Challenges and Benefits of Information Security Management

��

��

��

��

��

��

��

�� !�� !

��

��

��

��

��

��

��

Information Security��!��

��

"� ��

��"�#��

��

��

��

��

"��

��

"��!��

$�%�"��

"��

�&��

�&'��

��

" �#��$" �#��$�#�� #�� #�#%#��#�#%#��

& ��%��'(�'��"��) �% ��%�� *�� *�� #�� +�#��

& �$��) �% � �*��,��%�# ��-. �� #�� #��#��#��!�#�� %�#�/��

. ��%�#�#��#�� *��/�

. #$��*�� #�� *�#��#��#� ��#��#�� /�

. ��#��!�#��# ��

0

. �� #��#�� #� ��#��# ��

��

�� #�� #��0�0�1� #�� $� 1� #�� $� ��

Audit

Aspectos essenciais BS ISO/IEC 17799 e 27001Implantação BS ISO/IEC 27001 Auditorias Internas à BS ISO/IEC 27001Auditor Coordenador BS ISO/IEC 27001 (IRCA)(IRCA)

TrainningConsultancy

AnAn 27001 27001 CertifiedCertified LeadLead AuditorAuditor

��

�� #�� #��0�0�1� #�� $� 1� #�� $� " �#��$" �#��$�#�� #�� #�#%#��#�#%#��& "��23�4��

. �� !

. � �� "��!�#��

& 1��5��6"��5(((7. �� !

. �� "��!�#��

& ��8��. �� !

. $% �� &��&��#�� !��#�� '� ��#��(

��

�� #�� #�� #�� #��

& ,'� ��#� ��

& 9��%�# ��

.��" �+��:� ��1� #%��0��

��

��

��

��

��

��.. �� #�� #�� % �#!��% �#!��#��#�!�#��!�#��

& ��#�!�#�� "��23�4��9��'

& ;� ��#�! ��#��#$"��23�4�'99((

.�� "��# ��#��

��

Business

IntelectualInformation

(Knowledge)

PhysicalInformation (Faxs, contracts,

reports, manuals, ...)

Acoustic Information

(Telephone conversations,in public,

in meetings, ...)

LogicalInformation

(electronic records)

VisualInformation

(Vídeo, fotos, environment, ...)

Natural Disasters(Flood, Lightning,Earthquake, ...)

Human Failure(Maintenance errors,

User errors,Lack of staff, ...)

Technical failures(Communication,Lack of energy,

Equipment break-down, ...)

Social Problens(Strikes,

Terrorism Attack, politics, legislation...)

BS

ISO

/IEC

B

S IS

O/IE

C

17799 * 2700117799 * 27001

��

''�''��# ��# ��2�<��#�*��2�<��#�*��

A5 Security policy

A6 Organization of Information Security

A7 Asset management

A15 Compliance

A13 Incident Management

A11 Access control

A8 HRsecurity

A9 Physical and Environmental

security

A10 Communications and operations management

A12 InformationSystems

Acquisition, development

and maintenanceA14 Business continuity management

��

�� #�#�� #�#�� =� �� =

��

��

��

��

��

��

!"#!"#!"#!"#��$��$��$��$��

%�� %�� %�� %�� &��&��&��&��

��

��$��$��$��$��

'�(��$��'�(��$��'�(��$��'�(��$��

��

�� %��)%��)%��)%��)

%��%��%��%��

��"��"��"��"�

%��)%��)%��)%��)

%��%��%��%��

*��*��*��*��*��*��*��*��

��"*��"*��"*��"*�

+�� ', -�+�� ', -�+�� ', -�+�� ', -�+�� ', -�+�� ', -�+�� ', -�+�� ', -�

�.��/�.��/�.��/�.��/�.��/�.��/�.��/�.��/

��

��

>��=>��=��#��#�� $� ��$& �� #$��23�4�)%��9?-��

Monitor and Review

Communicate and Consult

EstablishContext

Identifythe

Risks

Analysethe

Risks

Evaluatethe

Risks

Controlthe

Risks

Assess Risks

��

>��=��#�1 ��>��=��#�1 ��

Asset Identification and Valuation Identification of

Vulnerabilities Identification of ThreatsEvaluation of Impacts

Business Risk

Review of Existing Security Controls Identification of

new Security Controls Policy and

ProceduresImplementation and Risk ReductionRisk Acceptance

(Residual Risk)

Risk Assessment

Risk ManagementRating/ranking of Risks

��

1;1;

��

$��$��

��

@%��#��@%��#��AA

& B$�#�� #��%��!�% �%��%�� !�� *��#!�%#��!�% �%�� C,$ �A

��

$��$��

& %�#% ��# ��.>��#�� *�1 �*��#��

��

��

��

� ��

%0��12��3��4��5��

��

$��$��

& ��=�� #

.��

."%��#�

.�$� �$��

.%�#��

��

$��$��

& ��=�� 8#� ��%��#��

.��%��#��*� ��#�� % ��

.��%�� %� � � ��<%�#��

%0��12��3��4��5��

��

$��$��

& ��%��#��%�# !D�� >��=�

.��#$��%��0� � %#�#��

.��#$��%��% *�*��

.��=�� $��$�� #��#��=��#�#%#��6�7

��

�� #�� #

�� * *�6 �� 7* �� -��

��*�� "�� *�*��#�� 68� ��#��* ��* �� *9�� :��

�:�;

��

$��$��

& �� #��>��=��#�� $

& ��%��#�=��#�

�*��#$�%#�� #��#�� %#��

��

$��$��

& ��#�*��$��!�� $

& ��#��#��#$�� $#��2

.� ��A�� $� �A�B$�A�E��A

& ��#� �� #�� #��

.;� � #��#�� #% ��0��%�#% �

��

$��$��

& ��%�� F"��# ��#��G. ��2H��"��I�A

& ;��*�� F� #��#��G. ��2�(��'�$��I

& �� D�� $��#% �#!

& ��=�� %��% � #��%��#�#��

��

�9��'��9��'�� #��#�� #��#��

<<<;=��;��*

��

$��$��

&)��## �#��*��#�� +

��

"��#�"��#�JJ

��

"��#�"��#�

& �� *��#�� J

.�� #�� #��& �#��3�K��D� �#��

&��

& >2��

��

"��#�"��#�

& "%��#��%�#!��#

.�� I

.�� #$�� F��$��!��#��%�#!IG

.�� #$�� F"%��#��%�#!1��G

!"��#$�%��&#'''!"��#$�%��&#'''

<<<;�#��;��"<<<;�#��;��"<<<;�#��;��"<<<;�#��;��"

��

"��#�"��#�

& 2�D�� #$"%�� #��#�� JJJ

& �# �#�� #�� #��#$�%�� L%� ��#�

��

"��#�"��#�

& 1 �� *��#

& B�� # �� "%��#

& �� *��#�� *� ��%��L%��#!

& %�#% ��$��3�$��#. >�� #!JJJJ

& � ��D% � � #%��#!��*��#��

��

"��#�"��#�

& F,��G�� #� ��#$��$��$ �#�� =�#��#��

& �� #$F��#&��( �� #

��

@%��#��@%��#��AA

& ��!�% � �#��%�� #�� #��#��#��% *�*�#$��8#��#A

��

Attribution. You must give the original author credit.

For any reuse or distribution, you must make clear to others the license terms of this work.

Any of these conditions can be waived if you get permission from the author.

Your fair use and other rights are in no way affected by the above.

This work is licensed under the Creative Commons Attribution-NoDerivs License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.

Creative Commons Attribution-NoDerivs 2.0

You are free:

•to copy, distribute, display, and perform this work

•to make commercial use of this work

Under the following conditions:

No Derivative Works. You may not alter, transform, or build upon this work.

��

��

��

��

�EK��M2N��->?-�@� >� �;�'��->?-�@� >� �;�'��->?-�@� >� �;�'��->?-�@� >� �;�'� �? @� >� �;�'��? @� >� �;�'��? @� >� �;�'��? @� >� �;�'�

Date post:	22-Nov-2014
Category:	Technology
Upload:	conferencias-fist
View:	405 times
Download:	0 times

Challenges and Benefits of Information Security Management

Technology