SlideShare a Scribd company logo

27001 awareness Training

Dr Madhu Aman Sharma
Dr Madhu Aman Sharma

This document provides information about an ISO 27001 awareness training course held by K2A Training Academy. The one-day course aims to help participants understand how to safeguard organizational data and information from both external and internal threats. It covers topics such as information security background, risks and controls, and the ISO 27001 certification process. Breaks are scheduled during the day for tea and lunch. Attendees are not permitted to smoke or use their mobile devices during the sessions.

Education
1 of 28
K2A Training Academy Division of K2A Management www.iso-certifications.com | www.k2amanagement.com "Information technology— Security techniques — Information security management systems — Requirements". An Awareness Training ISO/IEC 27001:2013 ISMS
Copy Right-K2A Rules NO Smoking NO Use of Mobile Tea Break Lunch break
Copy Right-K2A Course Objectives On completion of the course, the participant will: • Understand the significance of safeguarding organisational data and information in the light of possible threats – external and internal • Learn about the objectives and scope of ISO 27001 Standard in respect of Information Security Management System (ISMS) Acquire greater awareness of the underlying risks and receive exposure to typical measures to mitigate the risks within one’s own organisation
Copy Right-K2A Key Topics • Information Security Background, • Information Assets • ISMS Benefits • Likelihoods of failures and attacks • Risks & Annex – A Controls • Cost effective and consistent reliability and security of the system • Certification Process
Copy Right-K2A What is Information Security ? The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional Organization must determine which assets can materially affect the delivery of product/service by their absence or degradation Information Security Management relates to all types of information, be it paper-based, electronic or other. It determines how information is processed, stored, transferred, archived and destroyed. A secure information is one which ensures Confidentiality, Integrity, and Availability. It is all about protecting information assets from potential security breaches.
Copy Right-K2A Information Assets Information assets of an organization can be: • Business data • E-mail data • Employee information • Research records • Price lists • Tender documents • Spoken in conversations over the telephone • Data stored on computers • Transmitted across networks • Printed out • Written on a paper, sent by fax • Stored on disks • Held on microfilm Asset is something that has “value to the organization”
Copy Right-K2A Core Values Confidentiality IntegrityAvailability • Is my communication private? • Ensuring that the data is read only by the intended person • Protection of data against unauthorized access or disclosure • Possible through access control and encryption • Has my communication been altered? • Protection of data against unauthorized modification or substitution • If integrity is compromised, no point in protecting data • A transparent envelope that is tamper evident • Are the systems responsible for delivering, storing and processing information accessible when needed? • Are the above systems accessible to only those who need them?
Copy Right-K2A Need of ISMS Management Concerns • Market reputation • Business continuity • Disaster recovery • Business loss • Loss of confidential data • Loss of customer confidence • Legal liability • Cost of security Security Measures/Controls • Technical • Procedural • Physical • Logical • Personnel • Management All these can be addressed effectively and efficiently only by establishing a proper Information Security Management System (ISMS)
Copy Right-K2A Activity
Copy Right-K2A History 1960s: Organizations start to protect their computers 1970s: The first hacker attacks begin 1980s: Governments become proactive in the fight against cybercrime 1990s: Organized crime gets involved in hacking 2000s: Cybercrime becomes treated like a crime 2010s: Information security becomes serious
Copy Right-K2A History of ISO/IEC 17021 Overview The origin of the ISO/IEC 27000 series of standards goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC) Founded in May 1987, the CCSC had two major tasks: • The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria • And an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a “Users Code of Practice” that was published in 1989. This was further developed by the National Computing Centre (NCC) BS 7799-2:2002 was officially launched on 5th September 2002.
Copy Right-K2A History of ISO/IEC 17021 Overview ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999. BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do- Check-Act cycle. BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians. The 2005 first edition was extensively revised and published in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA.
Copy Right-K2A ISO/IEC 17021 Overview ISO/IEC 27001:2013 is the best-known standard in the family providing requirements for an information security management system (ISMS). There are more than a dozen standards in the 27000 family ISO/IEC 27000:2018 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT SYSTEMS — OVERVIEW AND VOCABULARY ISO/IEC 27010:2015 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS
Copy Right-K2A Benefits Protecting your data and reputation Stay one step ahead Competitive advantage In this technology-driven world, it is critical to protect your organization's data and that of your customers. Implementing an information security management system (ISMS) and gaining ISO 27001 certification will ensure you have in place the processes and controls to protect your information assets and manage the threats posed to your organization from cyber attacks .
Copy Right-K2A Supporting Standards By using a risk management approach, ISO 27001 certification helps organizations manage their people, processes and systems and is the best- known standard in the ISO 27000 family of standards. ISO 27032 - Guidelines for cybersecurity ISO 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors ISO 27017 - Code of practice for information security controls for cloud services
Copy Right-K2A Break
Copy Right-K2A CLAUSE STARUCTURE ISO/IEC 17021:2013 MANDATORYPROCESS 4. Context of Org 5. Leadership 6. Planning 7. Support 8. Operation 9.Performance Evaluation 10. Improvement AnnexureA:Control Objectives 14 Domains 35 Control Objectives 114 Controls
Copy Right-K2A Risk Assessment Risk Approach Residual Risk Contractual Regulatory Business Risk assessments The definition of risk is the “effect of uncertainty on objectives”, which may be positive or negative. Baseline controls based on regulatory, business and contractual obligations may be identified and implemented before the risk assessment is conducted. The organization identifies risks to the organization's information the assessment does not have to be asset-based. The risk owner determines how to treat the risk, accepting residual risk. Controls are drawn from any source or control Set Selected controls are compared to those in Annex A. The Statement of Applicability records whether a control from Annex A is selected and why
Copy Right-K2A Activity
Copy Right-K2A 14 Domains The 14 control sets of Annex A
Copy Right-K2A Number of Domains and Controls The 114 control sets of Annex A Domains Control Obj. Controls A5. Information Security policies 1 2 A6. Organization of information security 2 7 A7. Human resources security 3 6 A8. Asset management 3 10 A.9 Access control 4 14 A.10 Cryptography 1 2 A.11 Physical and environmental security 2 15 A.12. Operations Security 7 14 A.13 Communications Security 2 7 A.14 Systems acquisition, development & Maint. 3 13 A.15 Supplier Relationship 2 5 A.16 Information security incident management 1 7 A.17 Information Security aspect of Business continuity management 2 4 A.18 Compliance 2 8 Total - 14 35 114
Copy Right-K2A Controls The 114 control sets of Annex A A.5 Information security policies (2 controls): how policies are written and reviewed. A.6 Organisation of information security (7 controls): the assignment of responsibilities for specific tasks. A.7 Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles. A.8 Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities. A.9 Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role. A.10 Cryptography (2 controls): the encryption and key management of sensitive information. A.11 Physical and environmental security (15 controls): securing the organisation’s premises and equipment. A.12 Operations security (14 controls): ensuring that information processing facilities are secure.
Copy Right-K2A Controls The 114 control sets of Annex A A.13 Communications security (7 controls): how to protect information in networks. A.14 System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems. A.15 Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept. A.16 Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities. A.17 Information security aspects of business continuity management (4 controls): how to address business disruptions. A.18 Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.
Copy Right-K2A Documentation Documentation Structure Policy Scope, Risk Assessment, Procedures Work Instruction Records Level-1 Level-2 Level-3 Level-4
Copy Right-K2A Process Approach PDCA Approach Plan Do Check Act
Copy Right-K2A Risk Management PDCA Approach Identify Risks Risk Treatment Risk Management • Identify all Stakeholders • Identify Business Process • Identify Operation Process • Identify Assets • Identify Risk on the basis of all Stakeholders • Identify Threats and Vulnerabilities • Evaluate Probability and Impact • Calculate Risk Value • Mitigate/Reduce risk • Avoid risk • Transfer risk • Accept risk • Mitigate the risk by appropriate controls • Evaluate controls periodically
Copy Right-K2A Questions
Copy Right-K2A Thank You

Recommended

Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 

Recommended

Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 

More Related Content

What's hot

2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 

What's hot (20)

2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 

Similar to 27001 awareness Training

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Know more about exin unique information security program
Know more about exin unique information security programKnow more about exin unique information security program
Know more about exin unique information security programElke Couto Morgado
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirementshumanus2
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfJhonGIg
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringControlCase
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 

Similar to 27001 awareness Training (20)

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Know more about exin unique information security program
Know more about exin unique information security programKnow more about exin unique information security program
Know more about exin unique information security program
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdf
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 

More from Dr Madhu Aman Sharma

Sales approach Effective Cold Calling
Sales approach Effective Cold CallingSales approach Effective Cold Calling
Sales approach Effective Cold CallingDr Madhu Aman Sharma
 
ISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness TrainingISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness TrainingDr Madhu Aman Sharma
 
Occupational health and safety implementation
Occupational health and safety implementationOccupational health and safety implementation
Occupational health and safety implementationDr Madhu Aman Sharma
 

More from Dr Madhu Aman Sharma (18)

CE Marking Presentation
CE Marking PresentationCE Marking Presentation
CE Marking Presentation
 
HACCP PRESENTATION
HACCP PRESENTATIONHACCP PRESENTATION
HACCP PRESENTATION
 
Sales approach Effective Cold Calling
Sales approach Effective Cold CallingSales approach Effective Cold Calling
Sales approach Effective Cold Calling
 
ISO 22000 Food Safety
ISO 22000 Food Safety ISO 22000 Food Safety
ISO 22000 Food Safety
 
ISO 45001 audit tool
ISO 45001 audit toolISO 45001 audit tool
ISO 45001 audit tool
 
Internal auditor 9001 day 1
Internal auditor 9001 day 1Internal auditor 9001 day 1
Internal auditor 9001 day 1
 
ISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness TrainingISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness Training
 
ISO 9001:2015 Awareness
ISO 9001:2015 Awareness ISO 9001:2015 Awareness
ISO 9001:2015 Awareness
 
Introducing iso 45001
Introducing iso 45001Introducing iso 45001
Introducing iso 45001
 
Lead Auditor 55001
Lead Auditor 55001Lead Auditor 55001
Lead Auditor 55001
 
Lead IMp 14001-2015
Lead IMp 14001-2015Lead IMp 14001-2015
Lead IMp 14001-2015
 
Madhu 13485 LA
Madhu 13485 LAMadhu 13485 LA
Madhu 13485 LA
 
Madhu Aman_LA OHSAS
Madhu Aman_LA OHSASMadhu Aman_LA OHSAS
Madhu Aman_LA OHSAS
 
ISO documentation 9001
ISO documentation 9001ISO documentation 9001
ISO documentation 9001
 
ISO 9001: 2015
ISO 9001: 2015 ISO 9001: 2015
ISO 9001: 2015
 
Occupational health and safety implementation
Occupational health and safety implementationOccupational health and safety implementation
Occupational health and safety implementation
 
Ems tool-implementation
Ems tool-implementationEms tool-implementation
Ems tool-implementation
 
ISO 9001:2015
ISO 9001:2015ISO 9001:2015
ISO 9001:2015
 

Recently uploaded

Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 

Recently uploaded (20)

Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 

27001 awareness Training

  • 1. K2A Training Academy Division of K2A Management www.iso-certifications.com | www.k2amanagement.com "Information technology— Security techniques — Information security management systems — Requirements". An Awareness Training ISO/IEC 27001:2013 ISMS
  • 2. Copy Right-K2A Rules NO Smoking NO Use of Mobile Tea Break Lunch break
  • 3. Copy Right-K2A Course Objectives On completion of the course, the participant will: • Understand the significance of safeguarding organisational data and information in the light of possible threats – external and internal • Learn about the objectives and scope of ISO 27001 Standard in respect of Information Security Management System (ISMS) Acquire greater awareness of the underlying risks and receive exposure to typical measures to mitigate the risks within one’s own organisation
  • 4. Copy Right-K2A Key Topics • Information Security Background, • Information Assets • ISMS Benefits • Likelihoods of failures and attacks • Risks & Annex – A Controls • Cost effective and consistent reliability and security of the system • Certification Process
  • 5. Copy Right-K2A What is Information Security ? The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional Organization must determine which assets can materially affect the delivery of product/service by their absence or degradation Information Security Management relates to all types of information, be it paper-based, electronic or other. It determines how information is processed, stored, transferred, archived and destroyed. A secure information is one which ensures Confidentiality, Integrity, and Availability. It is all about protecting information assets from potential security breaches.
  • 6. Copy Right-K2A Information Assets Information assets of an organization can be: • Business data • E-mail data • Employee information • Research records • Price lists • Tender documents • Spoken in conversations over the telephone • Data stored on computers • Transmitted across networks • Printed out • Written on a paper, sent by fax • Stored on disks • Held on microfilm Asset is something that has “value to the organization”
  • 7. Copy Right-K2A Core Values Confidentiality IntegrityAvailability • Is my communication private? • Ensuring that the data is read only by the intended person • Protection of data against unauthorized access or disclosure • Possible through access control and encryption • Has my communication been altered? • Protection of data against unauthorized modification or substitution • If integrity is compromised, no point in protecting data • A transparent envelope that is tamper evident • Are the systems responsible for delivering, storing and processing information accessible when needed? • Are the above systems accessible to only those who need them?
  • 8. Copy Right-K2A Need of ISMS Management Concerns • Market reputation • Business continuity • Disaster recovery • Business loss • Loss of confidential data • Loss of customer confidence • Legal liability • Cost of security Security Measures/Controls • Technical • Procedural • Physical • Logical • Personnel • Management All these can be addressed effectively and efficiently only by establishing a proper Information Security Management System (ISMS)
  • 10. Copy Right-K2A History 1960s: Organizations start to protect their computers 1970s: The first hacker attacks begin 1980s: Governments become proactive in the fight against cybercrime 1990s: Organized crime gets involved in hacking 2000s: Cybercrime becomes treated like a crime 2010s: Information security becomes serious
  • 11. Copy Right-K2A History of ISO/IEC 17021 Overview The origin of the ISO/IEC 27000 series of standards goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC) Founded in May 1987, the CCSC had two major tasks: • The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria • And an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a “Users Code of Practice” that was published in 1989. This was further developed by the National Computing Centre (NCC) BS 7799-2:2002 was officially launched on 5th September 2002.
  • 12. Copy Right-K2A History of ISO/IEC 17021 Overview ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999. BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do- Check-Act cycle. BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians. The 2005 first edition was extensively revised and published in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA.
  • 13. Copy Right-K2A ISO/IEC 17021 Overview ISO/IEC 27001:2013 is the best-known standard in the family providing requirements for an information security management system (ISMS). There are more than a dozen standards in the 27000 family ISO/IEC 27000:2018 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT SYSTEMS — OVERVIEW AND VOCABULARY ISO/IEC 27010:2015 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS
  • 14. Copy Right-K2A Benefits Protecting your data and reputation Stay one step ahead Competitive advantage In this technology-driven world, it is critical to protect your organization's data and that of your customers. Implementing an information security management system (ISMS) and gaining ISO 27001 certification will ensure you have in place the processes and controls to protect your information assets and manage the threats posed to your organization from cyber attacks .
  • 15. Copy Right-K2A Supporting Standards By using a risk management approach, ISO 27001 certification helps organizations manage their people, processes and systems and is the best- known standard in the ISO 27000 family of standards. ISO 27032 - Guidelines for cybersecurity ISO 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors ISO 27017 - Code of practice for information security controls for cloud services
  • 17. Copy Right-K2A CLAUSE STARUCTURE ISO/IEC 17021:2013 MANDATORYPROCESS 4. Context of Org 5. Leadership 6. Planning 7. Support 8. Operation 9.Performance Evaluation 10. Improvement AnnexureA:Control Objectives 14 Domains 35 Control Objectives 114 Controls
  • 18. Copy Right-K2A Risk Assessment Risk Approach Residual Risk Contractual Regulatory Business Risk assessments The definition of risk is the “effect of uncertainty on objectives”, which may be positive or negative. Baseline controls based on regulatory, business and contractual obligations may be identified and implemented before the risk assessment is conducted. The organization identifies risks to the organization's information the assessment does not have to be asset-based. The risk owner determines how to treat the risk, accepting residual risk. Controls are drawn from any source or control Set Selected controls are compared to those in Annex A. The Statement of Applicability records whether a control from Annex A is selected and why
  • 20. Copy Right-K2A 14 Domains The 14 control sets of Annex A
  • 21. Copy Right-K2A Number of Domains and Controls The 114 control sets of Annex A Domains Control Obj. Controls A5. Information Security policies 1 2 A6. Organization of information security 2 7 A7. Human resources security 3 6 A8. Asset management 3 10 A.9 Access control 4 14 A.10 Cryptography 1 2 A.11 Physical and environmental security 2 15 A.12. Operations Security 7 14 A.13 Communications Security 2 7 A.14 Systems acquisition, development & Maint. 3 13 A.15 Supplier Relationship 2 5 A.16 Information security incident management 1 7 A.17 Information Security aspect of Business continuity management 2 4 A.18 Compliance 2 8 Total - 14 35 114
  • 22. Copy Right-K2A Controls The 114 control sets of Annex A A.5 Information security policies (2 controls): how policies are written and reviewed. A.6 Organisation of information security (7 controls): the assignment of responsibilities for specific tasks. A.7 Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles. A.8 Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities. A.9 Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role. A.10 Cryptography (2 controls): the encryption and key management of sensitive information. A.11 Physical and environmental security (15 controls): securing the organisation’s premises and equipment. A.12 Operations security (14 controls): ensuring that information processing facilities are secure.
  • 23. Copy Right-K2A Controls The 114 control sets of Annex A A.13 Communications security (7 controls): how to protect information in networks. A.14 System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems. A.15 Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept. A.16 Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities. A.17 Information security aspects of business continuity management (4 controls): how to address business disruptions. A.18 Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.
  • 24. Copy Right-K2A Documentation Documentation Structure Policy Scope, Risk Assessment, Procedures Work Instruction Records Level-1 Level-2 Level-3 Level-4
  • 25. Copy Right-K2A Process Approach PDCA Approach Plan Do Check Act
  • 26. Copy Right-K2A Risk Management PDCA Approach Identify Risks Risk Treatment Risk Management • Identify all Stakeholders • Identify Business Process • Identify Operation Process • Identify Assets • Identify Risk on the basis of all Stakeholders • Identify Threats and Vulnerabilities • Evaluate Probability and Impact • Calculate Risk Value • Mitigate/Reduce risk • Avoid risk • Transfer risk • Accept risk • Mitigate the risk by appropriate controls • Evaluate controls periodically