Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISO/IEC 27000 BRIEFING..

Published byMarcela Vlčková Modified over 5 years ago

Similar presentations

Presentation on theme: "ISO/IEC 27000 BRIEFING.."— Presentation transcript:

1 ISO/IEC BRIEFING.

2 Objectives To enhance understanding information and information security. To enhance understanding of the different kind of information and information media. To enhance understanding information life cycle in relation to ISMS.

3 Isms is a part of overall management system not technical.
What is ISMS ? I:-Information S:-Security M:-Management S:-System Isms is a part of overall management system not technical.

4 What is information Information is an ASSET existing in many forms and has a great value to an organization thus calls for proper protection.

5 Types of information Internal information;-Is a type of information in an organization which MUST be protected at any cost. Confidential information;-This is an information in an organization exempted from disclosure to an authorized persons. Shared/Public:-This is a type of information which can be made available to the public and other .

6 Examples of information
Names ,addresses, phone numbers, personal information. Password. Designs, Patents(rights)technical research. Credit cards, bank account numbers. Plans . Contract bids, competitive analysis, market research. Commercial details(strategies ,finances ,business performance. Intelligence. Security information(risk assessment, network diagrams, facilities plans).

7 Types of information media
Mail/ s. Papers (printed or handwritten) CD, Memory card sticks, DvDs, tapes, diskettes etc Data base Conversation (one on one /phone calls/chats) Websites/blogs/social networks/sites.

8 Information cycle Creation->Store->Distribute->Modify->Archive->Delete. Information MUST maintain C.I.A throughout the life cyle for it to remain protected/secured.

9 Information threat If information is not well protected it can suffer:
Unauthorized disclosure Loss Accidental disclosure Theft Lack of integrity Unavailability Unauthorized modification.

10 What is information security
This is the preservation of Confidentiality, Integrity and Availability of information. An information is said to be secured when it fully contain the C I A aspect in it.

11 C.I.A C-confidentiality;-It’s a property that entails an information is not made available or undisclosed to unauthorized persons but ONLY to authorized persons. I-Integrity;-It’s a property of protecting the accuracy and completeness of an information. A-Availability;-It’s a property of an information being readly accessible in usable form upon request/demand by an authorized person

12 Benefits of information security in an orgarnization
Good decision making. Competitive advantage. Order. Proper information relay. Control. Safety. Self esteem (personal level).

13 Any valuable thing to an organization.
Asset What is an asset? Any valuable thing to an organization.

14 Asset categories Organization image. Information. Physical.
Human resource (Human capital). Software.

15 Context of the organization

16 CONTEXT OF THE ORGANIZATION
Understanding the organization and its context. The internal, external issues and interested parties that affect and are affected by the organization.

17 Internal issues Organizational structure Strategic objectives Internal stake holders Contractual relationship Policies and governance Organizational culture

18 Social culture Legal Technological Political Ecological Competition
External issues Social culture Legal Technological Political Ecological Competition

19 Interested parties Stake holders. Consumer. Suppliers. Competitors.
Intermediaries. The organization shall determine interested parties that are relevant to the information security management system and the requirements of these interested parties relevant to the information security.

20 Defining the scope The organization shall determine the boundaries and applicability of the information security management system to establish its scope. When defining the scope we need to consider. The internal and external issues Needs and expectations of interested parties. Interfaces and dependencies between activities performed by the organization and those that are performed by other organizations. Note: The scope shall be available as a documented information which must clearly show the processes, boundary and assets .

21 The scope (Example) To provide quality tertiary education through teaching and research at main and town campuses in Eldoret. It also includes consultancy and common outreach services . Asset of the university are human capital ,land infrastructure state of the art equipment and use of enterprise resources, planning to support the delivery of is mandate.

22 Leadership commitment
Top management shall demonstrate leadership and commitment with respect to ISMS by ; Ensuring resources needed for ISMS are available. Communicating the importance of ISMS and of conforming to the ISMS requirements. Ensuring that the ISMS achieves it intended outcome(s) Ensuring the integration of ISMS requirements in the organization’s processes. Directing and supporting persons to contribute to the effectiveness of the ISMS. Promoting continual improvement. Ensuring information security policy and the information security objectives are established and are compatible with the strategic direction of the organization. Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

23 Information Security policy
Is a high level statement of organization’s beliefs, goals and objectives and the general means for their attainment.

24 Characteristics of an informationsecurity policy
It has to be;- Directive Brief Catches readers eye Be an A4 size

25 Policy The policy’s goal is to protect UoE organization’s information assets against all internal external deliberate and accidental threats. The VC shall approve the information security policy. The security policy ensures that:- In formation will be protected against unauthorized access . Confidentiality of information is assured. Integrity of information will be maintained. Awareness of information will be provided to all personnel on a regular basis. Legislative and regulatory requirements will be met. The policy will be reviewed by responsible team yearly and incase of any changes. All heads of units are directly responsible for implementing the policy at their respective levels and for the adherence of their staff. VC’ SIGNATURE

Download ppt "ISO/IEC 27000 BRIEFING.."

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
Environmental Management System (EMS)

Environmental Management System (EMS)
UNRESTRICTED Infrastructure Assessment as Viewed by Technology Holders IAEA Technical Meeting December 10-12, 2008 R. Godden.

UNRESTRICTED Infrastructure Assessment as Viewed by Technology Holders IAEA Technical Meeting December 10-12, 2008 R. Godden.
Draft BY QI organization June 2014

Draft BY QI organization June 2014
The ISO 9002 Quality Assurance Management System

The ISO 9002 Quality Assurance Management System
ISO General Awareness Training

ISO General Awareness Training
Information Systems Security Officer

Information Systems Security Officer
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
4. Quality Management System (QMS)

4. Quality Management System (QMS)
4. Quality Management System (QMS)

4. Quality Management System (QMS)
Peer Information Security Policies: A Sampling Summer 2015.

Peer Information Security Policies: A Sampling Summer 2015.
Information Asset Classification

Information Asset Classification
WHAT IS ISO 9000.

WHAT IS ISO 9000.
IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.

IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.

Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.
COBIT Information Security An Introduction Tanvir Orakzai,PhD

COBIT Information Security An Introduction Tanvir Orakzai,PhD
ISO 14001:2004, Environmental Management System

ISO 14001:2004, Environmental Management System

Similar presentations

Ads by Google