ISO 27001:2013 Awareness by Operational Excellence Consulting

Views:
 
     
 

Presentation Description

ISO 27001:2013 is an international standard designed and formulated to help create a robust information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. This briefing material is designed for organizations who are embarking on ISO 27001:2013 implementation and needs to create awareness of information security among its employees. This presentation is fully editable and can be adapted to suit your organizational context and briefing needs. LEARNING OBJECTIVES 1. Provide background knowledge on information security 2. Gain an overview of ISO 27001:2013 standard 3. Gather useful tips on handling information security matters CONTENTS: 1. What is Information? 2. What is Information Security? 3. Overview of IS0 27001:2013 Standard 4. ISO 27001:2013 Implementation Checklist 5. Your Security Responsibilities Appendix: ISO 27001:2013 Requirements Outline To download this presentation, visit: http://www.oeconsulting.com.sg

Comments

By: MarisolHackett (1 week(s) ago)

Its awesome

Presentation Transcript

ISO 27001:2013 Awareness:

ISO 27001:2013 Awareness © Operational Excellence Consulting. All rights reserved.

Objectives:

Objectives Provide background knowledge on information security Gain an overview of ISO 27001 standard Gather useful tips on handling information security matters Copyrights of all the pictures used in this presentation are held by their respective owners. NOTE: This is a PARTIAL PREVIEW . To download the complete presentation, please visit: http:// www.oeconsulting.com.sg

Contents:

Contents What is Information? What is Information Security? Overview of IS0 27001 Standard ISO 27001 Implementation Checklist Your Security Responsibilities Appendix – ISO 27001 Requirements Outline

What is Information?:

What is Information? Information is data that has been processed for a final user. Information is the outcome of the processed data. Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected.

Why is Information an Asset?:

Why is Information an Asset? Because information is recognized as valuable to the organization and has a certain value. Information is also a commodity and as such, has monetary value, the level of which depends on its accuracy and potential use. Information helps in present and future decision making based on past trends, market research and analysis, keeping an eye on competitors and comply to regulators’ requirements, etc.

Information Exists in Many Forms:

Information Exists in Many F orms Printed documents W ritten on paper Stored electronically Transmitted by post or electronic means Visual, e.g. videos, diagrams, charts Published on the web, e.g. blogs, social media Verbal/auditory, e.g. conversations, phone calls

What is Information Security?:

What is Information Security? Information security is what keeps valuable information ‘free of danger’ (protected, safe from harm). It is not something you buy, it is something you do. It’s a process, not a product.

Why is Information Security Important?:

Why is Information Security Important? Protects information against various threats Ensures business continuity Minimizes financial losses and other impacts Optimizes return on investments Creates opportunities to do business safely Maintains privacy and compliance

Components of Information Security:

Components of Information Security Confidentiality Availability Integrity Safeguarding the accuracy and completeness of information and processing methods Making information accessible only to those authorized to use it Ensuring that information is available when required

Slide10:

So how do we secure our information assets?

History of ISO 27001:

History of ISO 27001

What is ISO 27001?:

What is ISO 27001? ISO 27001 is an international standard designed and formulated to help create a robust information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. A comprehensive set of controls that comprise best practices in information security. It can help small, medium and large businesses in any sector keep information assets secure.

ISO 27001 is a global standard on Information Security Management Systems (ISMS) :

ISO 27001 is a global standard on Information Security Management Systems (ISMS)  PLAN ACT CHECK DO ISMS Information Security Policies Organization of Information Security Human Resource Security Asset Management Asset Control Cryptographic Physical & Environmental Security Operations Security Communications Security System Acquisition, Development & Maintenance Supplier Relationship Information Security Incident Management Information Security Aspects of Business Continuity Compliance 14 Control Areas 34 Control Objectives 114 Control Points

ISO 27001 Defines 14 Control Areas:

ISO 27001 Defines 14 Control Areas Annex A No. Control Area No. of Controls A5 Information Security Policies 2 A6 Organization of Information Security 7 A7 Human Resources Security 6 A8 Asset Management 10 A9 Asset Control 14 A10 Cryptographic 2 A11 Physical & Environmental Security 15 A12 Operations Security 14 A13 Communications Security 7 A14 System Acquisition, Development & Maintenance 13 A15 Supplier Relationship 5 A16 Information Security Incident Management 7 A17 Information Security Aspects of Business Continuity 4 A18 Compliance 8 Total Number of Controls 144

Purpose of ISO 27001:

Purpose of ISO 27001 Preservation of: Confidentiality Integrity Availability Confidentiality Availability Integrity

Benefits of Adopting ISO 27001 Standard:

Benefits of Adopting ISO 27001 Standard Demonstrable commitment to security by the organization Legal and regulatory compliance Manages and minimizes risk exposure Commercial credibility, confidence, and assurance Enhanced customer satisfaction Protects the organization’s assets, shareholders and customers

PDCA Approach:

PDCA Approach

ISO 27001 Mandatory Requirements:

ISO 27001 Mandatory Requirements Five mandatory requirements of the standard: Information Security Management System (ISMS) Management Responsibility Internal ISMS Audits Management Review of the ISMS ISMS Improvement

ISO 27001 Documentation Structure:

ISO 27001 Documentation Structure Security Manual Policy, organization, risk assessment, statement of applicability Procedures Describes processes – who, what, when, where Work Instructions Describes how tasks and specific activities are done Records Provides objective evidence of compliance to ISMS requirements Level 4 Level 1 Level 2 Level 3

ISO 27001 Certification Process:

ISO 27001 Certification Process

Who is Responsible?:

Who is Responsible?

Who is Responsible?:

Who is Responsible? Information Security Management Committee Information Security Manager/CIO and Department Incident Response Team Business Continuity Team IT, Legal/Compliance, HR, Risk and other departments Audit Committee Last but not least, you!

Physical Security:

Physical Security Allow unauthorized visitors o nto the premises Bring weapons, hazardous/combustible materials, recording devices etc., especially in secure areas Use personal IT devices for work purposes, unless explicitly authorized by management

Password Guidelines:

Password Guidelines Use long, complicated passphrases - whole sentences if you can Reserve your strongest passphrases for high security systems (don’t re-use the same passphrase everywhere) Use famous quotes, lines from your favorite songs, poems etc. to make them memorable

Internet Usage:

Internet Usage Avoid websites that would be classified as obscene, racist, offensive or illegal – anything that would be embarrassing Do not access online auction or shopping sites, except where authorized by your manager Don’t hack! Do not download or upload commercial software or other copyrighted material without the correct license and permission from your manager Warning: Internet usage is routinely logged and monitored. Be careful which websites you visit and what you disclose.

Email Usage:

Email Usage Use corporate email for business purposes only Follow the email storage guidelines If you receive spam email, simply delete it. If it is offensive or you receive a lot, call the IT Help/Service Desk

Other Information Security Matters:

Other Information Security Matters Ensure your PC is getting antivirus updates and patches Lock your keyboard (Windows-L) before leaving your PC unattended, and log-off at the end of the day Store laptops and valuable information (paperwork as well as DVDs, USB sticks etc.) securely under lock and key Keep your wits about you while traveling: Keep your voice down on the cellphone Be discreet about your IT equipment

Other Information Security Matters:

Other Information Security Matters Take regular information back ups Fulfill your security obligations: Comply with security and privacy laws, copyright and licenses, NDA (Non Disclosure Agreements) and contracts Comply with corporate policies and procedures Stay up to date on information security

Information Security Is Everybody’s Job!:

Information Security Is Everybody’s Job!

Slide30:

Copyrights of all the pictures used in this presentation are held by their respective owners.

About Operational Excellence Consulting:

About Operational Excellence Consulting

About Operational Excellence Consulting:

About Operational Excellence Consulting Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. The firm’s mission is to create business value for organizations through innovative operational excellence management training and consulting solutions. OEC takes a unique “beyond the tools” approach to enable clients develop internal capabilities and cultural transformation to achieve sustainable world-class excellence and competitive advantage. For more information, please visit www.oeconsulting.com.sg

To download this presentation, please visit us at: www.oeconsulting.com.sg:

To download this presentation, please visit us at : www.oeconsulting.com.sg END OF PARTIAL PREVIEW

authorStream Live Help