SlideShare a Scribd company logo

Why ISO 27001 for an Organisation

Download as PPTX, PDF
Syed Azher
Syed Azher

Why ISO 27001 for an Organisation | Systematic approach to managing confidential or sensitive corporate information so that it remains secure.

Technology
1 of 19
Speaker: Syed Azher Location: Regus Gulf Bahrain Date: 29 November 2015
 Attack on Individuals: Ransonware  Worm enters systems through downloaded file  Payload encrypts user’s hard drive and deletes the original files – user cannot decipher his/her own files  Pay USD 1000 in bitcoin to get your files !  Attack on Services : Target Store in 2013  40 million: number of credit and debit cards thieves stolen  70 million: The number of records stolen that include names and addresses  46 % drop in profits in 4 quarter  53.7 million: The income that hackers likely to generate from the sales of 2 million cards  Attack on Infrastructure – The Stuxnet Cyber physical Attack  A 500kbyte worm that infected the software of at least 14 industrials sites in Iran including a nuclear facility  Goal was to cause fast-spinning centrifuges to tear themselves apart  Stuxnet was tracked down by Kaspersky lab bit not before it did some damage 
 Over 13 years of strong technical and analytical experience along with driving business innovation, leveraging information security, applications, networking, operations, and risk management  Head of Information Technology at Ibdar Bank and Board Member of Bahrain Information Technology Society  Past – Head of Network and Support/ Consultant – Transworld Computers  Academic Background ◦ Cybersecurity -Cybersecurity: Technology, Application and Policy - MIT Professional Education- Massachusetts Institute of Technology, USA ◦ Master of Business Administration, Chifley Business School at Torrens University, Australia ◦ Post Graduate Certificate in Business Administration and Technology, University of Wales, United Kingdom ◦ Master of Business Administration – Information Technology, All India Institute of Business Management ◦ Bachelor of Science in Computer Science, Bharitya Shikha Parishad University, India  Certifications ◦ Prince2 Certified Practitioner (Prince2) ◦ Infrastructure Library Certified Expert (ITIL Expert) ◦ Certified Information Security Professional (CISSP) ◦ Certified in Governance of Enterprise IT (CGEIT) ◦ Certified Information Security Manager (CISM) ◦ Certified Project Management Professional (PMP) ◦ ISO 27001 Information Security Management Lead Auditor/ Implementation ◦ Others – MCSE, CCNA, CCNP, Linux+, CEH  Publications ◦ 20+ Publication on Information Security, Project Management and Software Development
 A short 20-30 minutes educational and informative talk on:  What is information Security ?  What is an Information Security management system (ISMS) ?  What is ISO 27001 ?  The drivers for ISO 27001  Why should organisation care about ISO 27001  Accreditation Certification  The Central role of risk assessment in ISO 27001  ISMS Domains  Question and Answer
“ Preservation of confidentiality, Integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” ISO/IEC 27001:2013
Information security Management System (ISMS): Systematic approach to managing confidential or sensitive corporate information so that it remains secure.
 An ISMS standard that replaced BS 77799-2:2002 in late 2005  The world’s only cyber security standard  Formally specifies an ISMS that is intended to bring information security under explicit management control  Best practice specification that helps businesses and organisations throughout the world develop a best-in-class ISMS  Adopt the Plan-Do-Check-Act (PDCA) model
RISK ASSESS
 Plan (establish the ISMS) ◦ Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives.  Do (implement and operate the ISMS) ◦ Implement and operate the ISMS policy, controls, processes and procedures.  Check (monitor and review the ISMS) ◦ Assess and, where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to management for review.  Act (maintain and improve the ISMS) ◦ Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS.
 Clients need confidence in their supply chain  Breaches of Personal Data can bring fines up to GBP 500K by information commissioner  Data Handling Review 2013 – Better information security in Government and down the food chain  Improved reputational protection  Balance expenditure to the information security risk
Reason 1- Compliance ISO 27001 can bring in the methodology that enables organisations to comply in the most efficient way. Certification is often the quickest “return on investment”- if an organisation must comply to various regulations regarding data protection, privacy and IT governance ( Particularly if it is a financial, health or government organisation)
Reason 2- Marketing edge In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could indeed a unique selling point, especially if you handle clients’ sensitive information.
Reason 3-Lowering the expenses Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expense caused by incidents. You probably do have interruption in service or occasional data leakage, or disgruntled employees. Or disgruntled former employees.
Reason 4-Putting business in order ISO 27001 is particular good in sorting out those thorny management issue- it forces you to define very precisely both the responsibilities and duties , and therefore strengthen you internal organisation.
 Provides evidence of Information Security Management System Assurance  Verified by independent auditor  In Bahrain is Bureau VERITAS Certification Schemes: World wide recognition  National certification body – Member of international Accreditation Forum
ISO 27001:2013 conformance requires implementation and documentation of an Information Security Management System (ISMS) implementing controls selected in accordance with 4.2.1.g
 Structure ISMS gives: ◦ Best Practices ◦ Marketing Opportunities ◦ Compliance to Cooperate Governance requirement ◦ Appropriate action to comply with law ◦ Systematic approach to risks ◦ Credibility with staff, customers and partner organisations ◦ Informed decisions on security investments
Thank You

Recommended

___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen
Manuel Sanchez Lopez
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
Flevy.com Best Practices
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
PECB
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1
Maganathin Veeraragaloo
 

Recommended

___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen___2360_SP_RBR_4pp_FINAL---Screen
___2360_SP_RBR_4pp_FINAL---Screen
Manuel Sanchez Lopez
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
Flevy.com Best Practices
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
PECB
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1
Maganathin Veeraragaloo
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
IGN MANTRA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
Tripwire
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
himalya sharma
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Open Access Systems Corporation
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Directorate of Information Security | Ditjen Aptika
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
festival ICT 2016
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
himalya sharma
 
Term assignment
Term assignmentTerm assignment
Term assignment
Jenny Shimbashi
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
Certification Europe
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
Iskcon Ahmedabad
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 

More Related Content

What's hot

Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
Avinash Ramineni
 

What's hot (20)

ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance5 Challenges to Continuous PCI DSS Compliance
5 Challenges to Continuous PCI DSS Compliance
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATIONPCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
PCI DSS | PCI DSS Training | PCI DSS IMPLEMENTATION
 
Term assignment
Term assignmentTerm assignment
Term assignment
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 

Viewers also liked

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 

Viewers also liked (20)

What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Das IT Sicherheitsgesetz heiß am brodeln
Das IT Sicherheitsgesetz heiß am brodelnDas IT Sicherheitsgesetz heiß am brodeln
Das IT Sicherheitsgesetz heiß am brodeln
 
Incident response
Incident responseIncident response
Incident response
 
Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!Der IT-Sicherheitskatalog ist da!
Der IT-Sicherheitskatalog ist da!
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
 
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
 
Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014
 
CISO Case Study 2011 V2
CISO Case Study 2011 V2CISO Case Study 2011 V2
CISO Case Study 2011 V2
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 

Similar to Why ISO 27001 for an Organisation

NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guide
NA Putra
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
360 BSI
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Richard Lawson
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
R_Yanus
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
subramanian K
 

Similar to Why ISO 27001 for an Organisation (20)

IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
 
NQA - Information security best practice guide
NQA - Information security best practice guideNQA - Information security best practice guide
NQA - Information security best practice guide
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance Partner
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Skillmine CISO as service
Skillmine CISO as serviceSkillmine CISO as service
Skillmine CISO as service
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Information security
Information securityInformation security
Information security
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 

Why ISO 27001 for an Organisation

  • 1. Speaker: Syed Azher Location: Regus Gulf Bahrain Date: 29 November 2015
  • 2.  Attack on Individuals: Ransonware  Worm enters systems through downloaded file  Payload encrypts user’s hard drive and deletes the original files – user cannot decipher his/her own files  Pay USD 1000 in bitcoin to get your files !  Attack on Services : Target Store in 2013  40 million: number of credit and debit cards thieves stolen  70 million: The number of records stolen that include names and addresses  46 % drop in profits in 4 quarter  53.7 million: The income that hackers likely to generate from the sales of 2 million cards  Attack on Infrastructure – The Stuxnet Cyber physical Attack  A 500kbyte worm that infected the software of at least 14 industrials sites in Iran including a nuclear facility  Goal was to cause fast-spinning centrifuges to tear themselves apart  Stuxnet was tracked down by Kaspersky lab bit not before it did some damage 
  • 3.  Over 13 years of strong technical and analytical experience along with driving business innovation, leveraging information security, applications, networking, operations, and risk management  Head of Information Technology at Ibdar Bank and Board Member of Bahrain Information Technology Society  Past – Head of Network and Support/ Consultant – Transworld Computers  Academic Background ◦ Cybersecurity -Cybersecurity: Technology, Application and Policy - MIT Professional Education- Massachusetts Institute of Technology, USA ◦ Master of Business Administration, Chifley Business School at Torrens University, Australia ◦ Post Graduate Certificate in Business Administration and Technology, University of Wales, United Kingdom ◦ Master of Business Administration – Information Technology, All India Institute of Business Management ◦ Bachelor of Science in Computer Science, Bharitya Shikha Parishad University, India  Certifications ◦ Prince2 Certified Practitioner (Prince2) ◦ Infrastructure Library Certified Expert (ITIL Expert) ◦ Certified Information Security Professional (CISSP) ◦ Certified in Governance of Enterprise IT (CGEIT) ◦ Certified Information Security Manager (CISM) ◦ Certified Project Management Professional (PMP) ◦ ISO 27001 Information Security Management Lead Auditor/ Implementation ◦ Others – MCSE, CCNA, CCNP, Linux+, CEH  Publications ◦ 20+ Publication on Information Security, Project Management and Software Development
  • 4.  A short 20-30 minutes educational and informative talk on:  What is information Security ?  What is an Information Security management system (ISMS) ?  What is ISO 27001 ?  The drivers for ISO 27001  Why should organisation care about ISO 27001  Accreditation Certification  The Central role of risk assessment in ISO 27001  ISMS Domains  Question and Answer
  • 5. “ Preservation of confidentiality, Integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.” ISO/IEC 27001:2013
  • 6. Information security Management System (ISMS): Systematic approach to managing confidential or sensitive corporate information so that it remains secure.
  • 7.  An ISMS standard that replaced BS 77799-2:2002 in late 2005  The world’s only cyber security standard  Formally specifies an ISMS that is intended to bring information security under explicit management control  Best practice specification that helps businesses and organisations throughout the world develop a best-in-class ISMS  Adopt the Plan-Do-Check-Act (PDCA) model
  • 9.  Plan (establish the ISMS) ◦ Establish ISMS policy, objectives, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives.  Do (implement and operate the ISMS) ◦ Implement and operate the ISMS policy, controls, processes and procedures.  Check (monitor and review the ISMS) ◦ Assess and, where applicable, measure process performance against ISMS policy, objectives and practical experience and report the results to management for review.  Act (maintain and improve the ISMS) ◦ Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS.
  • 10.  Clients need confidence in their supply chain  Breaches of Personal Data can bring fines up to GBP 500K by information commissioner  Data Handling Review 2013 – Better information security in Government and down the food chain  Improved reputational protection  Balance expenditure to the information security risk
  • 11. Reason 1- Compliance ISO 27001 can bring in the methodology that enables organisations to comply in the most efficient way. Certification is often the quickest “return on investment”- if an organisation must comply to various regulations regarding data protection, privacy and IT governance ( Particularly if it is a financial, health or government organisation)
  • 12. Reason 2- Marketing edge In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could indeed a unique selling point, especially if you handle clients’ sensitive information.
  • 13. Reason 3-Lowering the expenses Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expense caused by incidents. You probably do have interruption in service or occasional data leakage, or disgruntled employees. Or disgruntled former employees.
  • 14. Reason 4-Putting business in order ISO 27001 is particular good in sorting out those thorny management issue- it forces you to define very precisely both the responsibilities and duties , and therefore strengthen you internal organisation.
  • 15.  Provides evidence of Information Security Management System Assurance  Verified by independent auditor  In Bahrain is Bureau VERITAS Certification Schemes: World wide recognition  National certification body – Member of international Accreditation Forum
  • 16. ISO 27001:2013 conformance requires implementation and documentation of an Information Security Management System (ISMS) implementing controls selected in accordance with 4.2.1.g
  • 17.  Structure ISMS gives: ◦ Best Practices ◦ Marketing Opportunities ◦ Compliance to Cooperate Governance requirement ◦ Appropriate action to comply with law ◦ Systematic approach to risks ◦ Credibility with staff, customers and partner organisations ◦ Informed decisions on security investments
  • 18.