ISMS Consultancy For JPKN - Project Kickoff Meeting
ISMS Consultancy For JPKN - Project Kickoff Meeting
ISMS Consultancy For JPKN - Project Kickoff Meeting
Agenda
Project Objective & Key Stakeholders
Overview of ISMS
Project Management Plan
Project Organization
Project Phases
Activities & Deliverables
Project Plan (WBS)
Project Objective
The main objective of this project is to achieve
ISO/IEC 27001:2005 Certification for the
JPKN Head Quarters (JPKN HQ)
Scope of certification to be decided / agreed upon
Key Stakeholders
JPKN Sabah State Government organization,
responsible for providing efficient IT services to
various state government organizations and
citizen services
HeiTech Padu A leading ICT service provider in
Malaysia. It manages many mission critical
projects for both public and private sector
organizations
Paladion An Information Security and Risk
Management service provider, serviced many
public and private institutions around the world
for their various needs in Information Security
ISMS Overview
Overview of ISMS
ISMS is
An organizational approach to Information
Security
Business risk based approach to
establish,
implement, operate,
monitor, review,
maintain and improve information security
Global acceptance
No. of certifications worldwide 7136 (as at April 2011 )
Number of Certifications
COUNTRY
TOTAL
Japan
3790
India
516
China
495
UK
460
Taiwan
410
Germany
154
Korea
106
Czech Republic
101
USA
99
Hungary
72
Spain
67
Italy
64
Poland
58
Malaysia
52
84 countries
embarked on ISMS
Malaysia is at no. 14
as at April 2011
: Scope
: Normative Reference
: Terms and Definitions
: Info. Security Management System
: Management Responsibility
: Internal ISMS Audits
: Management Review of the ISMS
: ISMS Improvement
A.5
Information
Security Policy
A.6
Organisation of
Information Security
A.13
Information Security
Incident Management
A.7
Asset
Management
A.12
Information Systems
Acquisition, Development
and Maintenance
A.11
Access
Controls
A.8
Human
Resource
Security
A.10
Communication
& Operations
Management
A.9
Physical &
Environmental
Security
RISK
ASSESSMENT
RISK
MANAGEMENT
IMPLEMENT
CONTROLS
TRAINING &
AWARENESS
ISO 27001
Certified
Project Organization
PROJECT DIRECTOR
Wan Zailani Wan Ismail
Deepak Jacob
PROJECT MANAGER
CONSULTANT
Manjot Singh
Hariharan (Backup)
SECURITY CONSULTANT
Paladion Offsite
HeiTech Anan Adli /
Erman Halimi
Project Phases
Phase I
Phase II
Phase III
ISMS Documentation
Phase IV
Phase V
Phase VI
Phase II Risk
Assessment & Risk
Treatment
[~ 2 Weeks]
[~ 6 Weeks]
Asset Classification
Guidelines & Asset
Register
Vulnerability Assessment
for a Sample of IT
Systems
Risk Assessment
Risk Treatment Plan &
Implementation Plan
Statement of Applicability
Phase V PreCertification
Internal Audits
Phase VI Achieve
ISO/IEC 27001
Certification
[~ 2-3 Weeks]
[~ 2 Weeks]
[1 + 1 Week]
Security Awareness
Training for all levels of
Management
Implementation Support
Project Plan
Project Risks
Risks / Impacts
Mitigation
Delay in implementation of
identified gaps in technical and
process controls
Project Communication
Messages & Documents
(Deliverables) shall be
delivered through e-mail to
the concerned
e-mail communication of
minutes and action points
to all the core team
members
Presentation to
Management on the status
and progress of the project
in a periodic manner
Project Scope
Project Scope / In-Scope
System Study, GAP Analysis, Asset Inventory
Risk Assessment (includes VA for sample IT Assets), SoA
Development of Technical Controls, Development of
Process Controls, Training on Risk Treatment, Best
Practices Documentation / Guide
Product Comparison & Advice (if required)
Recommendations, Development & Documentation of
Security Policies and ISMS Manual
User Awareness Training
Metrics Identification
Out of Scope
Not in Scope / Out of Scope
Supply of products (Software tools, hardware, etc.)
Technical Security Implementation
Process Security Implementation
Generation and maintenance of Records
Extensive (expertise) security training on various or
specific expertise, areas and tools.
And other things not mentioned in scope
Questions