Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda
2. Concepts;
4. Conclusion;
1. Introduction
● Management Direction
Management ● Management of
Information Security Tech
2. Concepts
Information
Security
Information security, sometimes
shortened to InfoSec, is the practice of
preventing unauthorized access, use,
Information
disclosure, disruption, modification,
inspection, recording or destruction of
information. The information or data may
Security
take any form, e.g. electronic or physical.
Information security's primary focus is the
balanced protection of the confidentiality,
integrity and availability of data (also
known as the CIA triad).
● Confidentiality means preserving
authorised restrictions on access
and disclosure, including means for
protecting privacy and proprietary
information.
Security
or destruction, and includes
ensuring information
non-repudiation and authenticity.
Advantages?
Why is it important?
ISO/IEC 27001 is an information
security standard, part of the ISO/IEC
27000 family of standards, of which the
last version was published in 2013, with a
few minor updates since then. It is
published by the International
ISO/IEC 27001
Organization for Standardization (ISO)
and the International Electrotechnical
Commission (IEC) under the joint ISO
and IEC subcommittee, ISO/IEC JTC 1/SC
27.
What exactly is ISO 27001 ?
The international standard ISO 27001
specifies an Information Security
Management System (ISMS). This RIMS is
structured in four complementary
recurring steps (i. e. planning
implementation, verification,
improvement), in order to respect the
principle of the Deming PDCA (Plan, Do,
Do Act
Advantages
Advantages
1°) Use the ISO/IEC 27001 standard, an internationally recognized model that incorporates the best practices of
information security experts.
2°) Identify and control data security risks (a 2006 DTI study estimated that £10 billion of annual damage to
British companies' information systems was suffered by British companies).
3°) Systematize a continuous improvement process in line with the company's overall management system.
4°) Comply with legal and regulatory requirements concerning the protection of information and the
guarantee of business continuity.
5°) Ensure the security of shared data for principals and third parties through your ISO/IEC 27001 certification.
3°) International recognition of your ISO/ IEC 27001 certification duly accredited and registered
(www.iso27001certificates.com)
4°) LRQA, an actor involved in the management of information systems, is a partner of itSMF
and IT expert organizations
The ISO 27001 standard includes 6 process areas
The ISO 27001 standard includes 6 process areas
COBIT
process framework to implement and execute
information security.
COBIT describes processes, practices, and
control objectives for managing and
operating IT systems, including their security
state. Organizations using the framework report
an increased ability to deliver high quality
service to their customers, which includes being
able to measure and satisfy confidentiality,
availability, and integrity requirements.
Compliance
What is compliance?
Why is it important?
Compliance
The implementation project should begin with the appointment of a project leader,
who will work with other staff members. It is essentially a set of answers to the following
questions:
The next step is to adopt a methodology for setting up an ISMS. The ISO 27001 standard
recognizes that the continuous improvement approach using a process-based
approach is the most effective model for information security management.
However, it does not specify any specific methodology and allows organizations to use
the method of their choice or to continue with the model already in place.
At this stage, the ISMS will need a broader meaning of the framework. This includes
identifying the scope of the system, which will depend on the context. The scope must
also take into account mobile devices and teleworkers.
4°) Safety criteria
Organizations must identify their key security needs. These are the corresponding
requirements and measures or controls necessary to manage the company.
You will also need to develop a process to identify, review and maintain the skills
necessary to achieve your ISMS objectives. This includes setting up analyses and
defining a good level of competence.
Once the ISMS is in place, organizations should try to obtain a certificate from an
accredited certification body. This proves to stakeholders that ISMS is effective and
that organizations understand the importance of information security.
5. GDPR <https://eugdpr.org/>
8. ISMS by Ecci
<http://www.eccinternational.com/consulting/it-process-excellence/iso-27001-information-security-management-system>
Bruno Asai
THANK YOU.
Sindia Razafintsalama
Xavier Le Corre