isms workpractice.ppt
Post on 03-Apr-2018
245 views
TRANSCRIPT
-
7/28/2019 ISMS Workpractice.ppt
1/10
Information Security Management System
-
7/28/2019 ISMS Workpractice.ppt
2/10
Information & Information Security
Information is an asset
Essential Asset to meet Organizations Business Objectives
Information Security is the protection of ConfidentialityIntegrity & Availability
-
7/28/2019 ISMS Workpractice.ppt
3/10
Why Information Security
Business Interconnectivity Need Of Time
More interconnectivity = Information is exposed to moreaudience
More exposure = Information exposed to more varieties ofThreats & Vulnerabilities
Business Impacts on realization of threat -Loss of Business, Legal actions, disrepute
-
7/28/2019 ISMS Workpractice.ppt
4/10
Implementing Information Security
Identify the Security Requirements of the organization
Legal Statutory
Requirements
BusinessObjectives
ContractualRequirements
-
7/28/2019 ISMS Workpractice.ppt
5/10
Implementing Information Security
Selecting ControlsControls to be implemented selected based onSecurity Requirement Analysis
Implementing ControlsOrganizational PolicyProcedures
Reviewing ControlsTesting controls ( e.g. Vulnerability Assessment,
Penetration Testing etc)Review as part of incident response (e.g. Virus attack,Hacker attack etc)Periodic Internal Audits
-
7/28/2019 ISMS Workpractice.ppt
6/10
How may we help you
Consulting ServicesInformation Security Management System(ISMS)BS 7799 (ISO 27001)
BS 7799 (ISO 27001)Gap AnalysisInformation Security Policies & ProceduresFormulationRisk AssessmentBusiness Continuity Plan (BCP)Disaster Recovery Plan (DRP)
Control Objectives for Information and RelatedTechnology (COBIT)
-
7/28/2019 ISMS Workpractice.ppt
7/10
How may we help you
Technical ServicesVulnerability Assessment & Penetration TestingNetwork Security Architecture Review & DesignTechnical AuditApplication Security Testing
Wireless Security AuditComputer Forensics
Desktop Audit
-
7/28/2019 ISMS Workpractice.ppt
8/10
How may we help you
Managed Security Services - as per clients securitypolicy
Defining Security Policies for different security components.Identifying vulnerabilities and the risksAlerts and counter measure for potential threats.
Log & Event Analysis.Pattern Monitoring and Intrusion trend AnalysisImplementation of patches & upgradesUpdate of latest signatures for IDS and Anti-virusIncident ManagementPeriodic auditsReview organizations security policy
Prepare activity list as per the organization security policyMonitor and review the implementation of policies.Incident ManagementSuggesting corrective and preventive measuresPresentation to the steering committeeIdentify improvements in the ISMS and implementrecommendations
-
7/28/2019 ISMS Workpractice.ppt
9/10
Question Answer Session
-
7/28/2019 ISMS Workpractice.ppt
10/10
Thank You !!