ISO 27001 2013 isms final overview

www.intertek.com1

Information Security OverviewInformation Security Overview

Issue 2 © Intertek QATAR www.intertek.com 1Issue 2 © Intertek QATAR www.intertek.com 1

Welcome to the Seminar on

INFORMATION SECURITY (ISO 27001:2015)

&

BUSINESS CONTINUTIY (ISO 22301:2013)

QATAR 25th November 2015

www.intertek.com2


Issue 2 © Intertek QATAR www.intertek.com 2

www.intertek.com2Issue 1 © Intertek QATAR www.intertek.com

Information Security OverviewInformation Security Overview Today we shall be covering following topics

INFORMATION SECURITY

BUSINESS CONTINUITY

RISK MANAGEMENT

www.intertek.com3


Issue 2 © Intertek QATAR www.intertek.com 3Issue 2 © Intertek QATAR www.intertek.com 3

AN ORIENTATION

Welcome to the Seminar on ISO 27001:2013- QATAR

www.intertek.com4



www.intertek.com5



www.intertek.com6


Issue 2 © Intertek QATAR www.intertek.com 6CQIMC LA PPT 2 Ver 0.2 6

Hackers target business secrets

28 March 2011 http://www.bbc.co.uk/news/technology-12864666

• Intellectual property and business secrets target for cyber thieves

• McAfee said deals were being done for trade secrets, marketing plans, R&D reports and source code.

• It urged companies to know who looks after their data as it moves into the cloud or third-party hosting centres.

• The McAfee report mentioned cases in Germany, Brazil and Italy in which trade secrets were either stolen by an

insider or cyber thieves.

• In some cases, companies made the job of the criminals easier because they did little to censor useful information

about a corporate's culture or structure revealed in e-mails and other messages.

• 2010 -Stuxnet virus targeted industrial plant equipment.

• 2011-attacks on petrochemical firms, the London Stock Exchange, the European Commission .

http://www.bbc.co.uk/news/technology-12864666

http://www.bbc.co.uk/news/

www.intertek.com7


Issue 2 © Intertek QATAR www.intertek.com 77CQIMC LA PPT 2 Ver 0.2

www.intertek.com8



Some Videos

MASSIVE PERSONAL DATA BREACH IN US ?PRINTERS

VULNERABILITIES ?

http://www.cnbc.com/2015/06/04/us-officials-report-massive-breach-of-federal-personnel-data.html

http://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/

www.intertek.com9



www.intertek.com10



InformationThe value of information goes beyond the written words, numbers and images:

knowledge, concepts, ideas and brands are examples of intangible forms of

information. In an interconnected world, information and related processes,

systems, networks and personnel involved in their operation, handling

and protection are assets that, like other important business assets, are valuable

to an organization’s business and consequently deserve or require protection

against various hazards.ISO/IEC 27002:2013

Ver2.0 21 June 2014

www.intertek.com11



WHAT IS OF INFORMATION ?

www.intertek.com12



Availability – the property of being accessible and

usable upon demand by an authorised

entity

The elements of information security

12CQIMC LA PPT 2 Ver 0.2

www.intertek.com13



Information

CQIMC LA PPT 2 Ver 0.2 13

act of informing –

what is conveyed or represented by a particular arrangement or sequence of things.

data as processed, stored, or transmitted by a computer.

facts provided or learned about something or someone.

www.intertek.com14



Where is information residing .?

14

Information – is of value to the organization, consequently requires adequate protection!

Information needs to be protected !

www.intertek.com15



Standards Considered in this Module

REQUIREMENT - CERTIFIABLE GUIDELINES – NON - CERTIFIABLE

www.intertek.com16Issue 2 © Intertek QATAR www.intertek.com 16



ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEWISO 27001 : 2013

www.intertek.com17



www.intertek.com18





EXTERNAL INTERESTED PARTIES INTERNAL INTERESTED PARTIES

A

B

C

D

E

G

F

H

ISO 27001:2013

www.intertek.com19





www.intertek.com20





www.intertek.com21



Information security

Information security –

preservation of confidentiality, Integrity and availability of information .

In addition, other properties, such as authenticity, accountability (2.2), non-

repudiation (2.49), and reliability (2.56) can also be involved.

21

www.intertek.com22



Need to secure Information ?

22

YES > YES > because of THREATS & VULNERABILITIESbecause of THREATS & VULNERABILITIES

www.intertek.com23



Info Security Attack can impact

www.intertek.com24



ISO 27000:2014

ISMS PRINCIPLES

www.intertek.com25



The structure of ISO 27001:2013

CQIMC LA PPT 2 Ver 0.2 25

ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in

order to be aligned with all the other management standards – this is

already evident in ISO 22301, the new business continuity management

standard. The main clauses now in all the management standards is /

and :

0 Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Context of the organization

5 Leadership

6 Planning

7 Support

8 Operation

9 Performance evaluation

10 Improvement

P D C A ISO 27001:2013 Clauses

PLAN 1, 4, 5, 6 & 7 > PLANNING, 4, 5, 6 & 7 > PLANNING

DO 8 > OPERATIONCHECK 9 > PERFORMANCE EVALUATION9 > PERFORMANCE EVALUATION

ACT 10 > IMPROVEMENT10 > IMPROVEMENT

www.intertek.com26





www.intertek.com27





ISO 27001:2013 is compliant with Annex SL of ISO/IEC Directives, in

order to be aligned with all the other management standards – this is

already evident in ISO 22301, the new business continuity management

standard. The main clauses now in all the management standards is /

and :

0 Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Context of the organization

5 Leadership

6 Planning

7 Support

8 Operation

9 Performance evaluation

10 Improvement

www.intertek.com28



1. Qatar HR Law 2009;

2. Qatar Law of Trademark & Commercial Indications Law no. 3 1978;

3. Qatar Copywrite Law no.25 1995;

4. Qatar Public Telecommunications Law no.13 1987;

5. Qatar Decree ict QATAR Law no. 34 of 2004 & 26 of 2006

LAWS OF THE LAND – Impacting Information Security

www.intertek.com29




Information Security OverviewInformation Security Overview 4 PHASES OF RISK MANAGEMENT




ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW

30

Incident > Product Withdrawal and Product Recall

Mattel recalls 1.5 million toys:

http://www.youtube.com/watch?v=NlsvfXAQ5v8&

feature=fvw

Lead contamination – Toxic levels of Lead pain

lawsuit:

http://www.youtube.com/watch?v=3DL4dleEz7I

http://www.youtube.com/watch?v=NlsvfXAQ5v8&feature=fvw

http://www.youtube.com/watch?v=NlsvfXAQ5v8&feature=fvw

http://www.youtube.com/watch?v=3DL4dleEz7I





The 2009 Toyota 9 Million Car Recall

Toyota Motor Corp. recalled approximately 9 million vehicles in the United States, which was the company’s

largest-ever U.S. recall. The purpose of the recall was to address quality assurance and quality control

problems with a removable floor mat that could cause accelerators to get stuck and potentially lead to a crash.

(Source: Toyota recalls 3.8 million vehicles, MSNBC.com)

Toyota, which up until that point prided itself on its quality practices, had made the decision in the 1990's to put a

greater emphasis on growth. They failed to adhere to the quality principle of employee involvement, as there was

less employee engagement and sharing of best practices. While the CEO was proactive about cancelling the

sales and productions of the recalled models, 52 people lost their lives as a result of motor vehicle crashes

Incident > Product Withdrawal and Product Recall




ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO

PERFECTION / NON-CONFORMANCE




ISO 27001 : 2013 OVERVIEWISO 27001 : 2013 OVERVIEW COST IMPACT DUE TO

PERFECTION / NON-CONFORMANCE





Now let us understand BCMS

THANK YOU !

Date post:	23-Jan-2017
Category:	Business
Upload:	naresh-rao
View:	281 times
Download:	7 times

ISO 27001 2013 isms final overview

Business