100% found this document useful (1 vote)

258 views18 pages

IT ISMS Workshop

This document outlines an agenda for an ISO 27001:2005 Information Security Management System workshop. It discusses the need for information security due to rising security threats and large data volumes. An Information Security Management System (ISMS) following the ISO 27001 standard provides a systematic process for managing information risks. The workshop will cover ISMS components like policies, processes, and measurement. It will also discuss implementing an ISMS based on ISO 27001's 11 domains and 133 controls at Kahramaa, including designating security coordinators, developing policies and procedures, implementing controls, and pursuing ISO 27001 certification.

Uploaded by

Iyad Ali

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

258 views18 pages

IT ISMS Workshop

Uploaded by

Iyad Ali

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 18

ISO 27001:2005 - Information Security Management

System (ISMS) - Workshop

AGENDA

Need for Information Security Management

Agenda
Information Overview
Information Security Management System (ISMS)
Benefits
Implementation at Kahramaa

Need for Information Management System

Rising security
threats, incidents

Need for
Information
Explosion

Need to
demonstrate higher
assurance to key
stake holders

Rapid evolution and high level of

innovation in emerging threats
Advanced techniques using a combination
of technology, social engineering
Leads to monetary losses, loss of
reputation, loss of customer confidence

An Information
Security
Information Security Management
Management
Enterprise today manages terabytes and
system enables
peta bytes of data
an organization to
Information exists in many forms including
databases, physical documents, electronic
implement a
files
process driven
Protection is a complex task
approach towards
consistent results
& improvements
Need to demonstrate that business
process integrity is protected
Need to demonstrate that organization has
adopted global best practices
Increased accountability for security

ISO 27001. Global Adaptation

Need for Information Security Management

* As of November-2011 (http://www.iso27001certificates.com/)

What is Information?
Information is an asset which, like other important business assets, has
value to the organization and consequently needs to be suitably protected.
Information assets are not limited to computers and hard disks.
They can be in any form..

Information Overview

Information Security
is more than
IT security

Information Risk
Information Assets are susceptible to risks which can impact confidentiality, integrity and/or
availability, impacting business operations

Information Overview

Accessible upon demand by an authorized entity

Accessible only to authorized entities

Fire
Network down time
Power Failure
Hardware Failure
Overloading

Availability

Information
Printed
Electronic
Written
Spoken
Stored
Discarded

Complete and Accurate

Insecure Communication Channel
Unauthorized DB access
Malicious Software
Uncontrolled systems changes
Media Failure
Configuration error

Integrity

Confidentiality
Stealing of classified
documents
Loss of laptops
Social Engineering attacks
Phishing
Information Leak
Network Attacks
Unrestricted access
User Error
Theft

Why ISMS (ISO 27005:2005)?

Systematic Approach to manage

information risks. It is implemented using:

Information Security Management System

Organisational Structure
Policies & Guidelines

Necessary processes and resource allocations

Measurement methodology
Review processes for improvement

Approach for ISMS

Information Security Management System

ISO 27001:2005 Domains

Security Policy
Organizational Information Security
Asset Management

Information SecurityHuman
Management
System
Resource Security
Physical & Environment Security
Communication & Operation Management
Information System Acquisitions,
Development, Maintenance
Access Control
Information Security & Incident
Management
Business Continuity Management
Compliance

Domains 11
Control Objectives 39
Controls -- 133

Control Selection Process

Asset
Paper Documents

Configuration Files
(Routers, Switches etc)

Risk
Unauthorized Access

Tampering

Reason

Controls

Lack of Classification
Guidelines

Data Classification
Policy

Absence of Shredders

Install Shredders

Weak access control

Privilege based access

for resources
System Event Logging
and Monitoring

Loss of data

Environmental hazards

Information Security is Everyone's Responsibility

Implementation of
redundancy of data
storage systems.
(Backup Management)

Benefits

Implementation of systematic risk based information

security approach
Higher availability of systems
Assurance to Management
Better Customer Confidence & Satisfaction
Enhanced Security Awareness
Consistent improvements in security posture with time

ISMS Implementation at Kahramaa

Kahramaa Implementation

Scope Diagram

ISMS Implementation in Kahramaa

Phase-I

Phase-II Implementation
Phase-III
Phase-IV
Kahramaa

Project
Initiation and
System
Study

Risk
Assessment
& Risk
Treatment

Policy &
Procedure
Development

Implementation
Support &
Knowledge
Transfer

ISMS Implementation

Phase-V
Internal Audit

ISO 27001
Certification

ISMS Implementation in Kahramaa

Kahramaa Implementation

ISMS Implementation in Kahramaa

Information Security Coordinators

Designation - Section / Unit

Kahramaa Implementation
Network Administrator Client Support &
Netwroks
System Analyst System Support

System Administrator System Development

Your Role in ISMS

Phase-I & II

Kahramaa Implementation

Phase-III & IV

Phase-V

Explain Business Processes

Information Assets Identification
Information Assets Valuation

Provide required policy &

procedures for update
Implementation of identified controls

Participate in Internal Audit

Support in Gap Mitigation
Participate in External Audit

ISMS Implementation in Kahramaa

Work completed

System study
Scope finalization
Identification of SPOCs
Interviews with sections & units within scope

What is next?

Asset collection
Risk assessment methodology
Risk assessment
Security Testing (Vulnerability Assessment & Penetration Testing)
Risk treatment
SOA

&
Thank You..!!!

ISO-270012022-Checklist
100% (1)
ISO-270012022-Checklist
12 pages
DO Circular 61 New Rule On Inquest PDF
No ratings yet
DO Circular 61 New Rule On Inquest PDF
15 pages
Nine Steps to Success: An ISO27001:2013 Implementation Overview
From Everand
Nine Steps to Success: An ISO27001:2013 Implementation Overview
Alan Calder
1/5 (1)
Grammar Sat Practice Test
100% (3)
Grammar Sat Practice Test
9 pages
01 ISO 27001 Implementation Checklist
No ratings yet
01 ISO 27001 Implementation Checklist
7 pages
L - ISO27k - Process - Diag - With - PDCA - 780
No ratings yet
L - ISO27k - Process - Diag - With - PDCA - 780
1 page
Doc02 - ISO 27001-2013 ISMS Manual TOP
100% (1)
Doc02 - ISO 27001-2013 ISMS Manual TOP
22 pages
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
From Everand
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
Lewis Heuermann
No ratings yet
SC ISO 27001 Self Assessment Checklist
No ratings yet
SC ISO 27001 Self Assessment Checklist
7 pages
Information Security Policy May 2020
No ratings yet
Information Security Policy May 2020
3 pages
Iso 27000
100% (1)
Iso 27000
10 pages
ISO27k ISMS Implementation and Certification Process 4v1 PDF
No ratings yet
ISO27k ISMS Implementation and Certification Process 4v1 PDF
1 page
2222 XXXXXX
No ratings yet
2222 XXXXXX
10 pages
ISMS Implementer Course - Module 2 - Introduction To ISO27001
No ratings yet
ISMS Implementer Course - Module 2 - Introduction To ISO27001
21 pages
Pengelolaan Keamanan Informasi 2024 Juli
No ratings yet
Pengelolaan Keamanan Informasi 2024 Juli
101 pages
Why ISO 20000? Awareness Presentation: Subtitle or Presenter
No ratings yet
Why ISO 20000? Awareness Presentation: Subtitle or Presenter
14 pages
Integration of ITIL V3 ISO 20000 and ISO
No ratings yet
Integration of ITIL V3 ISO 20000 and ISO
18 pages
ISOIEC 27001 ISM - Lead Auditor Course - Sales Flyer PDF
No ratings yet
ISOIEC 27001 ISM - Lead Auditor Course - Sales Flyer PDF
2 pages
BCMS-DOC-07-3 Competence Development Procedure
No ratings yet
BCMS-DOC-07-3 Competence Development Procedure
15 pages
ISO 27001 Transition
No ratings yet
ISO 27001 Transition
21 pages
ISMS Implementation. Using COBIT For Inspiration: Cobit (By Isaca) : Core Books
No ratings yet
ISMS Implementation. Using COBIT For Inspiration: Cobit (By Isaca) : Core Books
5 pages
ISMS 27K Standards
No ratings yet
ISMS 27K Standards
25 pages
CERTIKIT - A Guide To Implementing The ISO9001 Standard
No ratings yet
CERTIKIT - A Guide To Implementing The ISO9001 Standard
30 pages
Blank ISO 27001 CLAUSE&SOA
No ratings yet
Blank ISO 27001 CLAUSE&SOA
70 pages
Iso 27001 PDF
No ratings yet
Iso 27001 PDF
15 pages
HR Security Policy 2023
No ratings yet
HR Security Policy 2023
6 pages
Iso 22301 Checklist Template
No ratings yet
Iso 22301 Checklist Template
9 pages
ISMS-102 - Technical Controls Standards v1.0
No ratings yet
ISMS-102 - Technical Controls Standards v1.0
6 pages
ISO27k1 SMSI Declaration Applicabilite 2022
No ratings yet
ISO27k1 SMSI Declaration Applicabilite 2022
5 pages
Request For Quotation ISO 27001 Information Security Management Systems
No ratings yet
Request For Quotation ISO 27001 Information Security Management Systems
8 pages
ISMS Social Networking Policy
No ratings yet
ISMS Social Networking Policy
3 pages
ISO27001 Compliance With Netwrix
No ratings yet
ISO27001 Compliance With Netwrix
27 pages
Manage Your Integration Iso 9001 To Iso 27001 Gap Guide
No ratings yet
Manage Your Integration Iso 9001 To Iso 27001 Gap Guide
4 pages
Qua PRC 1026
No ratings yet
Qua PRC 1026
10 pages
Preparing Yourself For ISO IEC 27001:2013
No ratings yet
Preparing Yourself For ISO IEC 27001:2013
59 pages
A6.1 Organization - v1
No ratings yet
A6.1 Organization - v1
7 pages
Callio Secura 17799 White Paper
No ratings yet
Callio Secura 17799 White Paper
29 pages
ISO27k Model Policy On Change Management and Control
No ratings yet
ISO27k Model Policy On Change Management and Control
10 pages
DataGuard ISO27001 Implementation Roadmap UK
No ratings yet
DataGuard ISO27001 Implementation Roadmap UK
10 pages
ISO IEC 27001 2022 ISMS Implementer Training Course Details
100% (1)
ISO IEC 27001 2022 ISMS Implementer Training Course Details
4 pages
Appendix Ea
No ratings yet
Appendix Ea
3 pages
Instructions - Doxonomy ISO 27001 2013 Toolkit
100% (1)
Instructions - Doxonomy ISO 27001 2013 Toolkit
11 pages
ISMS Control of Risks and Opportunities
No ratings yet
ISMS Control of Risks and Opportunities
6 pages
WebTrust For CA 22 PDF
No ratings yet
WebTrust For CA 22 PDF
97 pages
ISMS Implementation Plan 221122 205232
No ratings yet
ISMS Implementation Plan 221122 205232
5 pages
ISMS Control of Software and Systems Development
No ratings yet
ISMS Control of Software and Systems Development
5 pages
Cis 7.1 Vs Iso27001
No ratings yet
Cis 7.1 Vs Iso27001
23 pages
List of Documents ISO 27001 ISO 22301 Premium Documentation Toolkit EN
No ratings yet
List of Documents ISO 27001 ISO 22301 Premium Documentation Toolkit EN
9 pages
IT POLICY
No ratings yet
IT POLICY
68 pages
TCLG Information Security ISO Standards Feb 2015 PDF
No ratings yet
TCLG Information Security ISO Standards Feb 2015 PDF
28 pages
ISO 27001 Checklist A Step by Step Guide Hicomply v2
No ratings yet
ISO 27001 Checklist A Step by Step Guide Hicomply v2
12 pages
Benefits of Using Advisera's Toolkit For ISO 27001 Project Implementation
No ratings yet
Benefits of Using Advisera's Toolkit For ISO 27001 Project Implementation
8 pages
ISO27001 Mapping
No ratings yet
ISO27001 Mapping
8 pages
Iso - Iec Fdis 27001 - Redline Iso - Iec Fdis 27001
No ratings yet
Iso - Iec Fdis 27001 - Redline Iso - Iec Fdis 27001
2 pages
Security Standards
No ratings yet
Security Standards
11 pages
ISO27k FAQ
0% (1)
ISO27k FAQ
99 pages
Open COBIT 2019 Overview - v1.1 4
No ratings yet
Open COBIT 2019 Overview - v1.1 4
37 pages
ISO27k Roles and Responsibilities For Contingency Planning
No ratings yet
ISO27k Roles and Responsibilities For Contingency Planning
15 pages
ISO27k ISMS Auditing Guideline Release 1
No ratings yet
ISO27k ISMS Auditing Guideline Release 1
34 pages
IT Security Incident Response Procedure
No ratings yet
IT Security Incident Response Procedure
8 pages
Qualified Security Assessor Complete Self-Assessment Guide
From Everand
Qualified Security Assessor Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Disaster Recovery Business Continuity Complete Self-Assessment Guide
From Everand
Disaster Recovery Business Continuity Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Visiting Unhappy Places What Is Dark Tourism
No ratings yet
Visiting Unhappy Places What Is Dark Tourism
9 pages
Diagnostic Transformation Digitale ALFYNS Group
No ratings yet
Diagnostic Transformation Digitale ALFYNS Group
10 pages
Final Requirement in HPRC 001 (Reflection Paper, Resume & Application Letter)
No ratings yet
Final Requirement in HPRC 001 (Reflection Paper, Resume & Application Letter)
8 pages
Ayaan Mun Notes 2
No ratings yet
Ayaan Mun Notes 2
9 pages
Annexure-I-List of Documents Required for PhD Admission
No ratings yet
Annexure-I-List of Documents Required for PhD Admission
2 pages
Entrepreneurship Theory
No ratings yet
Entrepreneurship Theory
16 pages
Peace Corps Staff in Country History
No ratings yet
Peace Corps Staff in Country History
13 pages
Summer Project Report: End To End Improvement in Turn Around Time in Two-Wheelers Loan'
No ratings yet
Summer Project Report: End To End Improvement in Turn Around Time in Two-Wheelers Loan'
93 pages
Limra Holidays
No ratings yet
Limra Holidays
29 pages
AC3104 Course Outline AY20 - 21 S1
100% (1)
AC3104 Course Outline AY20 - 21 S1
13 pages
How A Bill Becomes A Law
No ratings yet
How A Bill Becomes A Law
3 pages
CBSE Class 10 History Notes Chapter 4 - The Age of Industrialisation
100% (3)
CBSE Class 10 History Notes Chapter 4 - The Age of Industrialisation
7 pages
After Nisman Report
No ratings yet
After Nisman Report
64 pages
200 Law Internship 1687024118
No ratings yet
200 Law Internship 1687024118
28 pages
Bill
No ratings yet
Bill
2 pages
Mahavir Book Store: Badambadi, Palamandap, Infront of Tarini Temple, Cutack-12, Odisha
No ratings yet
Mahavir Book Store: Badambadi, Palamandap, Infront of Tarini Temple, Cutack-12, Odisha
1 page
Insolvency Regulations Si No 36 of 2013
No ratings yet
Insolvency Regulations Si No 36 of 2013
163 pages
A Project Report On On Line Marketing: Bachelor of Business Administration (B.B.A)
No ratings yet
A Project Report On On Line Marketing: Bachelor of Business Administration (B.B.A)
7 pages
Whole Houses Vs Other House
No ratings yet
Whole Houses Vs Other House
203 pages
SBI Clerk Prelims 2021 Complete Online Study Kit
100% (2)
SBI Clerk Prelims 2021 Complete Online Study Kit
442 pages
Circular Form Letter To Parents Mapúa SHS Night 2023
No ratings yet
Circular Form Letter To Parents Mapúa SHS Night 2023
1 page
Generally Accepted Accounting Principles: Understanding GAAP
No ratings yet
Generally Accepted Accounting Principles: Understanding GAAP
6 pages
Madrasah PDF
No ratings yet
Madrasah PDF
11 pages
Stuvia 363991 Semester 1 and 2 2017 Answers Ass 1
No ratings yet
Stuvia 363991 Semester 1 and 2 2017 Answers Ass 1
9 pages
To Kill A Mockinbird CSEC Study Guide
No ratings yet
To Kill A Mockinbird CSEC Study Guide
30 pages
Professionalism: Workplace Ethics
No ratings yet
Professionalism: Workplace Ethics
45 pages
2.RRP Telangana Econamy
No ratings yet
2.RRP Telangana Econamy
28 pages
Kings College Dissertation Guidelines
100% (2)
Kings College Dissertation Guidelines
5 pages