iso27001 - infograph en · assets, for example in the information systems portfolio all the...

Report

Post on 21-Jul-2020

4 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

1 0 K E Y

R E Q U I R E M E N T S

INFORMATION SECURITY TEAM

I n o r d e r t o e n s u r e i n f o r m a t i o n s e c u r i t y , t h e o r g a n i s a t i o n n e e d s t o c r e a t e a

m a n a g e m e n t s t r u c t u r e t h a t s t a r t s a n d m a n a g e s t h e i m p l e m e n t a t i o n o f

i n f o r m a t i o n s e c u r i t y .  

PROTECTED ASSETS

E n s u r i n g i n f o r m a t i o n s e c u r i t y , i t i s i m p o r t a n t t o d e f i n e t h e p r o t e c t e d

a s s e t s , f o r e x a m p l e i n t h e i n f o r m a t i o n s y s t e m s p o r t f o l i o a l l t h e

i n f o r m a t i o n s y s t e m s t h e c o m p a n y u s e s , a n d w h e r e t h e i n f o r m a t i o n s e c u r i t y

r i s k s p o t e n t i a l l y o c c u r .

INFORMATION SECURITY IMPLEMENTATION PLAN

I n f o r m a t i o n s e c u r i t y i m p l e m e n t a t i o n p l a n d e f i n e s t h e s t e p s a n d f o l l o w - u p o f

t h e p r a c t i c a l i m p l e m e n t a t i o n o f t h e i n f o r m a t i o n s e c u r i t y w o r k .

ARTER OY 2018 TEXT AND GRAPHICS: NOORA LEHTINEN / ARTER OY EN: VENLA TULPPALA / ARTER OY

I S O 2 7 0 0 1

ANNUAL CLOCK

M a i n t a i n i n g i n f o r m a t i o n s e c u r i t y h a s t o b e a p a r t o f t h e o r g a n i s a t i o n ' s c o n t i n u o u s

o p e r a t i o n s . F o r e x a m p l e , w i t h a n n u a l c l o c k i t i s p o s s i b l e t o e n s u r e t h a t i n f o r a t i o n

s e c u r i t y i s u p t o d a t e a t a l l t i m e s b y d e s i g n i n g f u t u r e i n f o r m a t i o n s e c u r i t y

m a i n t e n a n c e m e a s u r e s .

POLIC IES

I n f o r m a t i o n s e c u r i t y - , p r i v a c y - a n d r i s k m a n a g e m e n t p o l i c y a r e p r e p a r e d

s e p a r a t e l y , i n w h i c h t h e i n f o r m a t i o n s e c u r i t y p o l i c y i s a r e q u i r e m e n t f o r t h e

s t a n d a r d . P o l i c i e s h a v e t o b e a v a i l a b l e f o r s t a k e h o l d e r s w h e n n e e d e d .

GUIDELINES FOR INFORMATION SECURITY

I n f o r m a t i o n s e c u r i t y g u i d e l i n e s a r e p r e p a r e d f o r t h e c o m p a n y ' s e m p l o y e e s , s o

t h e w h o l e p e r s o n n e l k n o w h o w t o a c t i n f o r m a t i o n s e c u r e l y . G u i d e l i n e s f o r

i n f o r m a t i o n m a n a g e m e n t i s a n i n t e r n a l d o c u m e n t , t h a t a r e p r e p a r e d o n l y f o r

t h e i n f o r m a t i o n s e c u r i t y t e a m f o r m o r e p r e c i s e g u i d i n g i n p o t e n t i a l i n f o r m a t i o n

s e c u r i t y v u l n e r a b i l i t i e s .

CONTINGENCY PLAN

C o n t i n g e n c y p l a n i s p r e p a r e d s o t h e o r g a n i s a t i o n c a n d e f i n e h o w i t e n s u r e s

i n f o r m a t i o n s e c u r i t y i n a l l s i t u a t i o n s . C o n t i n g e n c y p l a n d e f i n e s f o r e x a m p l e ,

h o w t o e n s u r e i n f o r m a t i o n s e c u r i t y i n a b n o r m a l s i t u a t i o n s .

INFORMATION SECURITY PROCESSES

INFORMATION SECURITY RISK MANAGEMENT

I n f o r m a t i o n s e c u r i t y p r o c e s s e s e n s u r e t h a t i n f o r m a t i o n s e c u r i t y i s s e c u r e d

i n t h e o r g a n i s a t i o n ' s o p e r a t i o n s . P r o c e s s e s c a n b e i l l u s t r a t e d , f o r e x a m p l e ,

v i s u a l l y w i t h s w i m - l a n e p r o c e s s d i a g r a m , a n d e n s u r e t h a t t h e y w o r k

c o r r e c t l y i n e a c h i n f o r m a t i o n s e c u r i t y s i t u a t i o n .

I n t h e r i s k m a n a g e m e n t , o r g a n i s a t i o n ' s i n f o r m a t i o n s e c u r i t y r i s k s , t h e i r

s i g n i f i c a n c e a n d p r o b a b i l i t i e s a r e r e c o r d e d . I t i s p o s s i b l e t o c o u n t a n

e f f e c t i v e n e s s f i g u r e f o r r i s k s , t h a t s h o w t h e u n b e a r a b l e r i s k s f o r t h e o p e r a t i o n .

INFORMATION SECURITY ABNORMALIT IES

P o t e n t i a l l y i d e n t i f i e d v u l n e r a b i l i t i e s a n d c y b e r a t t a c k s a r e r e c o r d e d i n

i n f o r m a t i o n s e c u r i t y a b n o r m a l i t i e s , t h a t w o r k a s a " l o g " t o i n f o r m w h a t

h a p p e n e d a n d w h e n .

top related

interconnecting locations infograph
Technology
resume infograph
Career
iso27001 - checklist capítulo9
Documents
introductory examples infograph
Documents
iso27001 checklist
Documents
heart attack infograph
Documents
integracija - iso27001-iso20000
Documents
iso27001 - auditoria si
Documents
heart disease infograph
Health & Medicine
isms iso27001:2005
Documents
si_-iso27001 (1)
Documents
infograph copy
Documents
information security management iso27001
Technology
infograph brochure
Documents
mommy makeover infograph
Health & Medicine
slide share infograph
Social Media
implementing iso27001 2013
Technology
hurricane ready infograph
Services
information and documentation compliance · introduce...
Documents
infograph sirris
Business