SlideShare a Scribd company logo

ISO 27001 - Information security user awareness training presentation - part 3

Download as PPTX, PDF
T
Tanmay Shinde

Information security and ISO 27001-2013 standards and its importance. http://www.ifour-consultancy.com

Technology
1 of 22
iFour Consultancy Security awareness seminar An introduction to ISO27k Part 3
Agenda  ISO 27001  A brief history of ISO27k  Plan-Do-Check-Act  CONTROL CLAUSES  IMPLEMENTATION PROCESS CYCLE  Benefits  Information security vision  Who is responsible?  Corporate Information Security Policy  Physical security  Password Guidelines  Internet usage  E-mail usage  Security incidents  Responsibilities http://www.ifour-consultancy.com Software outsourcing company in India
ISO 27001  ISO/IEC 27001 is an information security management system (ISMS) standard published by ISO & IEC  It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within an organisation  It is designed to ensure the selection of adequate and proportionate security controls to protect information assets http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India
A brief history of ISO27k 1990’s • Information Security Management Code of Practice produced by a UK government-sponsored working group • Based on the security policy used by Shell • Became British Standard BS7799 2000’s • Adopted by ISO/IEC • Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) • ISO/IEC 27001 published & certification scheme started Now • Expanding into a suite of information security standards (known as “ISO27k”) • Updated and reissued every few years http://www.ifour-consultancy.com Software outsourcing company in India
ISO 27001 • Concerns the management of information security, not just IT/technical security • Formally specifies a management system • Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve alignment of security with risks • Covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes • Thousands of organizations worldwide have been certified compliant http://www.ifour-consultancy.com Software outsourcing company in India
Plan-Do-Check-Act http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES  Information security policy - management direction  Organization of information security - management framework for implementation  Asset management – assessment, classification and protection of valuable information assets  HR security – security for joiners, movers and leavers  Physical & environmental security - prevents unauthorised access, theft, compromise, damage to information and computing facilities, power cuts http://www.ifour-consultancy.com Software outsourcing company in India
CONTROL CLAUSES • Communications & operations management - ensures the correct and secure operation of IT • Access control – restrict unauthorized access to information assets • Information systems acquisition, development & maintenance – build security into systems • Information security incident management – deal sensibly with security incidents that arise • Business continuity management – maintain essential business processes and restore any that fail • Compliance - avoid breaching laws, regulations, policies and other security obligations http://www.ifour-consultancy.com Software outsourcing company in India
IMPLEMENTATION PROCESS CYCLE ASSET IDENTIFICATION & CLASSIFICATION http://www.ifour-consultancy.com Software outsourcing company in India
Benefits  Demonstrable commitment to security by the organization  Legal and regulatory compliance  Better risk management  Commercial credibility, confidence, and assurance  Reduced costs  Clear employee direction and improved awareness http://www.ifour-consultancy.com Software outsourcing company in India
Information security vision • Vision The organization is acknowledged as an industry leader for information security. • Mission To design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporating generally-accepted good security practices http://www.ifour-consultancy.com Software outsourcing company in India
Who is responsible? • Information Security Management Committee • Information Security Manager/CISO and Department • Incident Response Team • Business Continuity Team • IT, Legal/Compliance, HR, Risk and other departments • Audit Committee • Last but not least, you Information security is everyone’s responsibility http://www.ifour-consultancy.com Software outsourcing company in India
Corporate Information Security Policy Policy is signed by the CEO and mandated by top management Find it on the intranet http://www.ifour-consultancy.com Software outsourcing company in India
Physical security http://www.ifour-consultancy.com Software outsourcing company in India
Password Guidelines http://www.ifour-consultancy.com Software outsourcing company in India
Internet usage http://www.ifour-consultancy.com Software outsourcing company in India
E-mail usage  Use corporate email for business purposes only  Follow the email storage guidelines  If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk  Do not use your corporate email address for personal email  Do not circulate chain letters, hoaxes, inappropriate jokes, videos etc.  Do not send emails outside the organization unless you are authorized to do so  Be very wary of email attachments and links, especially in unsolicited emails (most are virus-infected) http://www.ifour-consultancy.com Software outsourcing company in India
Security incidents  Report information security incidents, concerns and near-misses to IT Help/Service Desk:  Email …  Telephone …  Anonymous drop-boxes …  Take their advice on what to do  Do not discuss security incidents with anyone outside the organization  Do not attempt to interfere with, obstruct or prevent anyone else from reporting incidents
Responsibilities  Ensure your PC is getting antivirus updates and patches  Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day  Store valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key  Take regular information back ups  Fulfill your security obligations:  Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts  Comply with corporate policies and procedures  Stay up to date on information security:  Visit the intranet Security Zone when you have a moment http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India

Recommended

ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 

Recommended

ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 

More Related Content

What's hot

ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 

What's hot (20)

ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 

Similar to ISO 27001 - Information security user awareness training presentation - part 3

Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingProtect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingR Systems International
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSonny Hashmi
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSonny Hashmi
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company OverviewKevin Orth
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overviewstevemarsden
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxAnoosha Factocert
 
6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...Anoosha Factocert
 

Similar to ISO 27001 - Information security user awareness training presentation - part 3 (20)

Information security
Information securityInformation security
Information security
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Role management
Role managementRole management
Role management
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingProtect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore Outsourcing
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Securing your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEsSecuring your digital world - Cybersecurity for SBEs
Securing your digital world - Cybersecurity for SBEs
 
Securing your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb esSecuring your digital world cybersecurity for sb es
Securing your digital world cybersecurity for sb es
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
ISO 27001 Information Security Management.pdf
ISO 27001 Information Security Management.pdfISO 27001 Information Security Management.pdf
ISO 27001 Information Security Management.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
ITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet ENITrust Cybersecurity Services - Datasheet EN
ITrust Cybersecurity Services - Datasheet EN
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
FRSecure Company Overview
FRSecure Company OverviewFRSecure Company Overview
FRSecure Company Overview
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
 
6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...6 things you probably didn't know about iso 27001 certification in the nether...
6 things you probably didn't know about iso 27001 certification in the nether...
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

ISO 27001 - Information security user awareness training presentation - part 3

  • 1. iFour Consultancy Security awareness seminar An introduction to ISO27k Part 3
  • 2. Agenda  ISO 27001  A brief history of ISO27k  Plan-Do-Check-Act  CONTROL CLAUSES  IMPLEMENTATION PROCESS CYCLE  Benefits  Information security vision  Who is responsible?  Corporate Information Security Policy  Physical security  Password Guidelines  Internet usage  E-mail usage  Security incidents  Responsibilities http://www.ifour-consultancy.com Software outsourcing company in India
  • 3. ISO 27001  ISO/IEC 27001 is an information security management system (ISMS) standard published by ISO & IEC  It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within an organisation  It is designed to ensure the selection of adequate and proportionate security controls to protect information assets http://www.ifour-consultancy.com Software outsourcing company in India
  • 5. A brief history of ISO27k 1990’s • Information Security Management Code of Practice produced by a UK government-sponsored working group • Based on the security policy used by Shell • Became British Standard BS7799 2000’s • Adopted by ISO/IEC • Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) • ISO/IEC 27001 published & certification scheme started Now • Expanding into a suite of information security standards (known as “ISO27k”) • Updated and reissued every few years http://www.ifour-consultancy.com Software outsourcing company in India
  • 6. ISO 27001 • Concerns the management of information security, not just IT/technical security • Formally specifies a management system • Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve alignment of security with risks • Covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes • Thousands of organizations worldwide have been certified compliant http://www.ifour-consultancy.com Software outsourcing company in India
  • 8. CONTROL CLAUSES http://www.ifour-consultancy.com Software outsourcing company in India
  • 9. CONTROL CLAUSES  Information security policy - management direction  Organization of information security - management framework for implementation  Asset management – assessment, classification and protection of valuable information assets  HR security – security for joiners, movers and leavers  Physical & environmental security - prevents unauthorised access, theft, compromise, damage to information and computing facilities, power cuts http://www.ifour-consultancy.com Software outsourcing company in India
  • 10. CONTROL CLAUSES • Communications & operations management - ensures the correct and secure operation of IT • Access control – restrict unauthorized access to information assets • Information systems acquisition, development & maintenance – build security into systems • Information security incident management – deal sensibly with security incidents that arise • Business continuity management – maintain essential business processes and restore any that fail • Compliance - avoid breaching laws, regulations, policies and other security obligations http://www.ifour-consultancy.com Software outsourcing company in India
  • 11. IMPLEMENTATION PROCESS CYCLE ASSET IDENTIFICATION & CLASSIFICATION http://www.ifour-consultancy.com Software outsourcing company in India
  • 12. Benefits  Demonstrable commitment to security by the organization  Legal and regulatory compliance  Better risk management  Commercial credibility, confidence, and assurance  Reduced costs  Clear employee direction and improved awareness http://www.ifour-consultancy.com Software outsourcing company in India
  • 13. Information security vision • Vision The organization is acknowledged as an industry leader for information security. • Mission To design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporating generally-accepted good security practices http://www.ifour-consultancy.com Software outsourcing company in India
  • 14. Who is responsible? • Information Security Management Committee • Information Security Manager/CISO and Department • Incident Response Team • Business Continuity Team • IT, Legal/Compliance, HR, Risk and other departments • Audit Committee • Last but not least, you Information security is everyone’s responsibility http://www.ifour-consultancy.com Software outsourcing company in India
  • 15. Corporate Information Security Policy Policy is signed by the CEO and mandated by top management Find it on the intranet http://www.ifour-consultancy.com Software outsourcing company in India
  • 16. Physical security http://www.ifour-consultancy.com Software outsourcing company in India
  • 17. Password Guidelines http://www.ifour-consultancy.com Software outsourcing company in India
  • 18. Internet usage http://www.ifour-consultancy.com Software outsourcing company in India
  • 19. E-mail usage  Use corporate email for business purposes only  Follow the email storage guidelines  If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk  Do not use your corporate email address for personal email  Do not circulate chain letters, hoaxes, inappropriate jokes, videos etc.  Do not send emails outside the organization unless you are authorized to do so  Be very wary of email attachments and links, especially in unsolicited emails (most are virus-infected) http://www.ifour-consultancy.com Software outsourcing company in India
  • 20. Security incidents  Report information security incidents, concerns and near-misses to IT Help/Service Desk:  Email …  Telephone …  Anonymous drop-boxes …  Take their advice on what to do  Do not discuss security incidents with anyone outside the organization  Do not attempt to interfere with, obstruct or prevent anyone else from reporting incidents
  • 21. Responsibilities  Ensure your PC is getting antivirus updates and patches  Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day  Store valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key  Take regular information back ups  Fulfill your security obligations:  Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts  Comply with corporate policies and procedures  Stay up to date on information security:  Visit the intranet Security Zone when you have a moment http://www.ifour-consultancy.com Software outsourcing company in India

Editor's Notes

  1. Software outsourcing company in India
  2. Software outsourcing company in India
  3. Software outsourcing company in India
  4. Software outsourcing company in India
  5. Software outsourcing company in India
  6. Software outsourcing company in India
  7. Software outsourcing company in India
  8. Software outsourcing company in India
  9. Software outsourcing company in India
  10. Software outsourcing company in India
  11. Software outsourcing company in India
  12. Software outsourcing company in India
  13. Software outsourcing company in India
  14. Software outsourcing company in India
  15. Software outsourcing company in India
  16. Software outsourcing company in India
  17. Software outsourcing company in India
  18. Software outsourcing company in India
  19. Software outsourcing company in India
  20. Software outsourcing company in India
  21. Software outsourcing company in India
  22. Software outsourcing company in India