logging in or signing up ISO 27001 February Training martin.dion Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 2046 Category: Science & Tech.. License: All Rights Reserved Like it (1) Dislike it (0) Added: April 05, 2010 This Presentation is Public Favorites: 0 Presentation Description Second training of 2010 available on martindion.blogspot.com. This mini training is an important one since it put in perspective information security on the Rogers curve of innovation adoption. It also provides you a great overview of the ISO 27001 wheel of Roles and Responsibilities which distinguished what should between IT and Information Security when it comes to protecting the information system and building a security management system. Comments Posting comment... By: rampa4u (16 month(s) ago) good Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript ISO 27001 Mini-TrainingInformation Security Roles & Responsibilities : ISO 27001 Mini-TrainingInformation Security Roles & Responsibilities Training #2 - February 2010 http://martindion.blogspot.com Your Host : Your Host April 5, 2010 2 Copyright Martin Dion 2010 Martin Dion (CISSP/CISM) ISO:27 001/20 000 Lead Auditor & Trainer Chief Technology Officer at Above Security Located in Switzerland 15 years of information security experience Built « certified » information security management systems Management consultant specialized in compliance for international companies, private and offshore banks, lotteries and governments. Introduction : Introduction April 5, 2010 Copyright Martin Dion 2010 3 This second training focus on clarifying roles and responsibilities between the Information System Department and the Information Security Responsible Purpose of those training: Understand the three pillar of information security management (not CIA ) Drawing the line between IT and Security Clarify who is doing what with regards to the “12” ISO control objectives Topics for today : Topics for today April 5, 2010 4 Copyright Martin Dion 2010 The three pillars Information System Management vs. Information Security Management The ISO R&R Wheel Conclusion Why do we have to talk about this again? : Why do we have to talk about this again? April 5, 2010 Copyright Martin Dion 2010 5 New Product Adoption Curves According to Everett Rogers (1962) Army/Banking Era 70’s - 95 Internet/eComm Era 95-2002 Regulatory Era 2002-Mid 2009 Mainstream / Day to day habit Era Mid 2009+ The three pillars : The three pillars April 5, 2010 Copyright Martin Dion 2010 6 Information Security Management Pillars: Strategy & Vision Operation & Maintenance Compliance & Response Strategy & Vision is about understanding the constraint and making the right decision to improve your information security posture over time Operation & Maintenance is everything you have to do a daily basis to maintain your security posture Compliance & Response is how you make sure that things are “in line” and how to respond to undesired situation IS Management vs. Information Security : IS Management vs. Information Security Information System Management: Acquire Develop Implement/Integrate Operate Maintain Optimize April 5, 2010 Copyright Martin Dion 2010 7 Information Security Management: Specify Protect Monitor Respond Train Audit VS. Two different entities that have to work hand in hand The ISO R&R Wheel : The ISO R&R Wheel April 5, 2010 Copyright Martin Dion 2010 8 Conclusion : Conclusion As you can see, it is not that complicated to draw a line between the various ISO controls Obviously, this presentation do not include the other organizational players, those will be address in a future training. This is not the only model, the ISACA within the CISM, CISA and CGEIT review manual also offer great insights on task segregations and clarification of Roles and Responsibilities Other postings on roles and responsibilities, task description are available on the blog April 5, 2010 Copyright Martin Dion 2010 9 Closing remarks : Closing remarks I hope you enjoyed this training session If you have question, comment or suggestion, please do not hesitate to comment on the blog It is really important to me that you transmit them so I can improve the content and delivery for future video training. Remember that the only stupid question is the one we do not ask ! The current presentation will be published on the blog when the next training becomes available and the next slide titled “further reading” will be stored on the BLOG right away in case you want to dig for yourself April 5, 2010 Copyright Martin Dion 2010 10 Further Readings : Further Readings My company : www.abovesecurity.com My blog: martindion.blogspot.com ISO standards: www.iso.org CISM, CISA, CGEIT: www.isaca.org April 5, 2010 Copyright Martin Dion 2010 11 Thank you !!! You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
ISO 27001 February Training martin.dion Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 2046 Category: Science & Tech.. License: All Rights Reserved Like it (1) Dislike it (0) Added: April 05, 2010 This Presentation is Public Favorites: 0 Presentation Description Second training of 2010 available on martindion.blogspot.com. This mini training is an important one since it put in perspective information security on the Rogers curve of innovation adoption. It also provides you a great overview of the ISO 27001 wheel of Roles and Responsibilities which distinguished what should between IT and Information Security when it comes to protecting the information system and building a security management system. Comments Posting comment... By: rampa4u (16 month(s) ago) good Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript ISO 27001 Mini-TrainingInformation Security Roles & Responsibilities : ISO 27001 Mini-TrainingInformation Security Roles & Responsibilities Training #2 - February 2010 http://martindion.blogspot.com Your Host : Your Host April 5, 2010 2 Copyright Martin Dion 2010 Martin Dion (CISSP/CISM) ISO:27 001/20 000 Lead Auditor & Trainer Chief Technology Officer at Above Security Located in Switzerland 15 years of information security experience Built « certified » information security management systems Management consultant specialized in compliance for international companies, private and offshore banks, lotteries and governments. Introduction : Introduction April 5, 2010 Copyright Martin Dion 2010 3 This second training focus on clarifying roles and responsibilities between the Information System Department and the Information Security Responsible Purpose of those training: Understand the three pillar of information security management (not CIA ) Drawing the line between IT and Security Clarify who is doing what with regards to the “12” ISO control objectives Topics for today : Topics for today April 5, 2010 4 Copyright Martin Dion 2010 The three pillars Information System Management vs. Information Security Management The ISO R&R Wheel Conclusion Why do we have to talk about this again? : Why do we have to talk about this again? April 5, 2010 Copyright Martin Dion 2010 5 New Product Adoption Curves According to Everett Rogers (1962) Army/Banking Era 70’s - 95 Internet/eComm Era 95-2002 Regulatory Era 2002-Mid 2009 Mainstream / Day to day habit Era Mid 2009+ The three pillars : The three pillars April 5, 2010 Copyright Martin Dion 2010 6 Information Security Management Pillars: Strategy & Vision Operation & Maintenance Compliance & Response Strategy & Vision is about understanding the constraint and making the right decision to improve your information security posture over time Operation & Maintenance is everything you have to do a daily basis to maintain your security posture Compliance & Response is how you make sure that things are “in line” and how to respond to undesired situation IS Management vs. Information Security : IS Management vs. Information Security Information System Management: Acquire Develop Implement/Integrate Operate Maintain Optimize April 5, 2010 Copyright Martin Dion 2010 7 Information Security Management: Specify Protect Monitor Respond Train Audit VS. Two different entities that have to work hand in hand The ISO R&R Wheel : The ISO R&R Wheel April 5, 2010 Copyright Martin Dion 2010 8 Conclusion : Conclusion As you can see, it is not that complicated to draw a line between the various ISO controls Obviously, this presentation do not include the other organizational players, those will be address in a future training. This is not the only model, the ISACA within the CISM, CISA and CGEIT review manual also offer great insights on task segregations and clarification of Roles and Responsibilities Other postings on roles and responsibilities, task description are available on the blog April 5, 2010 Copyright Martin Dion 2010 9 Closing remarks : Closing remarks I hope you enjoyed this training session If you have question, comment or suggestion, please do not hesitate to comment on the blog It is really important to me that you transmit them so I can improve the content and delivery for future video training. Remember that the only stupid question is the one we do not ask ! The current presentation will be published on the blog when the next training becomes available and the next slide titled “further reading” will be stored on the BLOG right away in case you want to dig for yourself April 5, 2010 Copyright Martin Dion 2010 10 Further Readings : Further Readings My company : www.abovesecurity.com My blog: martindion.blogspot.com ISO standards: www.iso.org CISM, CISA, CGEIT: www.isaca.org April 5, 2010 Copyright Martin Dion 2010 11 Thank you !!!