Abstract image of a woman sitting on books and studying on a laptop

Information security-management-system

Download as PPT, PDF
I
intellisenseit

This document discusses information security management systems (ISMS). It defines information and its lifecycle, including how information can be created, stored, processed, transmitted, used, lost, corrupted, etc. It then defines the key aspects of information security - integrity, availability, and confidentiality. It emphasizes that information is a valuable asset for organizations that needs to be protected. The document outlines some of the main components of establishing an ISMS, including risk management, policies, training, and processes. It also discusses ISO 27001 as the international standard for ISMS and its various control areas.

Technology
Related topics:
Information SecurityISO 27001 Overview IT Security
1 of 18
Downloaded 237 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
INFORMATION SECURITY Management System Dr Kalpesh Parikh INFORMATION SECURITY - Management (ISMS)
INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information? “Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected.” BS 7799-1:2000
INFORMATION SECURITY Management System Dr Kalpesh Parikh Types of Information • Printed or written on paper • Stored electronically • Transmitted by post or using electronic means • Shown on corporate videos • Verbal - spoken in conversations “…...Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected” (ISO/IEC 17799: 2000)
INFORMATION SECURITY Management System Dr Kalpesh Parikh Information Lifecycle Information can be: Created Stored Destroyed ? Processed Transmitted Used (for proper and improper purposes) Lost ! Corrupted !
INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information Security Integrity Safeguarding the accuracy & completeness of information and processing methods Availability Ensuring that authorized users have access to information and associated assets when required Confidentiality Ensuring that information is accessible only to those authorized to have access
INFORMATION SECURITY Management System Dr Kalpesh Parikh How to Achieve Information Security •Attitude Building •Efforts v/s Value of Asset •Segmentation •Harmonization •Concept of Insurance •Managing Risk •Objective Evidence through Monitoring and Analysis
INFORMATION SECURITY Management System Dr Kalpesh Parikh Why Information Security Management System? Information is an Asset • Not known even if stolen • Challenge is you don’t know – how to know • Theoretically any information can get stolen • Affects every one • Technical and Technology is subset of complete domain • Dynamic in nature • Very complex to manage
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Commitment You have my full commitment….. Apart from money, time resources and attention and just so long as I don’t have to be involved
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG – Predictability Default Style
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG - Risk Management – Onion Structure Technology Environment Information Human Firewall Standards Policies T r a i n i n g P r o c e s s e s Management
INFORMATION SECURITY Management System Dr Kalpesh Parikh Plan-Do-Check-Act Cycle of ISMS
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS – Information assets and Valuation • An inventory of all important assets shall be drawn up and maintained. Accountability shall be defined. • What are Assets ? Organisation assigns value to something Eg. Information assets, paper doc, s/w , physical, people, company image and reputation, services. • Which Assets ? Asset materially affect delivery of product/service by their absence or degradation. • Valuation What System – 0 to 5 (Quantitative) - low to very high (Qualitative)
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Assessment Threat : “Potential to cause an unwanted incident which may result in harm to a system or organization and its assets” Eg. Natural disaster, Human, Technological, Theft/Loss Vulnerability: A vulnerability is a weakness/hole in an organisation’s Information System. Eg. Unprotected cabling, unstable power grid, wrong allocation of password
INFORMATION SECURITY Management System Dr Kalpesh Parikh Risk: The possibility of incurring misfortune or loss; hazard (to expose to danger or loss) At Risk: Vulnerable; likely to be lost /damaged Security Risk: Potential that a given threat will exploit vulnerabilities to cause loss or damage to an asset or group of Info Asset. Measuring Risk: Risk = Value X Threat X Vulnerability X Probability of asset of Happening ISMS - Risk Assessment
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Treatment Plan Coordinated document defining the actions to reduce unacceptable risks and implement the required controls to protect information. Direction : Treat, Transfer, Terminate, Tolerate Treatment : Define an acceptable level of residual risk constantly review Threat and Vulnerabilities Review exiting controls apply additional security controls introducing policy and procedures Controls: Which Controls ? / Selection of Control
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Statement of Applicability (SOA) •The statement of Applicability is a critique of the objectives and controls, which the organization has selected as suitable to its business needs. The statement will also record exclusion of any controls. • Risk Assessment will determine which controls should be implemented • Justification of which controls are relevant and not relevant
INFORMATION SECURITY Management System Dr Kalpesh Parikh ISO 27001 (ISMS) Control Areas 1. Security Policy 2. Security Organization 3. Asset Classification and Control 4. Personnel Security 5. Physical and Environmental Security 6. Communications and Operations Management 7. Access Control 8. Systems Development and Maintenance 9. Business Continuity Planning 10. Compliance
INFORMATION SECURITY Management System Dr Kalpesh Parikh

More Related Content

PDF
Building an effective Information Security Roadmap
Elliott Franklin
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PDF
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PDF
Security Awareness Training
Daniel P Wallace
 
PDF
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
PPTX
Soc
Mukesh Chaudhari
 
Building an effective Information Security Roadmap
Elliott Franklin
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Security Awareness Training
Daniel P Wallace
 
How To Present Cyber Security To Senior Management Complete Deck
SlideTeam
 
Soc
Mukesh Chaudhari
 

What's hot (20)

PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
PPTX
Build an Information Security Strategy
Andrew Byers
 
PPTX
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
PPTX
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PDF
Information Security Awareness Training
Randy Bowman
 
PDF
Information security management system (isms) overview
Julia Urbina-Pineda
 
PDF
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
PPTX
Iso 27001 isms presentation
Midhun Nirmal
 
PDF
Security architecture
Duncan Unwin
 
PPTX
The Zero Trust Model of Information Security
Tripwire
 
PPT
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PPTX
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPTX
Security Operation Center Fundamental
Amir Hossein Zargaran
 
PPTX
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
PDF
Data Leakage Prevention (DLP)
Network Intelligence India
 
PPTX
SIEM presentation final
Rizwan S
 
PPTX
Security operation center (SOC)
Ahmed Ayman
 
PPT
ISO 27001 Benefits
Dejan Kosutic
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Build an Information Security Strategy
Andrew Byers
 
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Information Security Awareness Training
Randy Bowman
 
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Iso 27001 isms presentation
Midhun Nirmal
 
Security architecture
Duncan Unwin
 
The Zero Trust Model of Information Security
Tripwire
 
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Data Leakage Prevention (DLP)
Network Intelligence India
 
SIEM presentation final
Rizwan S
 
Security operation center (SOC)
Ahmed Ayman
 
ISO 27001 Benefits
Dejan Kosutic
 
Ad

Viewers also liked (20)

PPTX
Information security management system
Arani Srinivasan
 
PPT
Information Security Management Systems(ISMS) By Dr Wafula
Discover JKUAT
 
PPTX
Information Security Lecture #1 ppt
vasanthimuniasamy
 
PPTX
INFORMATION SECURITY
Ahmed Moussa
 
PDF
Manage your Information Security Management System (ISMS) with Odoo
Maxime Chambreuil
 
PPTX
Jurnal rangkuman
Muhammad Hamid
 
PPSX
Isms Implementer Course Module 1 Introduction To Information Security
anilchip
 
PPT
Information systems 365 lecture four - Security Policy Development, Data Clas...
Nicholas Davis
 
PPTX
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
IndependentCertificationServices
 
PPT
ISMS implementation challenges-KASYS
Reza Teynia ISMS, ITSM, MSc
 
PPTX
Information security management best practice
parves kamal
 
PDF
Evolución Familia ISO 27000 a octubre del 2016
Ricardo Urbina Miranda
 
PDF
Manajemen Risiko
ulianiati
 
PPT
Overview of ISO 27001 ISMS
Akhil Garg
 
PPTX
All you wanted to know about iso 27000
Ramana K V
 
PPTX
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
Biswajit Bhattacharjee
 
PPTX
Accounting information system
SAKET KASHYAP
 
ODP
Thesis presentation
Sebastian Hellmann
 
PPSX
Personnel policies
SMART LEARNING -SEE YOUR WORLD IN DIFFRENT WAY
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
Information security management system
Arani Srinivasan
 
Information Security Management Systems(ISMS) By Dr Wafula
Discover JKUAT
 
Information Security Lecture #1 ppt
vasanthimuniasamy
 
INFORMATION SECURITY
Ahmed Moussa
 
Manage your Information Security Management System (ISMS) with Odoo
Maxime Chambreuil
 
Jurnal rangkuman
Muhammad Hamid
 
Isms Implementer Course Module 1 Introduction To Information Security
anilchip
 
Information systems 365 lecture four - Security Policy Development, Data Clas...
Nicholas Davis
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
IndependentCertificationServices
 
ISMS implementation challenges-KASYS
Reza Teynia ISMS, ITSM, MSc
 
Information security management best practice
parves kamal
 
Evolución Familia ISO 27000 a octubre del 2016
Ricardo Urbina Miranda
 
Manajemen Risiko
ulianiati
 
Overview of ISO 27001 ISMS
Akhil Garg
 
All you wanted to know about iso 27000
Ramana K V
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
Biswajit Bhattacharjee
 
Accounting information system
SAKET KASHYAP
 
Thesis presentation
Sebastian Hellmann
 
Personnel policies
SMART LEARNING -SEE YOUR WORLD IN DIFFRENT WAY
 
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
Ad

Similar to Information security-management-system (20)

PPTX
Information security
avinashbalakrishnan2
 
PDF
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
PPTX
Meaningful Use and Security Risk Analysis
Evan Francen
 
PPT
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Tammy Clark
 
PDF
001_Cybersecurity Fundamentals Security Principles.pdf
chandrabaguswinardi
 
PPT
ch01.ppt
samsam693199
 
PPT
information security presentation topics
Olajide Kuku
 
PPT
CISSP Certified Information System Security Professional_009.ppt
careerbdaugx
 
PPT
educational content, educational contented educational content
Olajide Kuku
 
PPT
INFORMATION SECURITY STUDY GUIDE for STUDENTS
henlydailymotion
 
PPT
isms-presentation.ppt
HasnolAhmad2
 
DOCX
Risk Assessment Famework
lneut03
 
PDF
Solve the exercise in security management.pdf
sdfghj21
 
PPT
FRSecure Sales Deck
Evan Francen
 
PPTX
The Fundamentals of HIPAA Privacy & Security Risk Management
KeySys Health
 
PDF
1 info sec+risk-mgmt
madunix
 
PDF
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
IGN MANTRA
 
PPTX
D1 security and risk management v1.62
AlliedConSapCourses
 
PDF
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
U.S. News Healthcare of Tomorrow
 
PPTX
L1_Introduction.pptx
StevenTharp2
 
Information security
avinashbalakrishnan2
 
1678784047-mid_sem-2.pdf
Rimurutempest594985
 
Meaningful Use and Security Risk Analysis
Evan Francen
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Tammy Clark
 
001_Cybersecurity Fundamentals Security Principles.pdf
chandrabaguswinardi
 
ch01.ppt
samsam693199
 
information security presentation topics
Olajide Kuku
 
CISSP Certified Information System Security Professional_009.ppt
careerbdaugx
 
educational content, educational contented educational content
Olajide Kuku
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
henlydailymotion
 
isms-presentation.ppt
HasnolAhmad2
 
Risk Assessment Famework
lneut03
 
Solve the exercise in security management.pdf
sdfghj21
 
FRSecure Sales Deck
Evan Francen
 
The Fundamentals of HIPAA Privacy & Security Risk Management
KeySys Health
 
1 info sec+risk-mgmt
madunix
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
IGN MANTRA
 
D1 security and risk management v1.62
AlliedConSapCourses
 
Safeguarding Patient Privacy in a Digital Age (Meredith Phillips)
U.S. News Healthcare of Tomorrow
 
L1_Introduction.pptx
StevenTharp2
 

More from intellisenseit (9)

PPTX
ABC of Adding Value
intellisenseit
 
PPT
Android primer
intellisenseit
 
PPT
Corporate Governance
intellisenseit
 
PPT
Internal Process Audit
intellisenseit
 
PPT
Quality Management System
intellisenseit
 
PDF
Ooh mswh profile (ERP for OUT of HOME Media)
intellisenseit
 
PDF
Agro mswh profile (Agro Trading ERP)
intellisenseit
 
PPT
Intellisense it profile
intellisenseit
 
PPT
IntellisenseIT infraMSWH (Construction ERP)
intellisenseit
 
ABC of Adding Value
intellisenseit
 
Android primer
intellisenseit
 
Corporate Governance
intellisenseit
 
Internal Process Audit
intellisenseit
 
Quality Management System
intellisenseit
 
Ooh mswh profile (ERP for OUT of HOME Media)
intellisenseit
 
Agro mswh profile (Agro Trading ERP)
intellisenseit
 
Intellisense it profile
intellisenseit
 
IntellisenseIT infraMSWH (Construction ERP)
intellisenseit
 

Recently uploaded (20)

PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PPTX
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
PDF
Advancing precision in air quality forecasting through machine learning integ...
IAESIJAI
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
PPTX
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
PPTX
Microsoft User Copilot Training Slide Deck
zohoron1
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PDF
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
Advancing precision in air quality forecasting through machine learning integ...
IAESIJAI
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
Internet of Everything -Basic concepts details
sendilkumar66
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
Microsoft User Copilot Training Slide Deck
zohoron1
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 

Information security-management-system

  • 1. INFORMATION SECURITY Management System Dr Kalpesh Parikh INFORMATION SECURITY - Management (ISMS)
  • 2. INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information? “Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected.” BS 7799-1:2000
  • 3. INFORMATION SECURITY Management System Dr Kalpesh Parikh Types of Information • Printed or written on paper • Stored electronically • Transmitted by post or using electronic means • Shown on corporate videos • Verbal - spoken in conversations “…...Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected” (ISO/IEC 17799: 2000)
  • 4. INFORMATION SECURITY Management System Dr Kalpesh Parikh Information Lifecycle Information can be: Created Stored Destroyed ? Processed Transmitted Used (for proper and improper purposes) Lost ! Corrupted !
  • 5. INFORMATION SECURITY Management System Dr Kalpesh Parikh What is Information Security Integrity Safeguarding the accuracy & completeness of information and processing methods Availability Ensuring that authorized users have access to information and associated assets when required Confidentiality Ensuring that information is accessible only to those authorized to have access
  • 6. INFORMATION SECURITY Management System Dr Kalpesh Parikh How to Achieve Information Security •Attitude Building •Efforts v/s Value of Asset •Segmentation •Harmonization •Concept of Insurance •Managing Risk •Objective Evidence through Monitoring and Analysis
  • 7. INFORMATION SECURITY Management System Dr Kalpesh Parikh Why Information Security Management System? Information is an Asset • Not known even if stolen • Challenge is you don’t know – how to know • Theoretically any information can get stolen • Affects every one • Technical and Technology is subset of complete domain • Dynamic in nature • Very complex to manage
  • 8. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Commitment You have my full commitment….. Apart from money, time resources and attention and just so long as I don’t have to be involved
  • 9. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG – Predictability Default Style
  • 10. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISG - Risk Management – Onion Structure Technology Environment Information Human Firewall Standards Policies T r a i n i n g P r o c e s s e s Management
  • 11. INFORMATION SECURITY Management System Dr Kalpesh Parikh Plan-Do-Check-Act Cycle of ISMS
  • 12. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS – Information assets and Valuation • An inventory of all important assets shall be drawn up and maintained. Accountability shall be defined. • What are Assets ? Organisation assigns value to something Eg. Information assets, paper doc, s/w , physical, people, company image and reputation, services. • Which Assets ? Asset materially affect delivery of product/service by their absence or degradation. • Valuation What System – 0 to 5 (Quantitative) - low to very high (Qualitative)
  • 13. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Assessment Threat : “Potential to cause an unwanted incident which may result in harm to a system or organization and its assets” Eg. Natural disaster, Human, Technological, Theft/Loss Vulnerability: A vulnerability is a weakness/hole in an organisation’s Information System. Eg. Unprotected cabling, unstable power grid, wrong allocation of password
  • 14. INFORMATION SECURITY Management System Dr Kalpesh Parikh Risk: The possibility of incurring misfortune or loss; hazard (to expose to danger or loss) At Risk: Vulnerable; likely to be lost /damaged Security Risk: Potential that a given threat will exploit vulnerabilities to cause loss or damage to an asset or group of Info Asset. Measuring Risk: Risk = Value X Threat X Vulnerability X Probability of asset of Happening ISMS - Risk Assessment
  • 15. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Risk Treatment Plan Coordinated document defining the actions to reduce unacceptable risks and implement the required controls to protect information. Direction : Treat, Transfer, Terminate, Tolerate Treatment : Define an acceptable level of residual risk constantly review Threat and Vulnerabilities Review exiting controls apply additional security controls introducing policy and procedures Controls: Which Controls ? / Selection of Control
  • 16. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISMS - Statement of Applicability (SOA) •The statement of Applicability is a critique of the objectives and controls, which the organization has selected as suitable to its business needs. The statement will also record exclusion of any controls. • Risk Assessment will determine which controls should be implemented • Justification of which controls are relevant and not relevant
  • 17. INFORMATION SECURITY Management System Dr Kalpesh Parikh ISO 27001 (ISMS) Control Areas 1. Security Policy 2. Security Organization 3. Asset Classification and Control 4. Personnel Security 5. Physical and Environmental Security 6. Communications and Operations Management 7. Access Control 8. Systems Development and Maintenance 9. Business Continuity Planning 10. Compliance
  • 18. INFORMATION SECURITY Management System Dr Kalpesh Parikh