Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Cointinmuit Framework

Published byAngela French Modified over 6 years ago

Similar presentations

Presentation on theme: "Business Cointinmuit Framework"— Presentation transcript:

1 Business Cointinmuit Framework
Framework and implementation guidelines Covers Business Continuity, Disaster Recovery and Crisis Management Based in international standards, not 1 standard is covering everything 54 control statements in 7 chapters Some overlapping controls (identified) with security frameworks and with privacy frameworks Available under CC-4.0-BY license

2 ISMS – Information Security Management System
Organization wide risk analysis Service risk analysis Organization- wide controls Baseline Service specific controls Explain deviations to baseline (comply or explain) Implement genericcontrols Organization-wide audit and benchmark Service audit Information security policy Implement specific controls Planning Service Annual Planning organization RISK ANALYSIS CONTROLS PLAN OPERATE EVALUATE PERFORMANCE

3 ISMS mapping ISO 27001 RISK ANALYSIS CONTROLS PLAN OPERATE
5. Leadership Information security policy 10. Improvement 4. Context of the organisation RISK ANALYSIS CONTROLS PLAN OPERATE EVALUATE PERFORMANCE generic controls 7. Support Organization wide risk analysis Annual planning organization Implement generic controls organization-wide audit and benchmark Baseline 8. Operation 9. Performance evaluation 5. Leadership Planning Service Implement specific controls Service audit 6. Planning Service risk analysis Service specific controls 10. Improvement Explain deviations to baseline to security officer (comply or explain) 10. Improvement

4 ISMS Products RISK ANALYSIS CONTROLS PLAN OPERATE EVALUATE PERFORMANCE
information security policy Governance SURFnet RISK ANALYSIS CONTROLS PLAN OPERATE EVALUATE PERFORMANCE Awareness, logserver, etc Risk analysis security officer and management team (Annual) planning SURFnet generic controls Controls strategic level Coable, benchmark, internal review, etc. Organization wide risk analysis Planning SURFnet Implement generic controls Organization wide audit and benchmark Wiki baseline Baseline Controls tactical level Risk analysis Service Planning Service Implement specific controls Service audit Service risk analysis Service specific controls (Annual) planning Service Controls operational level Pentest, audit, etc. Controls selected by Service Explain deviations to baseline to security officer (comply or explain) Risk logbook, comply or explain Governance Service

5 Baseline - ISO 27002 based: generic and specific Integration in management and development processes
risk management & security manageemnt General, policies Systems management and operations Assets Employees Employment The ISMS model is supported by a baseline with a grouping of relevant ISO controls in 12 theme’s. For each theme you can describe what (strategic) choices you have made, what is generic and what is service or department specific. The 12 theme’s are designed to be close to the daily working processes. Because the baseline is ISO based, as well as the management processes, the organization will be well prepared for a future certification process. Cryptography Suppliers Security incidents Systems and software development Continuity Access Management

Download ppt "Business Cointinmuit Framework"

Similar presentations

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.

Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
SIEP HSE Management System

SIEP HSE Management System
Security and Personnel

Security and Personnel
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
ISA 562 Summer 2008 1 Information Security Management CISSP Topic 1 ISA 562 Internet Security Theory and Practice.

ISA 562 Summer Information Security Management CISSP Topic 1 ISA 562 Internet Security Theory and Practice.
ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk 14.06.2005.

ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
ASPEC Internal Auditor Training Version 1.0 2013.

ASPEC Internal Auditor Training Version
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Information Security Training for Management Complying with the HIPAA Security Law.

Information Security Training for Management Complying with the HIPAA Security Law.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
PlatinumAgri Pty. Ltd. Consulting Services Overview.

PlatinumAgri Pty. Ltd. Consulting Services Overview.

Similar presentations

Ads by Google