i o n S e c u r i t y M a n a g e m e n t S y s t e m ) . I n f o r m a t i o n S e c u r i t y O f f i c e r s a p p l y a n I S O 2 7 0 0 1 t e m p l a t e w h e n m a n a g i n g i n t e r n a l I S O 2 7 0 0 1 a u d i t s . T h i s c h e c k l i s t i s d i v i d e d i n t o 1 4 c a t e g o r i e s f r o m s e c t i o n 5 t o s e c t i o n 1 8 , a n d a l l s e c t i o n i n c l u d e s v a r i o u s t h i n g s t h a t a r e a s f o l l o w s : S e c t i o n 5 : I n f o r m a t i o n S e c u r i t y P o l i c i e s  S e c u r i t y p o l i c i e s e x i s t  A l l p o l i c i e s a p p r o v e d b y m a n a g e m e n t  E v i d e n c e o f c o m p l i a n c e S e c t i o n 6 : O r g a n i z a t i o n o f I n f o r m a t i o n S e c u r i t y  R o l e s a n d r e s p o n s i b i l i t i e s d e f i n e d  S e g r e g a t i o n o f d u t i e s d e f i n e d  Ve r i f i c a t i o n b o d y / a u t h o r i t y c o n t a c t e d f o r c o m p l i a n c e v e r i f i c a t i o n  E s t a b l i s h c o n t a c t w i t h s p e c i a l i n t e r e s t g r o u p s r e g a r d i n g c o m p l i a n c e  E v i d e n c e o f i n f o r m a t i o n s e c u r i t y i n p r o j e c t m a n a g e m e n t  D e f i n e d p o l i c y f o r m o b i l e d e v i c e s  D e f i n e d p o l i c y f o r w o r k i n g r e m o t e l y
  • 7. 7 S e c t i o n 7 : H u m a n R e s o u r c e s S e c u r i t y  D e f i n e d p o l i c y f o r s c r e e n i n g e m p l o y e e s p r i o r t o e m p l o y m e n t  D e f i n e d p o l i c y f o r H R t e r m s a n d c o n d i t i o n s o f e m p l o y m e n t  D e f i n e d p o l i c y f o r m a n a g e m e n t r e s p o n s i b i l i t i e s  D e f i n e d p o l i c y f o r i n f o r m a t i o n s e c u r i t y a w a r e n e s s , e d u c a t i o n , a n d t r a i n i n g  D e f i n e d p o l i c y f o r d i s c i p l i n a r y p r o c e s s r e g a r d i n g i n f o r m a t i o n s e c u r i t y  D e f i n e d p o l i c y f o r H R t e r m i n a t i o n o r c h a n g e - o f e m p l o y m e n t p o l i c y r e g a r d i n g i n f o r m a t i o n s e c u r i t y S e c t i o n 8 : A s s e t M a n a g e m e n t  C o m p l e t e i n v e n t o r y l i s t o f a s s e t s  C o m p l e t e o w n e r s h i p l i s t o f a s s e t s  D e f i n e d “ a c c e p t a b l e u s e ” o f a s s e t s p o l i c y  D e f i n e d r e t u r n o f a s s e t s p o l i c y  D e f i n e d p o l i c y f o r c l a s s i f i c a t i o n o f i n f o r m a t i o n  D e f i n e d p o l i c y f o r l a b e l i n g i n f o r m a t i o n  D e f i n e d p o l i c y f o r h a n d l i n g o f a s s e t s
  • 8. 8  D e f i n e d p o l i c y f o r m a n a g e m e n t o f r e m o v a b l e m e d i a  D e f i n e d p o l i c y f o r d i s p o s a l o f m e d i a  D e f i n e d p o l i c y f o r p h y s i c a l m e d i a t r a n s f e r S e c t i o n 9 . A c c e s s C o n t r o l  D e f i n e d p o l i c y f o r u s e r a s s e t r e g i s t r a t i o n a n d d e - r e g i s t r a t i o n  D e f i n e d p o l i c y f o r u s e r a c c e s s p r o v i s i o n i n g  D e f i n e d p o l i c y f o r m a n a g e m e n t o f p r i v i l e g e d a c c e s s r i g h t s  D e f i n e d p o l i c y f o r m a n a g e m e n t o f s e c r e t a u t h e n t i c a t i o n i n f o r m a t i o n o f u s e r s  D e f i n e d p o l i c y f o r r e v i e w o f u s e r a c c e s s r i g h t s  D e f i n e d p o l i c y f o r r e m o v a l o r a d j u s t m e n t o f a c c e s s r i g h t s  D e f i n e d p o l i c y f o r u s e o f s e c r e t a u t h e n t i c a t i o n i n f o r m a t i o n  D e f i n e d p o l i c y f o r i n f o r m a t i o n a c c e s s r e s t r i c t i o n s  D e f i n e d p o l i c y f o r s e c u r e l o g - i n p r o c e d u r e s  D e f i n e d p o l i c y f o r p a s s w o r d m a n a g e m e n t s y s t e m s  D e f i n e d p o l i c y f o r u s e o f p r i v i l e g e d u t i l i t y p r o g r a m s  D e f i n e d p o l i c y f o r a c c e s s c o n t r o l t o p r o g r a m s o u r c e c o d e
  • 9. 9 S e c t i o n 1 0 . C r y p t o g r a p h y  D e f i n e d p o l i c y f o r u s e o f c r y p t o g r a p h i c c o n t r o l s  D e f i n e d p o l i c y f o r k e y m a n a g e m e n t S e c t i o n 11 . P h y s i c a l a n d E n v i r o n m e n t a l S e c u r i t y  D e f i n e d p o l i c y f o r p h y s i c a l s e c u r i t y p e r i m e t e r  D e f i n e d p o l i c y f o r p h y s i c a l e n t r y c o n t r o l s  D e f i n e d p o l i c y f o r s e c u r i n g o f f i c e s , r o o m s , a n d f a c i l i t i e s  D e f i n e d p o l i c y f o r p r o t e c t i o n a g a i n s t e x t e r n a l a n d e n v i r o n m e n t a l t h r e a t s  D e f i n e d p o l i c y f o r w o r k i n g i n s e c u r e a r e a s  D e f i n e d p o l i c y f o r d e l i v e r y a n d l o a d i n g a r e a s  D e f i n e d p o l i c y f o r e q u i p m e n t s i t i n g a n d p r o t e c t i o n  D e f i n e d p o l i c y f o r s u p p o r t i n g u t i l i t i e s  D e f i n e d p o l i c y f o r c a b l i n g s e c u r i t y  D e f i n e d p o l i c y f o r e q u i p m e n t m a i n t e n a n c e
  • 10. 10  D e f i n e d p o l i c y f o r r e m o v a l o f a s s e t s  D e f i n e d p o l i c y f o r s e c u r i t y o f e q u i p m e n t a n d a s s e t s o f f - p r e m i s e s  S e c u r e d i s p o s a l o r r e - u s e o f e q u i p m e n t  D e f i n e d p o l i c y f o r u n a t t e n d e d u s e r e q u i p m e n t  D e f i n e d p o l i c y f o r c l e a r d e s k a n d c l e a r s c r e e n p o l i c y S e c t i o n 1 2 . O p e r a t i o n s S e c u r i t y  D e f i n e d p o l i c y f o r d o c u m e n t e d o p e r a t i n g p r o c e d u r e s  D e f i n e d p o l i c y f o r c h a n g e m a n a g e m e n t  D e f i n e d p o l i c y f o r c a p a c i t y m a n a g e m e n t  D e f i n e d p o l i c y f o r s e p a r a t i o n o f d e v e l o p m e n t , t e s t i n g , a n d o p e r a t i o n a l e n v i r o n m e n t s  D e f i n e d p o l i c y f o r c o n t r o l s a g a i n s t m a l w a r e  D e f i n e d p o l i c y f o r b a c k i n g u p s y s t e m s  D e f i n e d p o l i c y f o r i n f o r m a t i o n b a c k u p  D e f i n e d p o l i c y f o r e v e n t l o g g i n g  D e f i n e d p o l i c y f o r p r o t e c t i o n o f l o g i n f o r m a t i o n  D e f i n e d p o l i c y f o r a d m i n i s t r a t o r a n d o p e r a t o r l o g
  • 11. 11  D e f i n e d p o l i c y f o r c l o c k s y n c h r o n i z a t i o n  D e f i n e d p o l i c y f o r i n s t a l l a t i o n o f s o f t w a r e o n o p e r a t i o n a l s y s t e m s  D e f i n e d p o l i c y f o r m a n a g e m e n t o f t e c h n i c a l v u l n e r a b i l i t i e s  D e f i n e d p o l i c y f o r r e s t r i c t i o n o n s o f t w a r e i n s t a l l a t i o n  D e f i n e d p o l i c y f o r i n f o r m a t i o n s y s t e m a u d i t c o n t r o l S e c t i o n 1 3 . C o m m u n i c a t i o n S e c u r i t y  D e f i n e d p o l i c y f o r n e t w o r k c o n t r o l s  D e f i n e d p o l i c y f o r s e c u r i t y o f n e t w o r k s e r v i c e s  D e f i n e d p o l i c y f o r s e g r e g a t i o n i n n e t w o r k s  D e f i n e d p o l i c y f o r i n f o r m a t i o n t r a n s f e r p o l i c i e s a n d p r o c e d u r e s  D e f i n e d p o l i c y f o r a g r e e m e n t s o n i n f o r m a t i o n t r a n s f e r  D e f i n e d p o l i c y f o r e l e c t r o n i c m e s s a g i n g  D e f i n e d p o l i c y f o r c o n f i d e n t i a l i t y o r n o n - d i s c l o s u r e a g r e e m e n t s  D e f i n e d p o l i c y f o r s y s t e m a c q u i s i t i o n , d e v e l o p m e n t , a n d m a i n t e n a n c e
  • 12. 12 S e c t i o n 1 4 . S y s t e m A c q u i s i t i o n , D e v e l o p m e n t , a n d M a i n t e n a n c e  D e f i n e d p o l i c y f o r i n f o r m a t i o n s e c u r i t y r e q u i r e m e n t s a n a l y s i s a n d s p e c i f i c a t i o n  D e f i n e d p o l i c y f o r s e c u r i n g a p p l i c a t i o n s e r v i c e s o n p u b l i c n e t w o r k s  D e f i n e d p o l i c y f o r p r o t e c t i n g a p p l i c a t i o n s e r v i c e t r a n s a c t i o n s S e c t i o n 1 5 . S u p p l i e r R e l a t i o n s h i p s  D e f i n e d p o l i c y f o r s u p p l i e r r e l a t i o n s h i p s S e c t i o n 1 6 . I n f o r m a t i o n S e c u r i t y I n c i d e n t M a n a g e m e n t  D e f i n e d p o l i c y f o r i n f o r m a t i o n s e c u r i t y m a n a g e m e n t S e c t i o n 1 7 . I n f o r m a t i o n S e c u r i t y A s p e c t s o f B u s i n e s s C o n t i n u i t y M a n a g e m e n t  D e f i n e d p o l i c y f o r r e d u n d a n c i e s S e c t i o n 1 8 . C o m p l i a n c e  D e f i n e d p o l i c y f o r i d e n t i f i c a t i o n o f a p p l i c a b l e l e g i s l a t i o n a n d c o n t r a c t u a l r e q u i r e m e n t s  D e f i n e d p o l i c y f o r i n t e l l e c t u a l p r o p e r t y r i g h t s  D e f i n e d p o l i c y f o r p r o t e c t i o n o f r e c o r d s  D e f i n e d p o l i c y f o r p r i v a c y a n d p r o t e c t i o n o f p e r s o n a l l y i d e n t i f i a b l e i n f o r m a t i o n  D e f i n e d p o l i c y f o r r e g u l a t i o n o f c r y p t o g r a p h i c c o n t r o l
  • 13. 13  D e f i n e d p o l i c y f o r c o m p l i a n c e w i t h s e c u r i t y p o l i c i e s a n d s t a n d a r d s  D e f i n e d p o l i c y f o r t e c h n i c a l c o m p l i a n c e r e v i e w R e a s o n s t o a d o p t I S O 2 7 0 0 1 T h e I S O 2 7 0 0 1 s t a n d a r d p r o v i d e s b e t t e r a w a r e n e s s o f i n f o r m a t i o n s e c u r i t y m e c h a n i s m s t o m e a s u r e t h e e f f e c t i v e n e s s o f t h e m a n a g e m e n t s y s t e m . I t a l s o p r o v i d e s t h e o p p o r t u n i t y t o i d e n t i f y t h e w e a k n e s s e s o f t h e I S M S a n d t o p r o v i d e c o r r e c t i o n s . I t a l s o g i v e s a c c o u n t a b i l i t y t o t h e h i g h e s t m a n a g e m e n t f o r i n f o r m a t i o n s e c u r i t y a n d s a t i s f a c t i o n o f c o n d i t i o n s o f t h e c u s t o m e r a n d o t h e r s t a k e h o l d e r s . H o w c a n I g e t I S O 2 7 0 0 1 C e r t i f i c a t i o n ? I n f o s e c Tr a i n p r o v i d e s c e r t i f i c a t i o n t r a i n i n g a n d n e c e s s a r y p r e p a r a t i o n g u i d a n c e f o r I S O 2 7 0 0 1 c e r t i f i c a t i o n e x a m s . I t i s o n e o f t h e b e s t c o n s u l t i n g o r g a n i z a t i o n s , f o c u s i n g o n a w i d e r a n g e o f I T s e c u r i t y t r a i n i n g . H i g h l y s k i l l e d a n d q u a l i f i e d i n s t r u c t o r s w i t h y e a r s o f i n d u s t r y e x p e r i e n c e t o d e l i v e r i n t e r a c t i v e t r a i n i n g s e s s i o n s o n I S O 2 7 0 0 1 s t a n d a r d c e r t i f i c a t i o n e x a m . Yo u c a n v i s i t t h e f o l l o w i n g l i n k t o p r e p a r e f o r t h e I S O c e r t i f i c a t i o n e x a m .
  • 14. 14
  • 15. OUR CONTACT A B O U T O U R C O M PA N Y InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. +44 7451208413 sales@infosectrain.co m www.infosectrain.com https://www.facebook.com/Infosectrain/ https://www.linkedin.com/company/infosec-train/ https://www.youtube.com/c/InfosecTrain