SlideShare a Scribd company logo

ISO 27001 2013 isms final overview

N
Naresh Rao

This document is a presentation on information security and business continuity. It covers topics such as ISO 27001 on information security, risk management, laws relating to information security in Qatar, and examples of product recalls due to incidents. The presentation provides an overview of ISO 27001, including its structure following the PDCA model and the roles of internal and external interested parties. It also discusses why information needs protection due to threats and vulnerabilities, and the principles of information security management systems.

Business
1 of 34
Downloaded 223 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
www.intertek.com1 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 1Issue 2 © Intertek QATAR www.intertek.com 1 Welcome to the Seminar on INFORMATION SECURITY (ISO 27001:2015) & BUSINESS CONTINUTIY (ISO 22301:2013) QATAR 25th November 2015
www.intertek.com2 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 2www.intertek.com2Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview Today we shall be covering following topics INFORMATION SECURITY BUSINESS CONTINUITY RISK MANAGEMENT
www.intertek.com3 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 3Issue 2 © Intertek QATAR www.intertek.com 3 AN ORIENTATION Welcome to the Seminar on ISO 27001:2013- QATAR
www.intertek.com4 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 4 4
www.intertek.com5 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 5 5
www.intertek.com6 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 6 CQIMC LA PPT 2 Ver 0.2 6 Hackers target business secrets 28 March 2011 http://www.bbc.co.uk/news/technology-12864666 • Intellectual property and business secrets target for cyber thieves • McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code. • It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres. • The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an insider or cyber thieves. • In some cases, companies made the job of the criminals easier because they did little to censor useful information about a corporate's culture or structure revealed in e-mails and other messages. • 2010 -Stuxnet virus targeted industrial plant equipment. • 2011-attacks on petrochemical firms, the London Stock Exchange, the European Commission .
www.intertek.com7 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 7 7CQIMC LA PPT 2 Ver 0.2
www.intertek.com8 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 8 8 Some Videos MASSIVE PERSONAL DATA BREACH IN US ?PRINTERS VULNERABILITIES ?
www.intertek.com9 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 9 9
www.intertek.com10 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 10 InformationThe value of information goes beyond the written words, numbers and images: knowledge, concepts, ideas and brands are examples of intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets that, like other important business assets, are valuable to an organization’s business and consequently deserve or require protection against various hazards. ISO/IEC 27002:2013 Ver2.0 21 June 2014
www.intertek.com11 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 11 11 WHAT IS OF INFORMATION ?
www.intertek.com12 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 12 Availability – the property of being accessible and usable upon demand by an authorised entity The elements of information security 12 CQIMC LA PPT 2 Ver 0.2
www.intertek.com13 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 13 Information CQIMC LA PPT 2 Ver 0.2 13 act of informing – what is conveyed or represented by a particular arrangement or sequence of things. data as processed, stored, or transmitted by a computer. facts provided or learned about something or someone.
www.intertek.com14 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 14 Where is information residing .? 14 Information – is of value to the organization, consequently requires adequate protection! Information needs to be protected !
www.intertek.com15 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 15 15 Standards Considered in this Module REQUIREMENT - CERTIFIABLE GUIDELINES – NON - CERTIFIABLE
www.intertek.com16Issue 2 © Intertek QATAR www.intertek.com 16 Information Security OverviewInformation Security Overview www.intertek.com16Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW ISO 27001 : 2013
www.intertek.com17 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 17 17
www.intertek.com18 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 18www.intertek.com18Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview EXTERNAL INTERESTED PARTIES INTERNAL INTEREST ED PARTIES A B C D E G F H ISO 27001:2013
www.intertek.com19 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 19www.intertek.com19Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
www.intertek.com20 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 20www.intertek.com20Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
www.intertek.com21 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 21 Information security Information security – preservation of confidentiality, Integrity and availability of information . In addition, other properties, such as authenticity, accountability (2.2), non- repudiation (2.49), and reliability (2.56) can also be involved. 21
www.intertek.com22 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 22 Need to secure Information ? 22 YES >YES > because of THREATS & VULNERABILITIESbecause of THREATS & VULNERABILITIES
www.intertek.com23 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 23 23 Info Security Attack can impact
www.intertek.com24 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 24 24 ISO 27000:2014 ISMS PRINCIPLES
www.intertek.com25 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 25 The structure of ISO 27001:2013 CQIMC LA PPT 2 Ver 0.2 ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation P D C A ISO 27001:2013 Clauses PLAN 1, 4, 5, 6 & 7 > PLANNING, 4, 5, 6 & 7 > PLANNING DO 8 > OPERATION CHECK 9 > PERFORMANCE EVALUATION9 > PERFORMANCE EVALUATION ACT 10 > IMPROVEMENT10 > IMPROVEMENT
www.intertek.com26 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 26www.intertek.com26Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
www.intertek.com27 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 27www.intertek.com27Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning
www.intertek.com28 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 28 28 1. Qatar HR Law 2009; 2. Qatar Law of Trademark & Commercial Indications Law no. 3 1978; 3. Qatar Copywrite Law no.25 1995; 4. Qatar Public Telecommunications Law no.13 1987; LAWS OF THE LAND – Impacting Information Security
www.intertek.com29 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 29www.intertek.com29Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview 4 PHASES OF RISK MANAGEMENT
www.intertek.com30Issue 2 © Intertek QATAR www.intertek.com 30 Information Security OverviewInformation Security Overview www.intertek.com30Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW 30 Incident > Product Withdrawal and Product Recall Mattel recalls 1.5 million toys: http://www.youtube.com/watch?v=NlsvfXAQ5v8&fea Lead contamination – Toxic levels of Lead pain lawsuit: http://www.youtube.com/watch?v=3DL4dleEz7I
www.intertek.com31Issue 2 © Intertek QATAR www.intertek.com 31 Information Security OverviewInformation Security Overview www.intertek.com31Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW The 2009 Toyota 9 Million Car Recall Toyota Motor Corp. recalled approximately 9 million vehicles in the United States, which was the company’s largest-ever U.S. recall. The purpose of the recall was to address quality assurance and quality control problems with a removable floor mat that could cause accelerators to get stuck and potentially lead to a crash. (Source: Toyota recalls 3.8 million vehicles, MSNBC.com) Incident > Product Withdrawal and Product Recall
www.intertek.com32Issue 2 © Intertek QATAR www.intertek.com 32 Information Security OverviewInformation Security Overview www.intertek.com32Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
www.intertek.com33Issue 2 © Intertek QATAR www.intertek.com 33 Information Security OverviewInformation Security Overview www.intertek.com33Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
www.intertek.com34Issue 2 © Intertek QATAR www.intertek.com 34 Information Security OverviewInformation Security Overview www.intertek.com34Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW Now let us understand BCMS THANK YOU !

More Related Content

PPTX
Basic introduction to iso27001
Imran Ahmed
 
PPTX
27001 awareness Training
Dr Madhu Aman Sharma
 
PPTX
Iso 27001 awareness
Ãsħâr Ãâlâm
 
PPT
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PDF
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
PPT
Overview of ISO 27001 ISMS
Akhil Garg
 
PPTX
Implementing ISO27001 2013
scttmcvy
 
PDF
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
Basic introduction to iso27001
Imran Ahmed
 
27001 awareness Training
Dr Madhu Aman Sharma
 
Iso 27001 awareness
Ãsħâr Ãâlâm
 
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
Overview of ISO 27001 ISMS
Akhil Garg
 
Implementing ISO27001 2013
scttmcvy
 
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 

What's hot (20)

PDF
ISO 27001 ISMS MEASUREMENT
Gaffri Johnson
 
PPTX
27001.pptx
AvniJain836319
 
PPTX
What is iso 27001 isms
Craig Willetts ISO Expert
 
PDF
Steps to iso 27001 implementation
Ralf Braga
 
PDF
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPT
Isms awareness training
SAROJ BEHERA
 
DOCX
Iso 27001 2013 Standard Requirements
Uppala Anand
 
PDF
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
PDF
Why ISO27001 For My Organisation
Vigilant Software
 
PDF
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
PPTX
Iso 27001 isms presentation
Midhun Nirmal
 
PPTX
ISO 27701
UtkarshDhiman4
 
PDF
What is ISO 27001 ISMS
Business Beam
 
PDF
NQA - ISO 27001 Implementation Guide
NA Putra
 
PPT
ISO 27001 Benefits
Dejan Kosutic
 
PPTX
Project plan for ISO 27001
technakama
 
PDF
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
PDF
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Information security management system (isms) overview
Julia Urbina-Pineda
 
ISO 27001 ISMS MEASUREMENT
Gaffri Johnson
 
27001.pptx
AvniJain836319
 
What is iso 27001 isms
Craig Willetts ISO Expert
 
Steps to iso 27001 implementation
Ralf Braga
 
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Isms awareness training
SAROJ BEHERA
 
Iso 27001 2013 Standard Requirements
Uppala Anand
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Why ISO27001 For My Organisation
Vigilant Software
 
ISO 27001 Implementation_Documentation_Mandatory_List
SriramITISConsultant
 
Iso 27001 isms presentation
Midhun Nirmal
 
ISO 27701
UtkarshDhiman4
 
What is ISO 27001 ISMS
Business Beam
 
NQA - ISO 27001 Implementation Guide
NA Putra
 
ISO 27001 Benefits
Dejan Kosutic
 
Project plan for ISO 27001
technakama
 
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Information security management system (isms) overview
Julia Urbina-Pineda
 
Ad

Viewers also liked (15)

PDF
Infosec Audit Lecture_4
Obrina Candra, CISA, ISMS-LA
 
DOCX
ISO 27001:2013 Implementation procedure
Uppala Anand
 
PDF
ISO 27001
n|u - The Open Security Community
 
PDF
ISO 27001:2013 - A transition guide
Verde Ventures Pvt. Ltd.
 
PDF
Friday Forum ISO 27001: 2013
APEXMarCom
 
DOC
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
AHM Pervej Kabir
 
DOCX
blank_CV_template_Microsoft_Word
khulekani nxumalo
 
PPT
Information Security Identity and Access Management Administration 07072016
Leon Blum
 
PDF
How to effectively use ISO 27001 Certification and SOC 2 Reports
Salvi Jansen
 
PPTX
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
iFour Consultancy
 
PPTX
Damco iso 27001
Dipin Sharma
 
PDF
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
PPTX
Security and control in Management Information System
Satya P. Joshi
 
PPTX
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
iFour Consultancy
 
PDF
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurança
Paulo Garcia
 
Infosec Audit Lecture_4
Obrina Candra, CISA, ISMS-LA
 
ISO 27001:2013 Implementation procedure
Uppala Anand
 
ISO 27001
n|u - The Open Security Community
 
ISO 27001:2013 - A transition guide
Verde Ventures Pvt. Ltd.
 
Friday Forum ISO 27001: 2013
APEXMarCom
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
AHM Pervej Kabir
 
blank_CV_template_Microsoft_Word
khulekani nxumalo
 
Information Security Identity and Access Management Administration 07072016
Leon Blum
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
Salvi Jansen
 
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
iFour Consultancy
 
Damco iso 27001
Dipin Sharma
 
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
Security and control in Management Information System
Satya P. Joshi
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
iFour Consultancy
 
Memória de aula 05 segurança e auditoria de sistemas - organizando a segurança
Paulo Garcia
 
Ad

Similar to ISO 27001 2013 isms final overview (20)

PPTX
ISMS User_Awareness Training.pptx
Mukesh Pant
 
PPTX
ISMS End-User Training Presentation.pptx
comstarndt
 
PPTX
Information security
avinashbalakrishnan2
 
PDF
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
IGN MANTRA
 
PPTX
ISO 27001 2022 REQUIREMENTS EXPLAINED 4.pptx
JustinNickaf3
 
PPTX
ISO27k Awareness presentation.pptx
harigopala
 
PDF
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
PPTX
ISO27k Awareness presentation v2.pptx
Napoleon NV
 
PPTX
Presentation1 110616195133-phpapp01(information security)
Bonagiri Rajitha
 
PDF
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
PPTX
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
PDF
Chapter 12 iso 27001 awareness
newbie2019
 
PPTX
Why ISO 27001 for an Organisation
Syed Azher
 
PPTX
INFORMATION SECURITY
Ahmed Moussa
 
PPT
ISMS Requirements
humanus2
 
PDF
ISMS_of ISO 27001-2022-awareness training
HananZayed4
 
PDF
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
PDF
Iso 27001 whitepaper
Syzygal
 
PPTX
Week 9- 1 information security slides.pptx
hassanarif1022
 
PPT
MIS chap # 9.....
Syed Muhammad Zeejah Hashmi
 
ISMS User_Awareness Training.pptx
Mukesh Pant
 
ISMS End-User Training Presentation.pptx
comstarndt
 
Information security
avinashbalakrishnan2
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
IGN MANTRA
 
ISO 27001 2022 REQUIREMENTS EXPLAINED 4.pptx
JustinNickaf3
 
ISO27k Awareness presentation.pptx
harigopala
 
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
ISO27k Awareness presentation v2.pptx
Napoleon NV
 
Presentation1 110616195133-phpapp01(information security)
Bonagiri Rajitha
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Chapter 12 iso 27001 awareness
newbie2019
 
Why ISO 27001 for an Organisation
Syed Azher
 
INFORMATION SECURITY
Ahmed Moussa
 
ISMS Requirements
humanus2
 
ISMS_of ISO 27001-2022-awareness training
HananZayed4
 
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
Iso 27001 whitepaper
Syzygal
 
Week 9- 1 information security slides.pptx
hassanarif1022
 
MIS chap # 9.....
Syed Muhammad Zeejah Hashmi
 

Recently uploaded (20)

PPTX
sales presentation، Training Overview.pptx
hamdullahazimi3
 
PDF
Hindu Circuler Economy - Model (Concept)
Avijit Kumar Roy
 
PDF
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
DOCX
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
PPT
Chapter four Project-Preparation material
argachewbochena1
 
PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PPTX
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
PPTX
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
PDF
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
PPTX
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
PDF
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
PPTX
AI-assistance in Knowledge Collection and Curation supporting Safe and Sustai...
Barry Hardy
 
PPTX
CkgxkgxydkydyldylydlydyldlyddolydyoyyU2.pptx
DSAISUBRAHMANYAAASHR
 
PPTX
DMT - Profile Brief About Business .pptx
AkhileshKumar724847
 
PDF
Lecture 3 - Risk Management and Compliance.pdf
Quan Risk
 
PPTX
5 Stages of group development guide.pptx
keerthanashanmugam201
 
PDF
Ôn tập tiếng anh trong kinh doanh nâng cao
thaoonguyenn2311
 
PPT
Data mining for business intelligence ch04 sharda
salmaalsaeed3
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
sales presentation، Training Overview.pptx
hamdullahazimi3
 
Hindu Circuler Economy - Model (Concept)
Avijit Kumar Roy
 
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
Chapter four Project-Preparation material
argachewbochena1
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
AI-assistance in Knowledge Collection and Curation supporting Safe and Sustai...
Barry Hardy
 
CkgxkgxydkydyldylydlydyldlyddolydyoyyU2.pptx
DSAISUBRAHMANYAAASHR
 
DMT - Profile Brief About Business .pptx
AkhileshKumar724847
 
Lecture 3 - Risk Management and Compliance.pdf
Quan Risk
 
5 Stages of group development guide.pptx
keerthanashanmugam201
 
Ôn tập tiếng anh trong kinh doanh nâng cao
thaoonguyenn2311
 
Data mining for business intelligence ch04 sharda
salmaalsaeed3
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 

ISO 27001 2013 isms final overview

  • 1. www.intertek.com1 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 1Issue 2 © Intertek QATAR www.intertek.com 1 Welcome to the Seminar on INFORMATION SECURITY (ISO 27001:2015) & BUSINESS CONTINUTIY (ISO 22301:2013) QATAR 25th November 2015
  • 2. www.intertek.com2 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 2www.intertek.com2Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview Today we shall be covering following topics INFORMATION SECURITY BUSINESS CONTINUITY RISK MANAGEMENT
  • 3. www.intertek.com3 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 3Issue 2 © Intertek QATAR www.intertek.com 3 AN ORIENTATION Welcome to the Seminar on ISO 27001:2013- QATAR
  • 4. www.intertek.com4 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 4 4
  • 5. www.intertek.com5 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 5 5
  • 6. www.intertek.com6 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 6 CQIMC LA PPT 2 Ver 0.2 6 Hackers target business secrets 28 March 2011 http://www.bbc.co.uk/news/technology-12864666 • Intellectual property and business secrets target for cyber thieves • McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code. • It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres. • The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an insider or cyber thieves. • In some cases, companies made the job of the criminals easier because they did little to censor useful information about a corporate's culture or structure revealed in e-mails and other messages. • 2010 -Stuxnet virus targeted industrial plant equipment. • 2011-attacks on petrochemical firms, the London Stock Exchange, the European Commission .
  • 7. www.intertek.com7 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 7 7CQIMC LA PPT 2 Ver 0.2
  • 8. www.intertek.com8 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 8 8 Some Videos MASSIVE PERSONAL DATA BREACH IN US ?PRINTERS VULNERABILITIES ?
  • 9. www.intertek.com9 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 9 9
  • 10. www.intertek.com10 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 10 InformationThe value of information goes beyond the written words, numbers and images: knowledge, concepts, ideas and brands are examples of intangible forms of information. In an interconnected world, information and related processes, systems, networks and personnel involved in their operation, handling and protection are assets that, like other important business assets, are valuable to an organization’s business and consequently deserve or require protection against various hazards. ISO/IEC 27002:2013 Ver2.0 21 June 2014
  • 11. www.intertek.com11 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 11 11 WHAT IS OF INFORMATION ?
  • 12. www.intertek.com12 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 12 Availability – the property of being accessible and usable upon demand by an authorised entity The elements of information security 12 CQIMC LA PPT 2 Ver 0.2
  • 13. www.intertek.com13 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 13 Information CQIMC LA PPT 2 Ver 0.2 13 act of informing – what is conveyed or represented by a particular arrangement or sequence of things. data as processed, stored, or transmitted by a computer. facts provided or learned about something or someone.
  • 14. www.intertek.com14 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 14 Where is information residing .? 14 Information – is of value to the organization, consequently requires adequate protection! Information needs to be protected !
  • 15. www.intertek.com15 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 15 15 Standards Considered in this Module REQUIREMENT - CERTIFIABLE GUIDELINES – NON - CERTIFIABLE
  • 16. www.intertek.com16Issue 2 © Intertek QATAR www.intertek.com 16 Information Security OverviewInformation Security Overview www.intertek.com16Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW ISO 27001 : 2013
  • 17. www.intertek.com17 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 17 17
  • 18. www.intertek.com18 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 18www.intertek.com18Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview EXTERNAL INTERESTED PARTIES INTERNAL INTEREST ED PARTIES A B C D E G F H ISO 27001:2013
  • 19. www.intertek.com19 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 19www.intertek.com19Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
  • 20. www.intertek.com20 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 20www.intertek.com20Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
  • 21. www.intertek.com21 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 21 Information security Information security – preservation of confidentiality, Integrity and availability of information . In addition, other properties, such as authenticity, accountability (2.2), non- repudiation (2.49), and reliability (2.56) can also be involved. 21
  • 22. www.intertek.com22 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 22 Need to secure Information ? 22 YES >YES > because of THREATS & VULNERABILITIESbecause of THREATS & VULNERABILITIES
  • 23. www.intertek.com23 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 23 23 Info Security Attack can impact
  • 24. www.intertek.com24 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 24 24 ISO 27000:2014 ISMS PRINCIPLES
  • 25. www.intertek.com25 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 25 The structure of ISO 27001:2013 CQIMC LA PPT 2 Ver 0.2 ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation P D C A ISO 27001:2013 Clauses PLAN 1, 4, 5, 6 & 7 > PLANNING, 4, 5, 6 & 7 > PLANNING DO 8 > OPERATION CHECK 9 > PERFORMANCE EVALUATION9 > PERFORMANCE EVALUATION ACT 10 > IMPROVEMENT10 > IMPROVEMENT
  • 26. www.intertek.com26 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 26www.intertek.com26Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview
  • 27. www.intertek.com27 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 27www.intertek.com27Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in order to be aligned with all the other management standards – this is already evident in ISO 22301, the new business continuity management standard. The main clauses now in all the management standards is / and : 0 Introduction 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 5 Leadership 6 Planning
  • 28. www.intertek.com28 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 28 28 1. Qatar HR Law 2009; 2. Qatar Law of Trademark & Commercial Indications Law no. 3 1978; 3. Qatar Copywrite Law no.25 1995; 4. Qatar Public Telecommunications Law no.13 1987; LAWS OF THE LAND – Impacting Information Security
  • 29. www.intertek.com29 Information Security OverviewInformation Security Overview Issue 2 © Intertek QATAR www.intertek.com 29www.intertek.com29Issue 1 © Intertek QATAR www.intertek.com Information Security OverviewInformation Security Overview 4 PHASES OF RISK MANAGEMENT
  • 30. www.intertek.com30Issue 2 © Intertek QATAR www.intertek.com 30 Information Security OverviewInformation Security Overview www.intertek.com30Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW 30 Incident > Product Withdrawal and Product Recall Mattel recalls 1.5 million toys: http://www.youtube.com/watch?v=NlsvfXAQ5v8&fea Lead contamination – Toxic levels of Lead pain lawsuit: http://www.youtube.com/watch?v=3DL4dleEz7I
  • 31. www.intertek.com31Issue 2 © Intertek QATAR www.intertek.com 31 Information Security OverviewInformation Security Overview www.intertek.com31Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW The 2009 Toyota 9 Million Car Recall Toyota Motor Corp. recalled approximately 9 million vehicles in the United States, which was the company’s largest-ever U.S. recall. The purpose of the recall was to address quality assurance and quality control problems with a removable floor mat that could cause accelerators to get stuck and potentially lead to a crash. (Source: Toyota recalls 3.8 million vehicles, MSNBC.com) Incident > Product Withdrawal and Product Recall
  • 32. www.intertek.com32Issue 2 © Intertek QATAR www.intertek.com 32 Information Security OverviewInformation Security Overview www.intertek.com32Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
  • 33. www.intertek.com33Issue 2 © Intertek QATAR www.intertek.com 33 Information Security OverviewInformation Security Overview www.intertek.com33Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO PERFECTION / NON-CONFORMANCE
  • 34. www.intertek.com34Issue 2 © Intertek QATAR www.intertek.com 34 Information Security OverviewInformation Security Overview www.intertek.com34Issue 1 © Intertek QATAR www.intertek.com ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW Now let us understand BCMS THANK YOU !

Editor's Notes

  • #14: The meaning of “Information” having value to the owner (individual / equipment)…information flows always from Sender to Receiver. If the information is breached (even cause may be very trivial), loss happens to the owner and the other party gets benefitted.
  • #15: The Information restores in three media – Electronic Media and / or Human Brain and / or Documents Also note that the controls on vulnerabilities, can be put on electronic media and / or Documents …human brain..only personnel intent cannot be conrolled
  • #24: Confidentiality : property that information is not made available or disclosed to unauthorized individuals, entities, or processes Integrity : property of accuracy and completeness Availability : property of being accessible and usable upon demand by an authorized entity In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.
  • #25: Principles are the basis of believes… guides one to be in right direction. Just like 8 Management Principles. Information Security Management System also has basic 9 principles in place, which Organization has to implement and an Auditor