SlideShare una empresa de Scribd logo

ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.

IGN MANTRA
IGN MANTRA

This document provides an introduction to information security and ISO 27001. It discusses key concepts like what information security is, the importance of protecting information assets, common information security threats, and ISO 27001 which defines an Information Security Management System. The document is intended to raise awareness of information security and an individual's security responsibilities within an organization.

Tecnología
1 de 41
Descargar para leer sin conexión
Awareness An introduction to ISO 27001 ISMS Information Security Management System I n f o r m a t i o n s e c u r i t y IGN Mantra, ACAD-CSIRT ISO 27001 Trainer & Lead AUditor
§ What is information? § What is information security? § What is risk? § Introduction to the ISO standards § Managing information security § Your security responsibilities A g e n d a 2
Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected I N F O R M A T I O N 3 ISO/IEC 27002:2013
I n f o r m a t i o n t y p e s Information exists in many forms: § Printed or written on paper § Stored electronically § Transmitted by post or electronic means § Visual e.g. videos, diagrams § Published on the Web § Verbal/aural e.g. conversations, phone calls § Intangible e.g. knowledge, experience, expertise, ideas ‘Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’ (ISO/IEC 27002:2013) 4
I n f o l i f e c y c l e Information can be … § Created § Owned (it is an asset) § Stored § Processed § Transmitted/communicated § Used (for proper or improper purposes) § Modified or corrupted § Shared or disclosed (whether appropriately or not) § Destroyed or lost § Stolen § Controlled, secured and protected throughout its existence 5
K e y t e r m What is information security? § Information security is what keeps valuable information ‘free of danger’ (protected, safe from harm) § It is not something you buy, it is something you do o It’s a process not a product § It is achieved using a combination of suitable strategies and approaches: o Determining the risks to information and treating them accordingly (proactive risk management) o Protecting CIA (Confidentiality, Integrity and Availability) o Avoiding, preventing, detecting and recovering from incidents o Securing people, processes and technology … not just IT! 6
S e c u r i t y e l e m e n t s PEOPLE PROCESSES TECHNOLOGY Staff & management Business activities IT, phones, pens … 7
P e o p l e People People who use or have an interest in our information security include: • Shareholders / owners • Management & staff • Customers / clients, suppliers & business partners • Service providers, contractors, consultants & advisors • Authorities, regulators & judges Our biggest threats arise from people (social engineers, unethical competitors, hackers, fraudsters, careless workers, bugs, flaws …), yet our biggest asset is our people (e.g. security-aware employees who spot trouble early) 8
Processes Processes are work practices or workflows, the steps or activities needed to accomplish business objectives. • Processes are described in procedures. • Virtually all business processes involve and/or depend on information making information a critical business asset. Information security policies and procedures define how we secure information appropriately and repeatedly. P r o c e s s e s 9
Technology Information technologies • Cabling, data/voice networks and equipment • Telecommunications services (PABX, VoIP, ISDN, videoconferencing) • Phones, cellphones, PDAs • Computer servers, desktops and associated data storage devices (disks, tapes) • Operating system and application software • Paperwork, files • Pens, ink Security technologies • Locks, barriers, card-access systems, CCTV T e c h n o l o g y 10
• Protects information against various threats • Ensures business continuity • Minimizes financial losses and other impacts • Optimizes return on investments • Creates opportunities to do business safely • Maintains privacy and compliance V a l u e We all depend on information security 11 Information security is valuable because it …
Information security is defined as the preservation of: Confidentiality Making information accessible only to those authorized to use it Integrity Safeguarding the accuracy and completeness of information and processing methods Availability Ensuring that information is available when required C I A 12
• IT downtime, business interruption • Financial losses and costs • Devaluation of intellectual property • Breaking laws and regulations, leading to prosecutions, fines and penalties • Reputation and brand damage leading to loss of customer, market, business partner or owners’ confidence and lost business • Fear, uncertainty and doubt Security incidents cause … 13 I m p a c t s
K e y t e r m What is risk? Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization Threat: something that might cause harm Vulnerability: a weakness that might be exploited Impact: financial damage etc. 14
R e l a t i o n s h i p s Risk relationships Threats Vulnerabilities exploit Risk ValueSecurity requirements Information assets Controls reduce 15 to
T h r e a t a g e n t Threat agent The actor that represents, carries out or catalyzes the threat • Human • Machine • Nature 16
Motive Something that causes the threat agent to act • Implies intentional/deliberate attacks but some are accidental M o t i v e 17
Threat type Example Human error Typo, wrong attachment/email address, lost laptop or phone Intellectual property Piracy, industrial espionage Deliberate act Unauthorized access/trespass, data theft, extortion, blackmail, sabotage, vandalism, terrorist/activist/criminal activity Fraud Identity theft, expenses fraud System/network attack Viruses, worms, Trojans, hacks Service issue Power cuts, network outages Force of nature Fire, flood, storm, earthquake, lightning, tsunami, volcanic eruption Hardware issue Computer power supply failure, lack of capacity Software issue Bugs or design flaws, data corruption Obsolescence iPhone 6 ? 18 T h r e a t t y p e s
So how do we secure our information assets? 19
1990’s • Information Security Management Code of Practice produced by a UK government-sponsored working group • Based on the security policy used by Shell • Became British Standard BS7799 2000’s • Adopted by ISO/IEC • Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) • ISO/IEC 27001 published & certification scheme started Now • Expanding into a suite of information security standards (known as “ISO27k”) • Updated and reissued every few years I S O 2 7 k A brief history of ISO27k 20
• Concerns the management of information security, not just IT/technical security • Formally specifies a management system • Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve alignment of security with risks • Covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes • Thousands of organizations worldwide have been certified compliant ISO 27001 I S O 2 7 0 0 1 21
Interested parties Information security requirements & expectations PLAN Establish ISMS CHECK Monitor & review ISMS ACT Maintain & improve Management responsibility ISMS PROCESS Plan-Do-Check-Act Interested parties Managed information security DO Implement & operate the ISMS P D C A 22
Information Security Policy Organisation of Information Security Asset Management Human Resource Security Physical Security Communication & Operations Management Access Control System Development & Maintenance Incident Management Business Continuity Planning Compliance Availability C O N T R O L C L A U S E S 23
• Information security policy - management direction • Organization of information security - management framework for implementation • Asset management – assessment, classification and protection of valuable information assets • HR security – security for joiners, movers and leavers • Physical & environmental security - prevents unauthorised access, theft, compromise, damage to information and computing facilities, power cuts C O N T R O L C L A U S E S 24
• Communications & operations management - ensures the correct and secure operation of IT • Access control – restrict unauthorized access to information assets • Information systems acquisition, development & maintenance – build security into systems • Information security incident management – deal sensibly with security incidents that arise • Business continuity management – maintain essential business processes and restore any that fail • Compliance - avoid breaching laws, regulations, policies and other security obligations C O N T R O L C L A U S E S 25
PLAN Establish ISMS CHECK Monitor & Review ISMS ACT Maintain & Improve DO Implement & Operate the ISMS IS POLICY SECURITY ORGANISATION ASSET IDENTIFICATION & CLASSIFICATION CONTROL SELECTION & IMPLEMENTATION OPERATIONALIZ E THE PROCESES MANAGEMENT REVIEW CORRECTIVE & PREVENTIVE ACTIONS CHECK PROCESSES I M P L E M E N T A T I O N P R O C E S S C Y C L E 26
B e n e f i t s • Demonstrable commitment to security by the organization • Legal and regulatory compliance • Better risk management • Commercial credibility, confidence, and assurance • Reduced costs • Clear employee direction and improved awareness 27
S c o p e ISMS scope • Data center & DR site • All information assets throughout the organization 28
Key ISMS documentsK e y d o c u m e n t s • High level corporate security policy • Supporting policies e.g. physical & environmental, email, HR, incident management, compliance etc. • Standards e.g. Windows Security Standard • Procedures and guidelines • Records e.g. security logs, security review reports, corrective actions 29
Information security visionV I S I O N & M I S S I O N Vision The organization is acknowledged as an industry leader for information security. Mission To design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporating generally-accepted good security practices 30
Who is responsible? W h o • Information Security Management Committee • Information Security Manager/CISO and Department • Incident Response Team • Business Continuity Team • IT, Legal/Compliance, HR, Risk and other departments • Audit Committee • Last but not least, you! Bottom line: 31 Information security is everyone’s responsibility
P o l i c y Corporate Information Security Policy Policy is signed by the CEO and mandated by top management Find it on the intranet 32
I N F O A S S E T C L A S S I F I C A T I O N CONFIDENTIAL: If this information is leaked outside the organization, it will result in major financial and/or image loss. Compromise of this information may result in serious non-compliance (e.g. a privacy breach). Access to this information must be restricted based on the concept of need-to-know. Disclosure requires the information owner’s approval. In case information needs to be disclosed to third parties, a signed confidentiality agreement is required. Examples: customer contracts, pricing rates, trade secrets, personal information, new product development plans, budgets, financial reports (prior to publication), passwords, encryption keys. INTERNAL USE ONLY: Leakage or disclosure of this information outside the organization is unlikely to cause serious harm but may result in some financial loss and/or embarrassment. Examples: circulars, policies, training materials, general company emails, security policies and procedures, corporate intranet. PUBLIC: This information can be freely disclosed to anyone although publication must usually be explicitly approved by Corporate Communications or Marketing. Examples: marketing brochures, press releases, website. 33 Information Asset Classification
Confidentiality Confidentiality level Explanation High Information which is very sensitive or private, of great value to the organization and intended for specific individuals only. The unauthorized disclosure of such information can cause severe harm such as legal or financial liabilities, competitive disadvantage, loss of brand value e.g. merger and acquisition related information, marketing strategy Medium Information belonging to the company and not for disclosure to public or external parties. The unauthorized disclosure of this information may harm to the organization somewhat e.g. organization charts, internal contact lists. Low Non-sensitive information available for public disclosure. The impact of unauthorized disclosure of such information shall not harm Organisation anyway. E.g. Press releases, Company’s News letters e.g. Information published on company’s website Confidentiality of information concerns the protection of sensitive (and often highly valuable) information from unauthorized or inappropriate disclosure. C l a s s i f i c a t i o n 10/30 34Mohan Kamat
U S E R R E S P O N S I B I L I T I E S Physical security • Read and follow security policies and procedures • Display identity cards while on the premises • Challenge or report anyone without an ID card • Visit the intranet Security Zone or call IT Help/Service Desk for advice on most information security matters • Allow unauthorized visitors onto the premises • Bring weapons, hazardous/combustible materials, recording devices etc., especially in secure areas • Use personal IT devices for work purposes, unless explicitly authorized by management 35 Do not Do
U S E R R E S P O N S I B I L I T I E S Password Guidelines Ø Use long, complicated passphrases - whole sentences if you can Ø Reserve your strongest passphrases for high security systems (don’t re-use the same passphrase everywhere) Ø Use famous quotes, lines from your favorite songs, poems etc. to make them memorable Ø Use short or easily-guessed passwords Ø Write down passwords or store them in plain text Ø Share passwords over phone or email 36
U S E R R E S P O N S I B I L I T I E S Warning: Internet usage is routinely logged and monitored. Be careful which websites you visit and what you disclose. Ø Avoid websites that would be classed as obscene, racist, offensive or illegal – anything that would be embarrassing Ø Do not access online auction or shopping sites, except where authorized by your manager Ø Don’t hack! Ø Do not download or upload commercial software or other copyrighted material without the correct license and permission from your manager Ø Use the corporate Internet facilities only for legitimate and authorized business purposes Internet usage 37
U S E R R E S P O N S I B I L I T I E S E-mail usage Ø Do not use your corporate email address for personal email Ø Do not circulate chain letters, hoaxes, inappropriate jokes, videos etc. Ø Do not send emails outside the organization unless you are authorized to do so Ø Be very wary of email attachments and links, especially in unsolicited emails (most are virus-infected) 38 Ø Use corporate email for business purposes only Ø Follow the email storage guidelines Ø If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk
U S E R R E S P O N S I B I L I T I E S Security incidents 39 Ø Report information security incidents, concerns and near-misses to IT Help/Service Desk: Ø Email … Ø Telephone … Ø Anonymous drop-boxes … Ø Take their advice on what to do Ø Do not discuss security incidents with anyone outside the organization Ø Do not attempt to interfere with, obstruct or prevent anyone else from reporting incidents
R e s p o n s i b i l i t i e s ü Ensure your PC is getting antivirus updates and patches ü Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day ü Store laptops and valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key ü Keep your wits about you while traveling: § Keep your voice down on the cellphone § Be discreet about your IT equipment ü Take regular information back ups ü Fulfill your security obligations: § Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts § Comply with corporate policies and procedures ü Stay up to date on information security: § Visit the intranet Security Zone when you have a moment 40
41

Recomendados

ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 

Recomendados

ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smkiSarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxNapoleon NV
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxharigopala
 

Más contenido relacionado

La actualidad más candente

information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityTharindunuwan9
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 

La actualidad más candente (20)

information security management
information security managementinformation security management
information security management
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
ISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber SecurityISO/IEC 27032 – Guidelines For Cyber Security
ISO/IEC 27032 – Guidelines For Cyber Security
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 

Similar a ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.

ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxNapoleon NV
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxharigopala
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Bonagiri Rajitha
 
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...RIYAJAIN179446
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdfNdheh
 
Intro to Information Security.ppt
Intro to Information Security.pptIntro to Information Security.ppt
Intro to Information Security.pptAnuraagAwasthi3
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015T. J. Saotome
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 

Similar a ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session. (20)

ISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptxISO27k Awareness presentation v2.pptx
ISO27k Awareness presentation v2.pptx
 
ISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptxISO27k Awareness presentation.pptx
ISO27k Awareness presentation.pptx
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Information security
Information securityInformation security
Information security
 
ke-1.pptx
ke-1.pptxke-1.pptx
ke-1.pptx
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)
 
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
iSchoolConnect_Information Security User Awareness Training_16th Nov 2021.ppt...
 
Unit 1&2.pdf
Unit 1&2.pdfUnit 1&2.pdf
Unit 1&2.pdf
 
Intro to Information Security.ppt
Intro to Information Security.pptIntro to Information Security.ppt
Intro to Information Security.ppt
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 

Más de IGN MANTRA

Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020IGN MANTRA
 
Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020IGN MANTRA
 
Ign mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ictIgn mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ictIGN MANTRA
 
2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantra2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantraIGN MANTRA
 
2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasila2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasilaIGN MANTRA
 
2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantra2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantraIGN MANTRA
 
2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantra2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantraIGN MANTRA
 
2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampooz2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampoozIGN MANTRA
 
2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantra2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantraIGN MANTRA
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 IGN MANTRA
 
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019IGN MANTRA
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...IGN MANTRA
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 finalIGN MANTRA
 
2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssn2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssnIGN MANTRA
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
SEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UPSEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UPIGN MANTRA
 
10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik Sumedang10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik SumedangIGN MANTRA
 
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...IGN MANTRA
 

Más de IGN MANTRA (20)

Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
Karir dan Kompetensi Keamanan Siber RTIK Bali 28 Agustus 2020
 
Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020Acad csirt cyber security rtik bali 22 july 2020
Acad csirt cyber security rtik bali 22 july 2020
 
Ign mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ictIgn mantra ppt menulis artikel dan buku ict
Ign mantra ppt menulis artikel dan buku ict
 
2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantra2020 07-16 aspek security n hukum cctv-ign mantra
2020 07-16 aspek security n hukum cctv-ign mantra
 
2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasila2020 07-16 data security lokal-internet it up pancasila
2020 07-16 data security lokal-internet it up pancasila
 
2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantra2020 07-02 cyber crime n data security-ign mantra
2020 07-02 cyber crime n data security-ign mantra
 
2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantra2020 06-30 cyber security kbk kkni aptikom-ign mantra
2020 06-30 cyber security kbk kkni aptikom-ign mantra
 
2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampooz2020 06-20 data security lokal-internet ngampooz
2020 06-20 data security lokal-internet ngampooz
 
2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantra2020 06-22 cyber security career competence-iaii-ign mantra
2020 06-22 cyber security career competence-iaii-ign mantra
 
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0 Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
Webminar Keamanan Data dan Informasi Pendidikan di Industri 4.0 dan Society 5.0
 
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
Seminar Honeynet ACAD-CSIRT BSSN Cyber Security Tel-U Bandung Nov 2019
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
2019 09-10 seminar cyber security acad csirt honeynet universitas indonesia s...
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
2019 03-25 acad-csirt career in security to polinela lampung 25 maret2019 final
 
2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssn2018 11-12 acad-csirt updated cyber security pemda bssn
2018 11-12 acad-csirt updated cyber security pemda bssn
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
SEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UPSEMINAR Computer & Cyber Security Career in the World, IT UP
SEMINAR Computer & Cyber Security Career in the World, IT UP
 
10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik Sumedang10 Tips Career in Cyber Security to Stmik Sumedang
10 Tips Career in Cyber Security to Stmik Sumedang
 
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
Seminar Karir di Computer dan Cyber Security + 10 Tips Meraihnya di STMIK BAN...
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.

  • 1. Awareness An introduction to ISO 27001 ISMS Information Security Management System I n f o r m a t i o n s e c u r i t y IGN Mantra, ACAD-CSIRT ISO 27001 Trainer & Lead AUditor
  • 2. § What is information? § What is information security? § What is risk? § Introduction to the ISO standards § Managing information security § Your security responsibilities A g e n d a 2
  • 3. Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected I N F O R M A T I O N 3 ISO/IEC 27002:2013
  • 4. I n f o r m a t i o n t y p e s Information exists in many forms: § Printed or written on paper § Stored electronically § Transmitted by post or electronic means § Visual e.g. videos, diagrams § Published on the Web § Verbal/aural e.g. conversations, phone calls § Intangible e.g. knowledge, experience, expertise, ideas ‘Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected’ (ISO/IEC 27002:2013) 4
  • 5. I n f o l i f e c y c l e Information can be … § Created § Owned (it is an asset) § Stored § Processed § Transmitted/communicated § Used (for proper or improper purposes) § Modified or corrupted § Shared or disclosed (whether appropriately or not) § Destroyed or lost § Stolen § Controlled, secured and protected throughout its existence 5
  • 6. K e y t e r m What is information security? § Information security is what keeps valuable information ‘free of danger’ (protected, safe from harm) § It is not something you buy, it is something you do o It’s a process not a product § It is achieved using a combination of suitable strategies and approaches: o Determining the risks to information and treating them accordingly (proactive risk management) o Protecting CIA (Confidentiality, Integrity and Availability) o Avoiding, preventing, detecting and recovering from incidents o Securing people, processes and technology … not just IT! 6
  • 8. P e o p l e People People who use or have an interest in our information security include: • Shareholders / owners • Management & staff • Customers / clients, suppliers & business partners • Service providers, contractors, consultants & advisors • Authorities, regulators & judges Our biggest threats arise from people (social engineers, unethical competitors, hackers, fraudsters, careless workers, bugs, flaws …), yet our biggest asset is our people (e.g. security-aware employees who spot trouble early) 8
  • 9. Processes Processes are work practices or workflows, the steps or activities needed to accomplish business objectives. • Processes are described in procedures. • Virtually all business processes involve and/or depend on information making information a critical business asset. Information security policies and procedures define how we secure information appropriately and repeatedly. P r o c e s s e s 9
  • 10. Technology Information technologies • Cabling, data/voice networks and equipment • Telecommunications services (PABX, VoIP, ISDN, videoconferencing) • Phones, cellphones, PDAs • Computer servers, desktops and associated data storage devices (disks, tapes) • Operating system and application software • Paperwork, files • Pens, ink Security technologies • Locks, barriers, card-access systems, CCTV T e c h n o l o g y 10
  • 11. • Protects information against various threats • Ensures business continuity • Minimizes financial losses and other impacts • Optimizes return on investments • Creates opportunities to do business safely • Maintains privacy and compliance V a l u e We all depend on information security 11 Information security is valuable because it …
  • 12. Information security is defined as the preservation of: Confidentiality Making information accessible only to those authorized to use it Integrity Safeguarding the accuracy and completeness of information and processing methods Availability Ensuring that information is available when required C I A 12
  • 13. • IT downtime, business interruption • Financial losses and costs • Devaluation of intellectual property • Breaking laws and regulations, leading to prosecutions, fines and penalties • Reputation and brand damage leading to loss of customer, market, business partner or owners’ confidence and lost business • Fear, uncertainty and doubt Security incidents cause … 13 I m p a c t s
  • 14. K e y t e r m What is risk? Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization Threat: something that might cause harm Vulnerability: a weakness that might be exploited Impact: financial damage etc. 14
  • 16. T h r e a t a g e n t Threat agent The actor that represents, carries out or catalyzes the threat • Human • Machine • Nature 16
  • 17. Motive Something that causes the threat agent to act • Implies intentional/deliberate attacks but some are accidental M o t i v e 17
  • 18. Threat type Example Human error Typo, wrong attachment/email address, lost laptop or phone Intellectual property Piracy, industrial espionage Deliberate act Unauthorized access/trespass, data theft, extortion, blackmail, sabotage, vandalism, terrorist/activist/criminal activity Fraud Identity theft, expenses fraud System/network attack Viruses, worms, Trojans, hacks Service issue Power cuts, network outages Force of nature Fire, flood, storm, earthquake, lightning, tsunami, volcanic eruption Hardware issue Computer power supply failure, lack of capacity Software issue Bugs or design flaws, data corruption Obsolescence iPhone 6 ? 18 T h r e a t t y p e s
  • 19. So how do we secure our information assets? 19
  • 20. 1990’s • Information Security Management Code of Practice produced by a UK government-sponsored working group • Based on the security policy used by Shell • Became British Standard BS7799 2000’s • Adopted by ISO/IEC • Became ISO/IEC 17799 (later renumbered ISO/IEC 27002) • ISO/IEC 27001 published & certification scheme started Now • Expanding into a suite of information security standards (known as “ISO27k”) • Updated and reissued every few years I S O 2 7 k A brief history of ISO27k 20
  • 21. • Concerns the management of information security, not just IT/technical security • Formally specifies a management system • Uses Plan, Do, Check, Act (PDCA) to achieve, maintain and improve alignment of security with risks • Covers all types of organizations (e.g. commercial companies, government agencies, not-for-profit organizations) and all sizes • Thousands of organizations worldwide have been certified compliant ISO 27001 I S O 2 7 0 0 1 21
  • 23. Information Security Policy Organisation of Information Security Asset Management Human Resource Security Physical Security Communication & Operations Management Access Control System Development & Maintenance Incident Management Business Continuity Planning Compliance Availability C O N T R O L C L A U S E S 23
  • 24. • Information security policy - management direction • Organization of information security - management framework for implementation • Asset management – assessment, classification and protection of valuable information assets • HR security – security for joiners, movers and leavers • Physical & environmental security - prevents unauthorised access, theft, compromise, damage to information and computing facilities, power cuts C O N T R O L C L A U S E S 24
  • 25. • Communications & operations management - ensures the correct and secure operation of IT • Access control – restrict unauthorized access to information assets • Information systems acquisition, development & maintenance – build security into systems • Information security incident management – deal sensibly with security incidents that arise • Business continuity management – maintain essential business processes and restore any that fail • Compliance - avoid breaching laws, regulations, policies and other security obligations C O N T R O L C L A U S E S 25
  • 26. PLAN Establish ISMS CHECK Monitor & Review ISMS ACT Maintain & Improve DO Implement & Operate the ISMS IS POLICY SECURITY ORGANISATION ASSET IDENTIFICATION & CLASSIFICATION CONTROL SELECTION & IMPLEMENTATION OPERATIONALIZ E THE PROCESES MANAGEMENT REVIEW CORRECTIVE & PREVENTIVE ACTIONS CHECK PROCESSES I M P L E M E N T A T I O N P R O C E S S C Y C L E 26
  • 27. B e n e f i t s • Demonstrable commitment to security by the organization • Legal and regulatory compliance • Better risk management • Commercial credibility, confidence, and assurance • Reduced costs • Clear employee direction and improved awareness 27
  • 28. S c o p e ISMS scope • Data center & DR site • All information assets throughout the organization 28
  • 29. Key ISMS documentsK e y d o c u m e n t s • High level corporate security policy • Supporting policies e.g. physical & environmental, email, HR, incident management, compliance etc. • Standards e.g. Windows Security Standard • Procedures and guidelines • Records e.g. security logs, security review reports, corrective actions 29
  • 30. Information security visionV I S I O N & M I S S I O N Vision The organization is acknowledged as an industry leader for information security. Mission To design, implement, operate, manage and maintain an Information Security Management System that complies with international standards, incorporating generally-accepted good security practices 30
  • 31. Who is responsible? W h o • Information Security Management Committee • Information Security Manager/CISO and Department • Incident Response Team • Business Continuity Team • IT, Legal/Compliance, HR, Risk and other departments • Audit Committee • Last but not least, you! Bottom line: 31 Information security is everyone’s responsibility
  • 32. P o l i c y Corporate Information Security Policy Policy is signed by the CEO and mandated by top management Find it on the intranet 32
  • 33. I N F O A S S E T C L A S S I F I C A T I O N CONFIDENTIAL: If this information is leaked outside the organization, it will result in major financial and/or image loss. Compromise of this information may result in serious non-compliance (e.g. a privacy breach). Access to this information must be restricted based on the concept of need-to-know. Disclosure requires the information owner’s approval. In case information needs to be disclosed to third parties, a signed confidentiality agreement is required. Examples: customer contracts, pricing rates, trade secrets, personal information, new product development plans, budgets, financial reports (prior to publication), passwords, encryption keys. INTERNAL USE ONLY: Leakage or disclosure of this information outside the organization is unlikely to cause serious harm but may result in some financial loss and/or embarrassment. Examples: circulars, policies, training materials, general company emails, security policies and procedures, corporate intranet. PUBLIC: This information can be freely disclosed to anyone although publication must usually be explicitly approved by Corporate Communications or Marketing. Examples: marketing brochures, press releases, website. 33 Information Asset Classification
  • 34. Confidentiality Confidentiality level Explanation High Information which is very sensitive or private, of great value to the organization and intended for specific individuals only. The unauthorized disclosure of such information can cause severe harm such as legal or financial liabilities, competitive disadvantage, loss of brand value e.g. merger and acquisition related information, marketing strategy Medium Information belonging to the company and not for disclosure to public or external parties. The unauthorized disclosure of this information may harm to the organization somewhat e.g. organization charts, internal contact lists. Low Non-sensitive information available for public disclosure. The impact of unauthorized disclosure of such information shall not harm Organisation anyway. E.g. Press releases, Company’s News letters e.g. Information published on company’s website Confidentiality of information concerns the protection of sensitive (and often highly valuable) information from unauthorized or inappropriate disclosure. C l a s s i f i c a t i o n 10/30 34Mohan Kamat
  • 35. U S E R R E S P O N S I B I L I T I E S Physical security • Read and follow security policies and procedures • Display identity cards while on the premises • Challenge or report anyone without an ID card • Visit the intranet Security Zone or call IT Help/Service Desk for advice on most information security matters • Allow unauthorized visitors onto the premises • Bring weapons, hazardous/combustible materials, recording devices etc., especially in secure areas • Use personal IT devices for work purposes, unless explicitly authorized by management 35 Do not Do
  • 36. U S E R R E S P O N S I B I L I T I E S Password Guidelines Ø Use long, complicated passphrases - whole sentences if you can Ø Reserve your strongest passphrases for high security systems (don’t re-use the same passphrase everywhere) Ø Use famous quotes, lines from your favorite songs, poems etc. to make them memorable Ø Use short or easily-guessed passwords Ø Write down passwords or store them in plain text Ø Share passwords over phone or email 36
  • 37. U S E R R E S P O N S I B I L I T I E S Warning: Internet usage is routinely logged and monitored. Be careful which websites you visit and what you disclose. Ø Avoid websites that would be classed as obscene, racist, offensive or illegal – anything that would be embarrassing Ø Do not access online auction or shopping sites, except where authorized by your manager Ø Don’t hack! Ø Do not download or upload commercial software or other copyrighted material without the correct license and permission from your manager Ø Use the corporate Internet facilities only for legitimate and authorized business purposes Internet usage 37
  • 38. U S E R R E S P O N S I B I L I T I E S E-mail usage Ø Do not use your corporate email address for personal email Ø Do not circulate chain letters, hoaxes, inappropriate jokes, videos etc. Ø Do not send emails outside the organization unless you are authorized to do so Ø Be very wary of email attachments and links, especially in unsolicited emails (most are virus-infected) 38 Ø Use corporate email for business purposes only Ø Follow the email storage guidelines Ø If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk
  • 39. U S E R R E S P O N S I B I L I T I E S Security incidents 39 Ø Report information security incidents, concerns and near-misses to IT Help/Service Desk: Ø Email … Ø Telephone … Ø Anonymous drop-boxes … Ø Take their advice on what to do Ø Do not discuss security incidents with anyone outside the organization Ø Do not attempt to interfere with, obstruct or prevent anyone else from reporting incidents
  • 40. R e s p o n s i b i l i t i e s ü Ensure your PC is getting antivirus updates and patches ü Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day ü Store laptops and valuable information (paperwork as well as CDs, USB sticks etc.) securely under lock and key ü Keep your wits about you while traveling: § Keep your voice down on the cellphone § Be discreet about your IT equipment ü Take regular information back ups ü Fulfill your security obligations: § Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts § Comply with corporate policies and procedures ü Stay up to date on information security: § Visit the intranet Security Zone when you have a moment 40
  • 41. 41