ISMS Implementer Course

Module 1
Introduction to Information Security

© Infocounselors ISMS Implementer Course (V 1.0)

 Introduction to Information
Security
What is Information?
Information is stimuli that has meaning in
some context for its receiver. When
information is entered into and stored in
a computer, it is generally referred to as
data. After processing output data can
again be perceived as information.

(Source: SearchSQLServer.com Definitions)

© Infocounselors ISMS Implementer Course 22

(V 1.0)
 Introduction to Information
Security
What is Information?
“Information” is an asset which,
like other important business
assets, has value to an
organization and consequently
needs to be suitably protected.

(Source: ISO 27002)

© Infocounselors ISMS Implementer Course 33

(V 1.0)
 Introduction to Information
Security
Information – Life Cycle

Creation

Storage
Access
Modification
Processing Transmissio
n
Destructio Printing
© Infocounselors n ISMS Implementer Course 44
(V 1.0)
 Introduction to Information
Security
Where the ‘Information’ is

located?
Data storage Accessed through


devices ◦ Desktop / Laptop

◦ Hard disks ◦ File server
◦ CDs / Floppies ◦ Internet / Web
◦ Pen drives server
◦ Zip drives ◦ Mail server (mail
◦ Tapes / DATs …… boxes)…
 Physical copies  Accessed by
◦ Printed reports, ◦ Employees
documents, graphs ◦ Contractors
… ◦ Business partners
◦ Vendors ………
ISMS Implementer Course 55
© Infocounselors
(V 1.0)
 Introduction to Information
Security
What are information risks?
Risks present at each and every step in the
information life cycle
Risks such as
● Theft
● Misuse
● Corruption
● Denial
● Destruction
● ………………………

© Infocounselors ISMS Implementer Course 66

(V 1.0)
 Introduction to Information
Security
Information Security Components

Availability : Authorized users shall have access

to the information as and when required for the
business use

Integrity : Accuracy and completeness of information

and information processing methods

Confidentiality : Information shall be accessible only

to the users based on need-to-know, need-to-use
© Infocounselors ISMS Implementer Course 77
(V 1.0)
 Introduction to Information
Security
Information Security:

Preservation of confidentiality,
integrity and availability of
information; in addition, other
properties such as authenticity,
accountability, non-repudiation and
reliability can also be involved
(ISO27001)

© Infocounselors ISMS Implementer Course 88

(V 1.0)
 Introduction to Information
Security
Information Security Pillars:

T
E
P C
P R H
E O N
O C O
P L
E O
L S G
E S Y

© Infocounselors ISMS Implementer Course 99

(V 1.0)
 Introduction to Information
Security
Goal is to protect ‘Information’

3 components : A – I - C

3 pillars: People – Process – Technology

© Infocounselors ISMS Implementer Course 10

(V 1.0) 10
 Introduction to Information
Security
A holistic or enterprise information
security approach is required
Proper identification of information
to be protected
Assessment of risks to information
Risk mitigation measures
Process based approach
Management system
© Infocounselors ISMS Implementer Course 11
(V 1.0) 11
 Introduction to Information
Security
Approach towards enterprise
security:
PersonnelPersonnel
Layered defense
Physical Physical

Technology
Technology

Information
Information

© Infocounselors ISMS Implementer Course 12

(V 1.0) 12
 Introduction to Information
Security
How to proceed with implementation
of a structured Information Security
Management System (ISMS)?

Proceed to Module 2 of this

course……..
The complete course consists of 15
modules

© Infocounselors ISMS Implementer Course 13

(V 1.0) 13
 Introduction to Information
Security
For Feedback / Queries mail to:

anil@infocounselors.com
www.infocounselors.com

Course designed and delivered by:

Mumbai – India

© Infocounselors ISMS Implementer Course 14

(V 1.0) 14