iso iec 27001 n.
Download
Skip this Video
Download Presentation
ISO/IEC 27001

Loading in 2 Seconds...

play fullscreen
1 / 8

ISO/IEC 27001 - PowerPoint PPT Presentation


  • 153 Views
  • Uploaded on

ISO/IEC 27001. Winnie Chan BADM 559 Professor Shaw 12/15/2008. ISO/IEC 27001 Objective. To provide a guide for establishing, implementing, reviewing, and maintaining a firm’s Information Security Management System (ISMS)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ISO/IEC 27001' - hayes-levine


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
iso iec 27001

ISO/IEC 27001

Winnie Chan

BADM 559

Professor Shaw

12/15/2008

iso iec 27001 objective
ISO/IEC 27001 Objective
  • To provide a guide for establishing, implementing, reviewing, and maintaining a firm’s Information Security Management System (ISMS)
    • Using a Continual Improvement Approach Known as the Plan-Do-Check-Act (PDCA) Cycle
pdca cycle
PDCA Cycle
  • Plan Stage
    • Involves establishment of a Firm’s Security Objectives and Methods to Achieve Those Are Drafted Out Using a Risk Assessment Approach
    • Appropriate Information Security Controls Determined
  • Do Stage
    • Plan is Implemented
  • Act Stage
    • Analyze Results and Compare Actual Accomplishments to Planned Objectives
  • Check Stage
    • Continuously Makes Necessary Changes Until the Best Future Result From the ISMS is Obtained.
iso iec 27001 history
ISO/IEC 27001 History
  • First part of the growing ISO/IEC 27000 (ISO 27K) Family
    • Series of Information Security Standards Developed to Protect the Reliability, Confidentiality, and Accessibility of Essential Data that Firms Rely On
  • Derived From the 1999 British Standard (BS) 7799- Part 2
  • In October 2005:
    • Adopted By the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)
  • Also Known As “Information Security Management- Specification with Guidance for Use”
iso iec 27001 structure
ISO/IEC 27001 Structure
  • 8 Major Sections:
    • Scope, Normative References, Terms and Definitions, ISMS, Management Responsibility, Internal ISMS Audits, Management Review of the ISMS, and ISMS Improvements
  • 3 Main Annexes:
    • Control Objectives and Controls
    • Organisation for Economic Co-Operation and Development (OECD) Principles
    • ISO/IEC 27001, and the correspondence between ISO 9001 (Quality Management Systems Standard) , ISO 14001 (Environmental Management Systems Standard) and ISO/IEC 27001.
certification process
Certification Process
  • Desktop Audit
    • Accredited Certification Body Auditor
      • Examines a Firm’s Relevant Documents Like its Statement of Applicability (SoA) and Risk Treatment Plan (RTP)
  • On-Site Audit
    • Certification Body
      • Sends an Audit Team to Perform an In-Dept Assessment of a Firm’s Information Security System’s Implementation
  • Firm Agrees to Surveillance Schedule
    • Certification Body Periodically Checks Firm’s ISMS Every 6-9 Months
  • Issuance of Certificate
    • Certificate Only Lasts for 3 years after Initial Certification
pros to certification
Pros to Certification
  • Certified Firms:
    • Meets US Legislative Requirements
      • Sarbanes Oxley Section 404
      • Statement of Auditing Standards (SAS) 70
      • Health Insurance Portability and Accountability Act (HIPAA) Requirements
    • Have Reduced Regulation Costs
    • May Get Insurance Reduction Premiums
    • Results in Improved
      • Confidence from Suppliers, Customers, and Stakeholders
    • Have Competitive Advantage
update on iso iec 27001
Update on ISO/IEC 27001
  • ISO/IEC 27001 currently being revised by renown experts in information security area
    • Angelika Plate
    • Matthieu Grall
  • Revised version Expected to Be Published Sometime in 2009 or 2010