Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security based on International Standard ISO 27001

Published by승은 주 Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security based on International Standard ISO 27001"— Presentation transcript:

1 Information Security based on International Standard ISO 27001
September 17, 2018 Information Security based on International Standard ISO 27001 Tony Chebli, CISSP Credit Libanais Head of Information Security

2 September 17, 2018 Our Mission “INFORMATION is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably PROTECTED” “…...Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected”

3 Information Security Objectives

4 The Pain

5 Vulnerabilities! Lack of appreciation of threats
Arrogance: It won’t happen to us Staff / Contractors / Employees and Internet access Physical Security Outsourcing Remote working Rush to market Growth in networking and distributed computing Low awareness of security issues Poor Controls

6 Shareholder Relations Legal and Regulatory action
Business Risks! Fraud Disclosure Denial of Service Damage to Reputation Loss of Customers Shareholder Relations Legal and Regulatory action = Financial Loss

7 Cost of none Compliance!
Regulatory fines Loss of information Unauthorized disclosure of intellectual property Loss of customers Loss of business Damage to Image

8 When it happens! Who is responsible for appropriately protecting information? Who will be held accountable if information is inappropriately protected and disclosed? What would be the impact on the Banks/Organizations?

9 The Medicine

10 What is ISO 27002? ISO is the only internationally accepted standard for information security management ISO is about safeguarding your business information ISO is a Code of Practice for Information Security Management and may be regarded as a starting point for developing organization specific guidance. 114 controls +

11 What is ISO 27001? ISO is a process to develop and implement an information security management system (ISMS) ISO is the only auditing specification for information security management systems

12 What is ISO 27001? It does not insist that organizations should have firewalls or even computers. It does not say that organizations’ systems are the same It does not dictate anything. ‘precautions are required to prevent and detect the introduction of malicious software’ ‘It is essential that organizations identifies their own security requirements’

13 Information Security Management System (ISMS)
What is ISO 27001? is a management tool…! To manage problems with an: Information Security Management System (ISMS)

14 What is ISMS? The ISO27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. The International Standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in the Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

15 The roadmap

16 Benefits

17 Benefits Confidence Competitive Edge Enforced regulations
Gain new customers Focused staff responsibilities Survival IMAGE Profitability $

18 Benefits Provides excellent checklist of available controls
Forms a sound basis for Information Security Policy Tangible demonstration of appropriate practices To business clients To end-user clients To auditors To Regulators

19 Benefits Safeguard information assets appropriately
Controls driven by risk No under protection No over protection

20 Demand for Certification
Financial Services, Banking Telecommunications IT sector- outsourcing E-commerce Networking Public Service Authorities Police Force

21 References: ISO Pictures from the Internet

Download ppt "Information Security based on International Standard ISO 27001"

Similar presentations

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001 Presented to the ICGFM Annual Conference.

“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.
Security Controls – What Works

Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO 17799 / BS7799.

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.
Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Similar presentations

Ads by Google