Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO 17799 / BS7799.

Slides:



Advertisements
Similar presentations
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards
ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk
Information Systems Security Officer
23 January 2003© All rights Reserved, 2002 Understanding Facilitated Risk Analysis Process (FRAP) and Security Policies for Organizations Infocomm Security.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Computer Security: Principles and Practice
First Practice - Information Security Management System Implementation and ISO Certification.
The 10 Deadly Sins of Information Security Management
Risk Management Vs Risk avoidance William Gillette.
Session 3 – Information Security Policies
Chapter 4 Internal Controls McGraw-Hill/Irwin
ADDRESSING CORPORATE CONCERNS ON INFORMATION SECURITY MANAGEMENT INFORMATION SECURITY MANAGEMENT WITH ISO 17799/BS Ajai K. Srivastava G.M. Marketing.
Consultancy.
Gurpreet Dhillon Virginia Commonwealth University
Evolving IT Framework Standards (Compliance and IT)
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.
GRC - Governance, Risk MANAGEMENT, and Compliance
Everyone’s Been Hacked Now What?. OakRidge What happened?
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Challenges in Infosecurity Practices at IT Organizations
Presented by : Miss Vrindah Chaundee
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
United States Department of Agriculture Food Safety and Inspection Service February William C. Smith Assistant Administrator Office of Program.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Everyone’s Been Hacked Now What?. OakRidge What happened?
ENISA efforts for securing European Internet Infrastructure
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
QUALITY SYSTEMS ISO 9000 STANDARDS ISO 9000 ISO 9001 ISO 9002 ISO 9003.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.
Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.
DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Polish Critical Infrastructure Protection System.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
Information Security Management Goes Global
CS457 Introduction to Information Security Systems
IS YOUR ORGANISATION’S INFORMATION SECURE?
Information Security, Theory and Practice.
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Learn Your Information Security Management System
Information Technology Controls
Chapter 4 Internal Controls McGraw-Hill/Irwin
COMPANY POLICY 01.February.2016
Information Security based on International Standard ISO 27001
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
Cyber security Policy development and implementation
Awareness and Auditor training kit
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Presentation transcript:

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799

Adaptive Processes Simpler, Faster, Better 2 Just Imagine… What will happen if our current office can’t be used for few days because of fire? What will happen if our competitor hacks into our network and gets all sensitive information? Our communication link to our customer goes down for prolonged period? And many more…..

Adaptive Processes Simpler, Faster, Better 3 So The Implications Are… Information security is essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image It is extremely critical for us to identify, assess and take preventive / corrective measures for risks that our business faces It is legally required to protect information that customers provide us

Adaptive Processes Simpler, Faster, Better 4 Global Information Village

Adaptive Processes Simpler, Faster, Better 5 Information Criticality Digital Nervous System Strategic Thinking Business Reflexes Basic Operations Customer Interaction Information systems are nervous system of an information enterprise - Failure of nervous system indicates failure of the organization

Adaptive Processes Simpler, Faster, Better 6 Understanding Information Security Confidentiality –Ensuring that information is accessible only to those authorized to have access Integrity –Safeguarding the accuracy and completeness of information and processing methods Availability –Ensuring that authorized users have access to information and associated assets when required

Adaptive Processes Simpler, Faster, Better 7 Securing Information INFORMATION ATTACK

Adaptive Processes Simpler, Faster, Better 8 Introducing ISO Provides recommendations for information security management for use by those who are responsible for initiating, implementing or maintaining security in their organization Provides a common basis for developing organizational security standards and effective security management practice and to provide confidence in inter-organizational dealings

Adaptive Processes Simpler, Faster, Better 9 ISO What it is: An internationally recognized structured methodology dedicated to information security A defined process to evaluate, implement, maintain, and manage information security What it is: An internationally recognized structured methodology dedicated to information security A defined process to evaluate, implement, maintain, and manage information security What it is not: A technical standard Product or technology driven An equipment evaluation methodology such as the Common Criteria/ISO 15408) What it is not: A technical standard Product or technology driven An equipment evaluation methodology such as the Common Criteria/ISO 15408)

Adaptive Processes Simpler, Faster, Better 10 ISO What it is: A comprehensive set of controls comprised of best practices in information security Developed by industry for industry What it is: A comprehensive set of controls comprised of best practices in information security Developed by industry for industry What it is not: Related to the "Generally Accepted System Security Principles," or GASSP Related to the five-part "Guidelines for the Management of IT Security," or GMITS/ISO TR What it is not: Related to the "Generally Accepted System Security Principles," or GASSP Related to the five-part "Guidelines for the Management of IT Security," or GMITS/ISO TR 13335

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.