Benvenuto in Scribd!

ISO 27001 - Operations

Caricato da

Il 0% ha trovato utile questo documento (0 voti)

116 visualizzazioni13 pagine

The document discusses operational procedures and controls for ISO 27001:2013 information security standards. It outlines policies for documented operating procedures, change management, capacity management, separation of development and testing environments, malware protection, backups, event logging, log protection, administrator logging, clock synchronization, control of operational software, and information system audits. The goal is to establish controls to protect information security and systems from various risks while minimizing disruption to business operations.

Descrizione originale:

Titolo originale

ISO 27001 - Operations.pptx

Copyright

Formati disponibili

PPTX, PDF, TXT o leggi online da Scribd

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Segnala questo documento

Copyright:

Formati disponibili

Scarica in formato PPTX, PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Il 0% ha trovato utile questo documento (0 voti)

116 visualizzazioni13 pagine

ISO 27001 - Operations

Caricato da

Sasikala Mani

Copyright:

Formati disponibili

Scarica in formato PPTX, PDF, TXT o leggi online su Scribd

Segnala contenuti inappropriati

Salta alla pagina

Sei sulla pagina 1di 13

Cerca all'interno del documento

ISO 27001:2013

- OPERATIONS SECURITY

By DSRC Quality Assurance Group

 Documented Operating procedures – Vouch for procedures
and policies.
 Installation and configuration of systems
 Handling of information
 Backup

 Error Handling or Issue tracking

 Escalation and remedial instructions
 Log Management

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Change Management – Changes which will affect
information security with respect to CIA need to be
controlled.
 Identification

 Planning and testing

 Impact Analysis
 Review and Approval
 Communication

 Fall back process incase of failure

 Handling Emergency Changes

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Capacity Management – for Future use of Resources
 Requirement Analysis – Criticality of Business
New Business requirements
Removal of Obsolete Data
Performance Tuning of systems and process
Restriction on Band-width usages during delivery etc
Resource (human) requirement and their
Capacity/Competence

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Separation of Development, Testing and Operational
Environments– Protection of Operational environment from all
types of Risks.
Segregation of Development, Testing and Operational Systems
Maintenance of production and test data
Handling of Exceptional cases
Segregation of Users based on their activities
Protection of Business critical or highly secured data from Production,
testing and operational process

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Controls
against Malware – Protection of facilities from
Malware threat
 Detect, Prevent and Recover
 Protection from Unwanted downloads
 Periodical review
 Whitelisting and Blacklisting
 Fall back process incase of failure
 Escalation

PROTECTION FROM MALWARE

 Backup – To Protect Loss of Data, DR and BCP.
 Clearly defined Backup Policy – Contract Obligation
 Plan – Data, Systems and Tools and physical
information's
 DR/BCP – Time testing
 Periodicity – Retention Period – Media
 Storage place and tools
 DR site

BACKUP
 EventLogging– Recording operational events of information
security
Event logging – Legally viable
When, Where, Whom, What and Why
Attempts of Access, Installation, Configuration
Change
Activation and de-activation of system controls
(antivirus)

LOGGING AND MONITORING

 Protection of Log information– Backup of System Logs

Meant for Legal evidence

Protected against, tampering or deletion
Access Restriction
Part of backup schedule
Periodicalreview of Protection Controls in place with
Capacity review

LOGGING AND MONITORING

 Administrator
and Operator logs– Recording operational
events of administrator and operator of information facility
Administrator privilege
Privilege access to operators
Critical data/ system access
Intrusion detection system

 Clock Synchronization – Meant for accuracy of event logging

which makes the log evidence legally acceptable in terms of
accuracy as per the statutory and regulatory rules or under
court of law

LOGGING AND MONITORING

 Ensure Integrity of Operational systems
 Trained candidate only authorized to perform changes
 Change control need to be applied
 Roll back facility need to be done – incase of contingency
 Necessary review and approvals before change
 Audit log should be maintained
 Restricted Access management incase of outside suppliers

CONTROL OF OPERATIONAL SOFTWARE

 Information systems audit controls– Minimize the impact of audit
activities on Business operations
 Approval to carry out audit on Information systems
 Scope of technical audit – to be agreed by stakeholders
 Audit access can be given with read-only on data
 Separation files - copy for full access - based on NDA
 Any trial which affects the operation - should be done after
business hours
 Allaudit trails need to be recorded and monitored through
Event log management

INFORMATION SYSTEM AUDIT CONSIDERATIONS

THANK YOU

Potrebbero piacerti anche

Security 101: Training, Awareness, and Strategies Stephen Cobb, CISSP Senior Security Researcher Eset Na
Documento41 pagine
Security 101: Training, Awareness, and Strategies Stephen Cobb, CISSP Senior Security Researcher Eset Na
Christen Castillo
Nessuna valutazione finora
Information Technology Audit Methodology:: Planning Phase
Documento4 pagine
Information Technology Audit Methodology:: Planning Phase
shakawath
Nessuna valutazione finora
A1 ISMS Manual - v1
Documento13 pagine
A1 ISMS Manual - v1
Rharif Anass
Nessuna valutazione finora
Information Backups
Documento7 pagine
Information Backups
Igun Zilla
Nessuna valutazione finora
ISCP Low Impact Template
Documento18 pagine
ISCP Low Impact Template
Chandra Rao
Nessuna valutazione finora
Manual Generador Kohler
Documento72 pagine
Manual Generador Kohler
EdrazGonzalez
Nessuna valutazione finora
Data Backup Policy-SI
Documento10 pagine
Data Backup Policy-SI
Chetan Patel
Nessuna valutazione finora
ISMS Requirements
Documento6 pagine
ISMS Requirements
Wellington Watanabe Filho
100% (1)
Data Center Physical Security Best Practices Checklist PDF
Documento3 pagine
Data Center Physical Security Best Practices Checklist PDF
aL Doom
Nessuna valutazione finora
SearchDisasterRecovery Business Impact Analysis Questionnaire
Documento3 pagine
SearchDisasterRecovery Business Impact Analysis Questionnaire
barber bob
Nessuna valutazione finora
Information Systems Audit 2022
Documento52 pagine
Information Systems Audit 2022
Anthony Flores
Nessuna valutazione finora
DRP Test Worksheet
Documento11 pagine
DRP Test Worksheet
Sutawan Slv
Nessuna valutazione finora
IT Security
Documento23 pagine
IT Security
andreas butarbutar
Nessuna valutazione finora
Kiwiqa Services: Web Application Vapt Report
Documento25 pagine
Kiwiqa Services: Web Application Vapt Report
Rinkesh
Nessuna valutazione finora
Data Backup and Restoration Procedure
Documento4 pagine
Data Backup and Restoration Procedure
Kier925
Nessuna valutazione finora
Network Security Documentation Checklist (2009)
Documento3 pagine
Network Security Documentation Checklist (2009)
Dushyant Tyagi
Nessuna valutazione finora
Verma Toys Leona Bebe PDF
Documento28 pagine
Verma Toys Leona Bebe PDF
SILVIA ROMERO
100% (3)
Brand Guidelines Oracle PDF
Documento39 pagine
Brand Guidelines Oracle PDF
Marco Cano
Nessuna valutazione finora
Perations Ecurity Olicy: Inspiring Business Innovation
Documento20 pagine
Perations Ecurity Olicy: Inspiring Business Innovation
rontechtips
Nessuna valutazione finora
OT Cyber Security Non-Conformance Management
Documento14 pagine
OT Cyber Security Non-Conformance Management
KP
Nessuna valutazione finora
Backup Policy 201803281526230244
Documento4 pagine
Backup Policy 201803281526230244
Tagalog, John Kevin
Nessuna valutazione finora
1 Cyber Security Intro
Documento6 pagine
1 Cyber Security Intro
Shivansh Yashasvi
Nessuna valutazione finora
EndUser Backup Policy
Documento3 pagine
EndUser Backup Policy
aami6
Nessuna valutazione finora
Summary - A Short Course On Swing Trading
Documento2 pagine
Summary - A Short Course On Swing Trading
sumon
Nessuna valutazione finora
1.07 Secure Data Center Access Policy
Documento4 pagine
1.07 Secure Data Center Access Policy
Gading Aji
Nessuna valutazione finora
Seven Steps To Creating An Effective Computer Security Incident Response Team
Documento8 pagine
Seven Steps To Creating An Effective Computer Security Incident Response Team
MarcosArauco
100% (1)
Disaster Recovery Checklist
Documento2 pagine
Disaster Recovery Checklist
Chris
Nessuna valutazione finora
SR - No. Audit Checklists Items Interviewed R/Per. Remarks
Documento4 pagine
SR - No. Audit Checklists Items Interviewed R/Per. Remarks
Peace For All Ireland
Nessuna valutazione finora
IT Security Policy For Shantel
Documento13 pagine
IT Security Policy For Shantel
nompilo monica nkala
Nessuna valutazione finora
System Recovery Plan
Documento20 pagine
System Recovery Plan
Josh Carpenter
0% (1)
BCP Worksheet
Documento15 pagine
BCP Worksheet
Sushma Kishore
Nessuna valutazione finora
Audit Program - Business Continuity
Documento3 pagine
Audit Program - Business Continuity
globx
Nessuna valutazione finora
SCIO Access Control
Documento21 pagine
SCIO Access Control
Sami Napoleon
Nessuna valutazione finora
ISO27k Controls Cross Check
Documento6 pagine
ISO27k Controls Cross Check
Christen Castillo
Nessuna valutazione finora
Policy On User Account Creation, Modification, and Deletion - 1
Documento2 pagine
Policy On User Account Creation, Modification, and Deletion - 1
Rob Mar
100% (1)
Vijay - Challenges of An ISMS Implementation
Documento29 pagine
Vijay - Challenges of An ISMS Implementation
shaheem_m
100% (1)
PR11 LogReviewProcedure
Documento7 pagine
PR11 LogReviewProcedure
Thakur Narsing Singh
Nessuna valutazione finora
10-Cisa It Audit - BCP and DRP
Documento27 pagine
10-Cisa It Audit - BCP and DRP
Hamza Naeem
Nessuna valutazione finora
ISO 27001 Router Security Audit Checklist: Yes No Router Policy
Documento14 pagine
ISO 27001 Router Security Audit Checklist: Yes No Router Policy
rajesh35techie
Nessuna valutazione finora
Threat and Vulnerability Management Policy
Documento12 pagine
Threat and Vulnerability Management Policy
madhwarajganguli
Nessuna valutazione finora
Security Policies and Standards
Documento23 pagine
Security Policies and Standards
fdfddf
Nessuna valutazione finora
Information Backup and Restore Policy
Documento6 pagine
Information Backup and Restore Policy
vijeti
Nessuna valutazione finora
BCP Testing Scenerios
Documento7 pagine
BCP Testing Scenerios
kavita_2910
Nessuna valutazione finora
Internal Audit Report - Information Technology Risk Assessment
Documento8 pagine
Internal Audit Report - Information Technology Risk Assessment
Florence Nkosi
Nessuna valutazione finora
Account Management Policy
Documento5 pagine
Account Management Policy
Lyman Mubukani
Nessuna valutazione finora
Risk MGMT For CComputing
Documento24 pagine
Risk MGMT For CComputing
George Reyes
Nessuna valutazione finora
07 - Cisa It Audit
Documento54 pagine
07 - Cisa It Audit
Hamza Naeem
Nessuna valutazione finora
Experiment 8: BCP-DR: Information Security 2019-20
Documento6 pagine
Experiment 8: BCP-DR: Information Security 2019-20
shubham
Nessuna valutazione finora
Two 2 Page Quality Manual
Documento2 pagine
Two 2 Page Quality Manual
tony s
Nessuna valutazione finora
Backup Policy
Documento2 pagine
Backup Policy
bedorlehacker
100% (1)
Tajima TME, TMEF User Manual
Documento5 pagine
Tajima TME, TMEF User Manual
george000023
Nessuna valutazione finora
It Policy
Documento4 pagine
It Policy
Roen Abe
Nessuna valutazione finora
A17 Business Continuity Policy v1
Documento5 pagine
A17 Business Continuity Policy v1
john m
Nessuna valutazione finora
MSDS Bisoprolol Fumarate Tablets (Greenstone LLC) (EN)
Documento10 pagine
MSDS Bisoprolol Fumarate Tablets (Greenstone LLC) (EN)
ANNa
Nessuna valutazione finora
BS en Iso 11666-2010
Documento26 pagine
BS en Iso 11666-2010
Ali Frat Seyran
Nessuna valutazione finora
HDFC - It-Bcp Case Study v1.0
Documento18 pagine
HDFC - It-Bcp Case Study v1.0
Love Aute
Nessuna valutazione finora
Security Audit Tools Free/Paid
Documento7 pagine
Security Audit Tools Free/Paid
Umesh DG
Nessuna valutazione finora
ISO 18028-2 and ISO 27001/2 Contribution Document Structure: August 10, 2006
Documento22 pagine
ISO 18028-2 and ISO 27001/2 Contribution Document Structure: August 10, 2006
Manohar Kothandaraman
Nessuna valutazione finora
Database Security Application Checklist Template
Documento3 pagine
Database Security Application Checklist Template
Ivan Estuardo Echeverría Catalán
Nessuna valutazione finora
Iso 27001 Sample
Documento54 pagine
Iso 27001 Sample
erg
Nessuna valutazione finora
Log Management Policy - GP 470k
Documento3 pagine
Log Management Policy - GP 470k
Mahmoud Younes
Nessuna valutazione finora
System Configuration and Management
Documento138 pagine
System Configuration and Management
irsmar
Nessuna valutazione finora
Isms Policy List
Documento6 pagine
Isms Policy List
Aviraj Sarkar
Nessuna valutazione finora
A6.1 Organization - v1
Documento7 pagine
A6.1 Organization - v1
Jerome Mamauag
Nessuna valutazione finora
Disaster Recovery
Documento8 pagine
Disaster Recovery
Pallavi Rani
Nessuna valutazione finora
Policy Statement
Documento2 pagine
Policy Statement
United Certification
Nessuna valutazione finora
A719552767 - 24968 - 24 - 2019 - ppt4 Info Risk
Documento30 pagine
A719552767 - 24968 - 24 - 2019 - ppt4 Info Risk
Vinay Singh Bittu
100% (1)
Kaspersky security center
Da Everand
Kaspersky security center
Mohammed Haytham Khabbaz samkary
Nessuna valutazione finora
A Study On Effective Training Programmes in Auto Mobile Industry
Documento7 pagine
A Study On Effective Training Programmes in Auto Mobile Industry
SAURABH SINGH
Nessuna valutazione finora
Learner Guide HDB Resale Procedure and Financial Plan - V2
Documento0 pagine
Learner Guide HDB Resale Procedure and Financial Plan - V2
wangks1980
Nessuna valutazione finora
254 Assignment
Documento3 pagine
254 Assignment
Savera Mizan Shupti
Nessuna valutazione finora
19-2 Clericis Laicos
Documento3 pagine
19-2 Clericis Laicos
C C Bờm Bờm
Nessuna valutazione finora
Emco - Unimat 3 - Unimat 4 Lathes
Documento23 pagine
Emco - Unimat 3 - Unimat 4 Lathes
Enrique Luera
Nessuna valutazione finora
Developers
Documento88 pagine
Developers
diegoes
Nessuna valutazione finora
Pharaoh Text
Documento143 pagine
Pharaoh Text
anon_31362848
Nessuna valutazione finora
Actus Reus and Mens Rea New Merged
Documento4 pagine
Actus Reus and Mens Rea New Merged
Hoor
Nessuna valutazione finora
Sec2 8 PDF
Documento3 pagine
Sec2 8 PDF
polista
Nessuna valutazione finora
Question
Documento7 pagine
Question
Ngọc Luân
Nessuna valutazione finora
Sem 4 - Minor 2
Documento6 pagine
Sem 4 - Minor 2
Shashank Mani Tripathi
Nessuna valutazione finora
Kit 2: Essential COVID-19 WASH in School
Documento8 pagine
Kit 2: Essential COVID-19 WASH in School
tamanimo
Nessuna valutazione finora
SEBI Circular Dated 22.08.2011 (Cirmirsd162011)
Documento3 pagine
SEBI Circular Dated 22.08.2011 (Cirmirsd162011)
anant
Nessuna valutazione finora
Comparative Analysis of Mutual Fund Schemes
Documento29 pagine
Comparative Analysis of Mutual Fund Schemes
Avinash Jami
Nessuna valutazione finora
MNO Manuale Centrifughe Inglese
Documento52 pagine
MNO Manuale Centrifughe Inglese
Christ Rodney MAKANA
Nessuna valutazione finora
Annisha Jain (Reporting Manager - Rudrakshi Kumar)
Documento1 pagina
Annisha Jain (Reporting Manager - Rudrakshi Kumar)
Ruchi Agarwall
Nessuna valutazione finora
SVPWM PDF
Documento5 pagine
SVPWM PDF
mauricetappa
Nessuna valutazione finora
1 075 Syn4e PDF
Documento2 pagine
1 075 Syn4e PDF
Salvador Fayssal
Nessuna valutazione finora
Chap 06 Ans Part 2
Documento18 pagine
Chap 06 Ans Part 2
Janelle Joyce Muhi
Nessuna valutazione finora
Alphacenter Utilities: Installation Guide
Documento24 pagine
Alphacenter Utilities: Installation Guide
JeffersoOnn Julcamanyan
Nessuna valutazione finora
SCHEDULE OF FEES - Final
Documento1 pagina
SCHEDULE OF FEES - Final
Abhishek Suna
Nessuna valutazione finora
Options Trading For Beginners Aug15 v1
Documento187 pagine
Options Trading For Beginners Aug15 v1
Glo Berri
Nessuna valutazione finora