SlideShare a Scribd company logo

27001 awareness Training

Dr Madhu Aman Sharma
Dr Madhu Aman Sharma

This document provides information about an ISO 27001 awareness training course held by K2A Training Academy. The one-day course aims to help participants understand how to safeguard organizational data and information from both external and internal threats. It covers topics such as information security background, risks and controls, and the ISO 27001 certification process. Breaks are scheduled during the day for tea and lunch. Attendees are not permitted to smoke or use their mobile devices during the sessions.

Education
1 of 28
K2A Training Academy Division of K2A Management www.iso-certifications.com | www.k2amanagement.com "Information technology— Security techniques — Information security management systems — Requirements". An Awareness Training ISO/IEC 27001:2013 ISMS
Copy Right-K2A Rules NO Smoking NO Use of Mobile Tea Break Lunch break
Copy Right-K2A Course Objectives On completion of the course, the participant will: • Understand the significance of safeguarding organisational data and information in the light of possible threats – external and internal • Learn about the objectives and scope of ISO 27001 Standard in respect of Information Security Management System (ISMS) Acquire greater awareness of the underlying risks and receive exposure to typical measures to mitigate the risks within one’s own organisation
Copy Right-K2A Key Topics • Information Security Background, • Information Assets • ISMS Benefits • Likelihoods of failures and attacks • Risks & Annex – A Controls • Cost effective and consistent reliability and security of the system • Certification Process
Copy Right-K2A What is Information Security ? The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional Organization must determine which assets can materially affect the delivery of product/service by their absence or degradation Information Security Management relates to all types of information, be it paper-based, electronic or other. It determines how information is processed, stored, transferred, archived and destroyed. A secure information is one which ensures Confidentiality, Integrity, and Availability. It is all about protecting information assets from potential security breaches.
Copy Right-K2A Information Assets Information assets of an organization can be: • Business data • E-mail data • Employee information • Research records • Price lists • Tender documents • Spoken in conversations over the telephone • Data stored on computers • Transmitted across networks • Printed out • Written on a paper, sent by fax • Stored on disks • Held on microfilm Asset is something that has “value to the organization”
Copy Right-K2A Core Values Confidentiality IntegrityAvailability • Is my communication private? • Ensuring that the data is read only by the intended person • Protection of data against unauthorized access or disclosure • Possible through access control and encryption • Has my communication been altered? • Protection of data against unauthorized modification or substitution • If integrity is compromised, no point in protecting data • A transparent envelope that is tamper evident • Are the systems responsible for delivering, storing and processing information accessible when needed? • Are the above systems accessible to only those who need them?
Copy Right-K2A Need of ISMS Management Concerns • Market reputation • Business continuity • Disaster recovery • Business loss • Loss of confidential data • Loss of customer confidence • Legal liability • Cost of security Security Measures/Controls • Technical • Procedural • Physical • Logical • Personnel • Management All these can be addressed effectively and efficiently only by establishing a proper Information Security Management System (ISMS)
Copy Right-K2A Activity
Copy Right-K2A History 1960s: Organizations start to protect their computers 1970s: The first hacker attacks begin 1980s: Governments become proactive in the fight against cybercrime 1990s: Organized crime gets involved in hacking 2000s: Cybercrime becomes treated like a crime 2010s: Information security becomes serious
Copy Right-K2A History of ISO/IEC 17021 Overview The origin of the ISO/IEC 27000 series of standards goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC) Founded in May 1987, the CCSC had two major tasks: • The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria • And an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a “Users Code of Practice” that was published in 1989. This was further developed by the National Computing Centre (NCC) BS 7799-2:2002 was officially launched on 5th September 2002.
Copy Right-K2A History of ISO/IEC 17021 Overview ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999. BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do- Check-Act cycle. BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians. The 2005 first edition was extensively revised and published in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA.
Copy Right-K2A ISO/IEC 17021 Overview ISO/IEC 27001:2013 is the best-known standard in the family providing requirements for an information security management system (ISMS). There are more than a dozen standards in the 27000 family ISO/IEC 27000:2018 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT SYSTEMS — OVERVIEW AND VOCABULARY ISO/IEC 27010:2015 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS
Copy Right-K2A Benefits Protecting your data and reputation Stay one step ahead Competitive advantage In this technology-driven world, it is critical to protect your organization's data and that of your customers. Implementing an information security management system (ISMS) and gaining ISO 27001 certification will ensure you have in place the processes and controls to protect your information assets and manage the threats posed to your organization from cyber attacks .
Copy Right-K2A Supporting Standards By using a risk management approach, ISO 27001 certification helps organizations manage their people, processes and systems and is the best- known standard in the ISO 27000 family of standards. ISO 27032 - Guidelines for cybersecurity ISO 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors ISO 27017 - Code of practice for information security controls for cloud services
Copy Right-K2A Break
Copy Right-K2A CLAUSE STARUCTURE ISO/IEC 17021:2013 MANDATORYPROCESS 4. Context of Org 5. Leadership 6. Planning 7. Support 8. Operation 9.Performance Evaluation 10. Improvement AnnexureA:Control Objectives 14 Domains 35 Control Objectives 114 Controls
Copy Right-K2A Risk Assessment Risk Approach Residual Risk Contractual Regulatory Business Risk assessments The definition of risk is the “effect of uncertainty on objectives”, which may be positive or negative. Baseline controls based on regulatory, business and contractual obligations may be identified and implemented before the risk assessment is conducted. The organization identifies risks to the organization's information the assessment does not have to be asset-based. The risk owner determines how to treat the risk, accepting residual risk. Controls are drawn from any source or control Set Selected controls are compared to those in Annex A. The Statement of Applicability records whether a control from Annex A is selected and why
Copy Right-K2A Activity
Copy Right-K2A 14 Domains The 14 control sets of Annex A
Copy Right-K2A Number of Domains and Controls The 114 control sets of Annex A Domains Control Obj. Controls A5. Information Security policies 1 2 A6. Organization of information security 2 7 A7. Human resources security 3 6 A8. Asset management 3 10 A.9 Access control 4 14 A.10 Cryptography 1 2 A.11 Physical and environmental security 2 15 A.12. Operations Security 7 14 A.13 Communications Security 2 7 A.14 Systems acquisition, development & Maint. 3 13 A.15 Supplier Relationship 2 5 A.16 Information security incident management 1 7 A.17 Information Security aspect of Business continuity management 2 4 A.18 Compliance 2 8 Total - 14 35 114
Copy Right-K2A Controls The 114 control sets of Annex A A.5 Information security policies (2 controls): how policies are written and reviewed. A.6 Organisation of information security (7 controls): the assignment of responsibilities for specific tasks. A.7 Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles. A.8 Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities. A.9 Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role. A.10 Cryptography (2 controls): the encryption and key management of sensitive information. A.11 Physical and environmental security (15 controls): securing the organisation’s premises and equipment. A.12 Operations security (14 controls): ensuring that information processing facilities are secure.
Copy Right-K2A Controls The 114 control sets of Annex A A.13 Communications security (7 controls): how to protect information in networks. A.14 System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems. A.15 Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept. A.16 Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities. A.17 Information security aspects of business continuity management (4 controls): how to address business disruptions. A.18 Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.
Copy Right-K2A Documentation Documentation Structure Policy Scope, Risk Assessment, Procedures Work Instruction Records Level-1 Level-2 Level-3 Level-4
Copy Right-K2A Process Approach PDCA Approach Plan Do Check Act
Copy Right-K2A Risk Management PDCA Approach Identify Risks Risk Treatment Risk Management • Identify all Stakeholders • Identify Business Process • Identify Operation Process • Identify Assets • Identify Risk on the basis of all Stakeholders • Identify Threats and Vulnerabilities • Evaluate Probability and Impact • Calculate Risk Value • Mitigate/Reduce risk • Avoid risk • Transfer risk • Accept risk • Mitigate the risk by appropriate controls • Evaluate controls periodically
Copy Right-K2A Questions
Copy Right-K2A Thank You

Recommended

Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 

Recommended

Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 

More Related Content

What's hot

NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentationPranay Kumar
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesCertification Europe
 

What's hot (20)

NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
ISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and ChallengesISO 27001 Certification - The Benefits and Challenges
ISO 27001 Certification - The Benefits and Challenges
 

Similar to 27001 awareness Training

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Know more about exin unique information security program
Know more about exin unique information security programKnow more about exin unique information security program
Know more about exin unique information security programElke Couto Morgado
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirementshumanus2
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfJhonGIg
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfmicroteklearning21
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringControlCase
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
 

Similar to 27001 awareness Training (20)

Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Know more about exin unique information security program
Know more about exin unique information security programKnow more about exin unique information security program
Know more about exin unique information security program
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdf
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Log Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity MonitoringLog Monitoring and File Integrity Monitoring
Log Monitoring and File Integrity Monitoring
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
 

More from Dr Madhu Aman Sharma

Sales approach Effective Cold Calling
Sales approach Effective Cold CallingSales approach Effective Cold Calling
Sales approach Effective Cold CallingDr Madhu Aman Sharma
 
ISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness TrainingISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness TrainingDr Madhu Aman Sharma
 
Occupational health and safety implementation
Occupational health and safety implementationOccupational health and safety implementation
Occupational health and safety implementationDr Madhu Aman Sharma
 

More from Dr Madhu Aman Sharma (18)

CE Marking Presentation
CE Marking PresentationCE Marking Presentation
CE Marking Presentation
 
HACCP PRESENTATION
HACCP PRESENTATIONHACCP PRESENTATION
HACCP PRESENTATION
 
Sales approach Effective Cold Calling
Sales approach Effective Cold CallingSales approach Effective Cold Calling
Sales approach Effective Cold Calling
 
ISO 22000 Food Safety
ISO 22000 Food Safety ISO 22000 Food Safety
ISO 22000 Food Safety
 
ISO 45001 audit tool
ISO 45001 audit toolISO 45001 audit tool
ISO 45001 audit tool
 
Internal auditor 9001 day 1
Internal auditor 9001 day 1Internal auditor 9001 day 1
Internal auditor 9001 day 1
 
ISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness TrainingISO 45001 Employee Awareness Training
ISO 45001 Employee Awareness Training
 
ISO 9001:2015 Awareness
ISO 9001:2015 Awareness ISO 9001:2015 Awareness
ISO 9001:2015 Awareness
 
Introducing iso 45001
Introducing iso 45001Introducing iso 45001
Introducing iso 45001
 
Lead Auditor 55001
Lead Auditor 55001Lead Auditor 55001
Lead Auditor 55001
 
Lead IMp 14001-2015
Lead IMp 14001-2015Lead IMp 14001-2015
Lead IMp 14001-2015
 
Madhu 13485 LA
Madhu 13485 LAMadhu 13485 LA
Madhu 13485 LA
 
Madhu Aman_LA OHSAS
Madhu Aman_LA OHSASMadhu Aman_LA OHSAS
Madhu Aman_LA OHSAS
 
ISO documentation 9001
ISO documentation 9001ISO documentation 9001
ISO documentation 9001
 
ISO 9001: 2015
ISO 9001: 2015 ISO 9001: 2015
ISO 9001: 2015
 
Occupational health and safety implementation
Occupational health and safety implementationOccupational health and safety implementation
Occupational health and safety implementation
 
Ems tool-implementation
Ems tool-implementationEms tool-implementation
Ems tool-implementation
 
ISO 9001:2015
ISO 9001:2015ISO 9001:2015
ISO 9001:2015
 

Recently uploaded

9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 

Recently uploaded (20)

9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 

27001 awareness Training

  • 1. K2A Training Academy Division of K2A Management www.iso-certifications.com | www.k2amanagement.com "Information technology— Security techniques — Information security management systems — Requirements". An Awareness Training ISO/IEC 27001:2013 ISMS
  • 2. Copy Right-K2A Rules NO Smoking NO Use of Mobile Tea Break Lunch break
  • 3. Copy Right-K2A Course Objectives On completion of the course, the participant will: • Understand the significance of safeguarding organisational data and information in the light of possible threats – external and internal • Learn about the objectives and scope of ISO 27001 Standard in respect of Information Security Management System (ISMS) Acquire greater awareness of the underlying risks and receive exposure to typical measures to mitigate the risks within one’s own organisation
  • 4. Copy Right-K2A Key Topics • Information Security Background, • Information Assets • ISMS Benefits • Likelihoods of failures and attacks • Risks & Annex – A Controls • Cost effective and consistent reliability and security of the system • Certification Process
  • 5. Copy Right-K2A What is Information Security ? The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional Organization must determine which assets can materially affect the delivery of product/service by their absence or degradation Information Security Management relates to all types of information, be it paper-based, electronic or other. It determines how information is processed, stored, transferred, archived and destroyed. A secure information is one which ensures Confidentiality, Integrity, and Availability. It is all about protecting information assets from potential security breaches.
  • 6. Copy Right-K2A Information Assets Information assets of an organization can be: • Business data • E-mail data • Employee information • Research records • Price lists • Tender documents • Spoken in conversations over the telephone • Data stored on computers • Transmitted across networks • Printed out • Written on a paper, sent by fax • Stored on disks • Held on microfilm Asset is something that has “value to the organization”
  • 7. Copy Right-K2A Core Values Confidentiality IntegrityAvailability • Is my communication private? • Ensuring that the data is read only by the intended person • Protection of data against unauthorized access or disclosure • Possible through access control and encryption • Has my communication been altered? • Protection of data against unauthorized modification or substitution • If integrity is compromised, no point in protecting data • A transparent envelope that is tamper evident • Are the systems responsible for delivering, storing and processing information accessible when needed? • Are the above systems accessible to only those who need them?
  • 8. Copy Right-K2A Need of ISMS Management Concerns • Market reputation • Business continuity • Disaster recovery • Business loss • Loss of confidential data • Loss of customer confidence • Legal liability • Cost of security Security Measures/Controls • Technical • Procedural • Physical • Logical • Personnel • Management All these can be addressed effectively and efficiently only by establishing a proper Information Security Management System (ISMS)
  • 10. Copy Right-K2A History 1960s: Organizations start to protect their computers 1970s: The first hacker attacks begin 1980s: Governments become proactive in the fight against cybercrime 1990s: Organized crime gets involved in hacking 2000s: Cybercrime becomes treated like a crime 2010s: Information security becomes serious
  • 11. Copy Right-K2A History of ISO/IEC 17021 Overview The origin of the ISO/IEC 27000 series of standards goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC) Founded in May 1987, the CCSC had two major tasks: • The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria • And an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a “Users Code of Practice” that was published in 1989. This was further developed by the National Computing Centre (NCC) BS 7799-2:2002 was officially launched on 5th September 2002.
  • 12. Copy Right-K2A History of ISO/IEC 17021 Overview ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999. BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do- Check-Act cycle. BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians. The 2005 first edition was extensively revised and published in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA.
  • 13. Copy Right-K2A ISO/IEC 17021 Overview ISO/IEC 27001:2013 is the best-known standard in the family providing requirements for an information security management system (ISMS). There are more than a dozen standards in the 27000 family ISO/IEC 27000:2018 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT SYSTEMS — OVERVIEW AND VOCABULARY ISO/IEC 27010:2015 INFORMATION TECHNOLOGY — SECURITY TECHNIQUES — INFORMATION SECURITY MANAGEMENT FOR INTER-SECTOR AND INTER-ORGANIZATIONAL COMMUNICATIONS
  • 14. Copy Right-K2A Benefits Protecting your data and reputation Stay one step ahead Competitive advantage In this technology-driven world, it is critical to protect your organization's data and that of your customers. Implementing an information security management system (ISMS) and gaining ISO 27001 certification will ensure you have in place the processes and controls to protect your information assets and manage the threats posed to your organization from cyber attacks .
  • 15. Copy Right-K2A Supporting Standards By using a risk management approach, ISO 27001 certification helps organizations manage their people, processes and systems and is the best- known standard in the ISO 27000 family of standards. ISO 27032 - Guidelines for cybersecurity ISO 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors ISO 27017 - Code of practice for information security controls for cloud services
  • 17. Copy Right-K2A CLAUSE STARUCTURE ISO/IEC 17021:2013 MANDATORYPROCESS 4. Context of Org 5. Leadership 6. Planning 7. Support 8. Operation 9.Performance Evaluation 10. Improvement AnnexureA:Control Objectives 14 Domains 35 Control Objectives 114 Controls
  • 18. Copy Right-K2A Risk Assessment Risk Approach Residual Risk Contractual Regulatory Business Risk assessments The definition of risk is the “effect of uncertainty on objectives”, which may be positive or negative. Baseline controls based on regulatory, business and contractual obligations may be identified and implemented before the risk assessment is conducted. The organization identifies risks to the organization's information the assessment does not have to be asset-based. The risk owner determines how to treat the risk, accepting residual risk. Controls are drawn from any source or control Set Selected controls are compared to those in Annex A. The Statement of Applicability records whether a control from Annex A is selected and why
  • 20. Copy Right-K2A 14 Domains The 14 control sets of Annex A
  • 21. Copy Right-K2A Number of Domains and Controls The 114 control sets of Annex A Domains Control Obj. Controls A5. Information Security policies 1 2 A6. Organization of information security 2 7 A7. Human resources security 3 6 A8. Asset management 3 10 A.9 Access control 4 14 A.10 Cryptography 1 2 A.11 Physical and environmental security 2 15 A.12. Operations Security 7 14 A.13 Communications Security 2 7 A.14 Systems acquisition, development & Maint. 3 13 A.15 Supplier Relationship 2 5 A.16 Information security incident management 1 7 A.17 Information Security aspect of Business continuity management 2 4 A.18 Compliance 2 8 Total - 14 35 114
  • 22. Copy Right-K2A Controls The 114 control sets of Annex A A.5 Information security policies (2 controls): how policies are written and reviewed. A.6 Organisation of information security (7 controls): the assignment of responsibilities for specific tasks. A.7 Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles. A.8 Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities. A.9 Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role. A.10 Cryptography (2 controls): the encryption and key management of sensitive information. A.11 Physical and environmental security (15 controls): securing the organisation’s premises and equipment. A.12 Operations security (14 controls): ensuring that information processing facilities are secure.
  • 23. Copy Right-K2A Controls The 114 control sets of Annex A A.13 Communications security (7 controls): how to protect information in networks. A.14 System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems. A.15 Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept. A.16 Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities. A.17 Information security aspects of business continuity management (4 controls): how to address business disruptions. A.18 Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.
  • 24. Copy Right-K2A Documentation Documentation Structure Policy Scope, Risk Assessment, Procedures Work Instruction Records Level-1 Level-2 Level-3 Level-4
  • 25. Copy Right-K2A Process Approach PDCA Approach Plan Do Check Act
  • 26. Copy Right-K2A Risk Management PDCA Approach Identify Risks Risk Treatment Risk Management • Identify all Stakeholders • Identify Business Process • Identify Operation Process • Identify Assets • Identify Risk on the basis of all Stakeholders • Identify Threats and Vulnerabilities • Evaluate Probability and Impact • Calculate Risk Value • Mitigate/Reduce risk • Avoid risk • Transfer risk • Accept risk • Mitigate the risk by appropriate controls • Evaluate controls periodically