logging in or signing up Information_Assurance_Compliance projectcpr Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 60 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: July 25, 2011 This Presentation is Public Favorites: 0 Presentation Description Faulkner & Associates approach to compliance Comments Posting comment... Premium member Presentation Transcript Information Assurance & Compliance: Information Assurance & Compliance Delivery Process ModelWhy ISO 27001?: Why ISO 27001? Provides the best method to demonstrate compliance with a multitude of regulatory requirements using ISO/IEC 27001 Using ISO 27001 guarantees consistency and global recognition All major regulatory compliance bodies recognise ISO 27001Benefits of this Methodology: Benefits of this Methodology Used by a range of sectors including Government, Finance, Telecommunications, Criminal Justice and the NHS Collaborative method that offers value for money and opportunities for skills transfer Clients ‘tap-into’ the skills & expertise they need to achieve their business compliance needs It is a proven delivery method that leads to compliance successOverview: Overview Simple 3 Phased approach Creates a complete set of documentation to fully demonstrate compliance and achieve certification Additional Modules for specifically for SOX compliance & Public Sector systems Can be tailored to meet the requirements of worldwide compliance requirementsDelivery Process: Delivery Process Preparation Phase Risk Assessment Phase Evidence Phase SOX Module Accreditation Module Other Compliances ModulePreparation Phase: Preparation Phase Approximately 17 Days Security Project Planning Collect Requirements & confirm compliance drivers Internal Audit Define security organisation structure Produce ISO 27001 Scope statementPreparation Phase: Preparation Phase Agree organisation security policy Develop Training needs statement - IA & BCM Create Applicable Legislation Checklist Document Business Continuity Management Methodology Develop & document ISMS Collect Risk InputsRisk Assessment Phase: Risk Assessment Phase Approximately 21 Days Physical Assessment Asset list Interviews Risk & BC/DR workshops Technical Architecture Security ReviewRisk Assessment Phase: Risk Assessment Phase Business Impact Assessment Threat & Vulnerability Assessment (TVCA) Assess report and discuss mitigation Countermeasure evaluation & selection Measure of Effectiveness Map ISO 27001 controls to other control setsEvidence Phase: Evidence Phase Approximately 28 Days Embedding security within the organisation Complete Statement of Applicability Create security procedures / manual Business Continuity Planning & Testing Operational Readiness TestingEvidence Phase: Evidence Phase Create Audit and security review plan Create incident response plan / capability ISO 27001 Documents Set creation Declaration ISO 27001 compliancePublic Sector Systems: Public Sector Systems Accreditation Module - 12 Days IS1 Risk Assessment Produce RMADSPublic Sector Systems: Public Sector Systems Other Compliances Module - 2 Days Each SPF PCI DSS Client Security Policy NHS Toolkit/N3 ISS4PSarbanes Oxley: Sarbanes Oxley SOX Module - 25 Days Agree the SPCA's and develop audit plan Run the SAS70 Audit Deliver SAS70 audit reportPhase 1 Deliverables: Phase 1 Deliverables Security Project Brief Statement of Works High Level Project Plan ISO Scope Statement Audit Report Legislation Checklist Gap Analysis BCM Methodology ISMSPhase 2 Deliverables: Phase 2 Deliverables Risk Assessment/Business Impact Assessment Report Asset List Control Mappings Physical Assessment Measure or EffectivenessPhase 3 Deliverables: Phase 3 Deliverables Statement of Applicability Security Policies & Procedures Operational Readiness Testing Report Penetration Testing Report BC / DR Plan BC / DR Test Plan Security Audit Plan Training & Awareness Materials & PlanAdditional Deliverables: Additional Deliverables HMG IS1 Risk Assessment RMADS (HMG IS2)Additional Deliverables: Additional Deliverables Compliance Reports: SPF PCI DSS SOX Client Security Policy NHS Toolkit/N3 ISS4P GSI /GSx CJXContacts: Contacts Nicholas Faulkner Principal Security Consultant 33 Sunmead Walk Cambridge CB1 9YB info@faulkner-associates.com +44 (0) 7811 040 261 You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Information_Assurance_Compliance projectcpr Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 60 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: July 25, 2011 This Presentation is Public Favorites: 0 Presentation Description Faulkner & Associates approach to compliance Comments Posting comment... Premium member Presentation Transcript Information Assurance & Compliance: Information Assurance & Compliance Delivery Process ModelWhy ISO 27001?: Why ISO 27001? Provides the best method to demonstrate compliance with a multitude of regulatory requirements using ISO/IEC 27001 Using ISO 27001 guarantees consistency and global recognition All major regulatory compliance bodies recognise ISO 27001Benefits of this Methodology: Benefits of this Methodology Used by a range of sectors including Government, Finance, Telecommunications, Criminal Justice and the NHS Collaborative method that offers value for money and opportunities for skills transfer Clients ‘tap-into’ the skills & expertise they need to achieve their business compliance needs It is a proven delivery method that leads to compliance successOverview: Overview Simple 3 Phased approach Creates a complete set of documentation to fully demonstrate compliance and achieve certification Additional Modules for specifically for SOX compliance & Public Sector systems Can be tailored to meet the requirements of worldwide compliance requirementsDelivery Process: Delivery Process Preparation Phase Risk Assessment Phase Evidence Phase SOX Module Accreditation Module Other Compliances ModulePreparation Phase: Preparation Phase Approximately 17 Days Security Project Planning Collect Requirements & confirm compliance drivers Internal Audit Define security organisation structure Produce ISO 27001 Scope statementPreparation Phase: Preparation Phase Agree organisation security policy Develop Training needs statement - IA & BCM Create Applicable Legislation Checklist Document Business Continuity Management Methodology Develop & document ISMS Collect Risk InputsRisk Assessment Phase: Risk Assessment Phase Approximately 21 Days Physical Assessment Asset list Interviews Risk & BC/DR workshops Technical Architecture Security ReviewRisk Assessment Phase: Risk Assessment Phase Business Impact Assessment Threat & Vulnerability Assessment (TVCA) Assess report and discuss mitigation Countermeasure evaluation & selection Measure of Effectiveness Map ISO 27001 controls to other control setsEvidence Phase: Evidence Phase Approximately 28 Days Embedding security within the organisation Complete Statement of Applicability Create security procedures / manual Business Continuity Planning & Testing Operational Readiness TestingEvidence Phase: Evidence Phase Create Audit and security review plan Create incident response plan / capability ISO 27001 Documents Set creation Declaration ISO 27001 compliancePublic Sector Systems: Public Sector Systems Accreditation Module - 12 Days IS1 Risk Assessment Produce RMADSPublic Sector Systems: Public Sector Systems Other Compliances Module - 2 Days Each SPF PCI DSS Client Security Policy NHS Toolkit/N3 ISS4PSarbanes Oxley: Sarbanes Oxley SOX Module - 25 Days Agree the SPCA's and develop audit plan Run the SAS70 Audit Deliver SAS70 audit reportPhase 1 Deliverables: Phase 1 Deliverables Security Project Brief Statement of Works High Level Project Plan ISO Scope Statement Audit Report Legislation Checklist Gap Analysis BCM Methodology ISMSPhase 2 Deliverables: Phase 2 Deliverables Risk Assessment/Business Impact Assessment Report Asset List Control Mappings Physical Assessment Measure or EffectivenessPhase 3 Deliverables: Phase 3 Deliverables Statement of Applicability Security Policies & Procedures Operational Readiness Testing Report Penetration Testing Report BC / DR Plan BC / DR Test Plan Security Audit Plan Training & Awareness Materials & PlanAdditional Deliverables: Additional Deliverables HMG IS1 Risk Assessment RMADS (HMG IS2)Additional Deliverables: Additional Deliverables Compliance Reports: SPF PCI DSS SOX Client Security Policy NHS Toolkit/N3 ISS4P GSI /GSx CJXContacts: Contacts Nicholas Faulkner Principal Security Consultant 33 Sunmead Walk Cambridge CB1 9YB info@faulkner-associates.com +44 (0) 7811 040 261