Challenges and Benefits of Information Security Management
1 like583 views
This document discusses information security and outlines the key aspects of ISO/IEC 27001 and 17799 standards. It summarizes the standards' focus on asset identification, risk assessment, security controls, policies and procedures to protect information from various threats. The standards provide a framework to establish the context, identify, analyze, evaluate risks and controls to monitor and review an organization's information security.
Challenges and Benefits of Information Security Management
- 3. ! Information Security ! " "# " " ! $ %" " & &'
- 4. " #$ # #% ## & % ' '" ( ) % % * * # +# & $ ) % * , %# - . # # # # !# % #/ . %# # # * / . # $ * # *# # # # # / . # !# # 0 . # # # # #
- 5. # 01 # $ An 27001 Certified Lead Auditor Audit Aspectos essenciais BS ISO/IEC 17799 e 27001 Implantação BS ISO/IEC 27001 Auditorias Internas à BS ISO/IEC 27001 Auditor Coordenador BS ISO/IEC 27001 (IRCA) Trainning Consultancy
- 6. # 01 # $ " #$ # #% ## & " 2 4 3 . ! . " !# & 1 5 6 " 5(7 (( . ! . " !# & 8 . ! . $% & & # ! # ' # (
- 7. # # &,' # &9 %# . " + : 1 # % 0
- 9. . # %# ! # !# & # !# " 2 4 3 9 ' &; #! # # $" 2 4 '9( 3 9( . " # #
- 10. Natural Disasters Acoustic (Flood, Lightning, Earthquake, ...) Information (Telephone conversations, in public, in meetings, ...) Technical failures Logical Physical 17799 * 27001 17799 * 27001 (Communication, Lack of energy, Information Information Equipment break-down, ...) (Faxs, contracts, BS ISO/IEC BS ISO/IEC (electronic records) reports, manuals, ...) Business Human Failure (Maintenance errors, User errors, Lack of staff, ...) Visual Intelectual Information (Vídeo, fotos, Information environment, ...) (Knowledge) Social Problens (Strikes, Terrorism Attack, politics, legislation...)
- 11. '' # 2 < #* A5 Security policy A6 Organization of Information Security A7 Asset management A8 HR A9 Physical and A10 Communications A12 Information security Environmental and operations Systems security management Acquisition, development A11 Access control and maintenance A13 Incident Management A14 Business continuity management A15 Compliance
- 12. ## = ! "# $ % & $ + ', - ' ( $ . / % ) % % ) * * % " "*
- 13. > = # $ & # $ 2 4 ) 3 % 9- ? Communicate and Consult Assess Risks Identify Analyse Evaluate Control Establish the the the the Context Risks Risks Risks Risks Monitor and Review
- 14. > = #1 Risk Assessment Asset Identification and Valuation Identification of Vulnerabilities Identification of Evaluation of Impacts Threats Business Risk Rating/ranking of Risks Risk Management Review of Existing Security Controls Identification of new Security Controls Policy and Implementation and Procedures Risk Acceptance Risk Reduction (Residual Risk)
- 15. 1;
- 16. $
- 17. @% # A & B$ # # % !% % % ! * # ! %# !% % C$ A ,
- 18. $ & %# % # .> # * 1 * # %0 12 3 4 5
- 19. $ & = # . ."% # . $ $ . %#
- 20. $ & = 8# % # . % # * # % . % % < # % %0 12 3 4 5
- 21. $ & % # % #!D > = . # $ % 0 % # # . # $ % % ** . = $ $ # # = #% ## 67
- 22. # * * 6 7* - * " * * # 68 # * * *9 : :;
- 23. $ & # > = # $ & % #= # * # % $ # # # %#
- 24. $ & #* $ ! $ & # # # $ $# 2 . A $ A B$ A E A & # # # .; # # # % 0 %# %
- 25. $ & % F" # # G . 2 " H IA & ; * F # # G . 2 ( '$ I & D $ # # % ! & = % % # % ##
- 26. 9 ' # # <<<;= ; *
- 27. $ &) ## # *# +
- 28. " #J
- 29. " # & * # J . # # & # 3K D # & &>2
- 30. " # &"% # %# ! # . I . # $ F $ ! # %#IG ! . # $ F" % # %#!1 G !" # %$ & ' ' # ' <<<; # ; "
- 31. " # &2 D # % $" # # JJJ & # # # # # % $ L% #
- 32. " # & 1 * # & B # "% # & * # * % L # % ! & %# % $ 3 $ # . > # !JJJJ & D% # # % ! * #
- 33. " # & F, G # # $ $ $ # =# # & # $F #& ( #
- 34. @% # A & !% # % # # # # % ** # $ 8# # A
- 35. You are free: Creative Commons Attribution- •to copy, distribute, display, and perform this work NoDerivs 2.0 •to make commercial use of this work Under the following conditions: Attribution. You must give the original author credit. No Derivative Works. You may not alter, transform, or build upon this work. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author. Your fair use and other rights are in no way affected by the above. This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
- 36. E K M N 2 ->?- @ > ; ' ?@ > ; '