system standards for managing in a connected world · 2012-03-02 · • ohsas 18001 specifications...

www.sevenstepconsulting.comSeven Step Consulting Pvt. Ltd., India.

System Standards for managing in a

connected world !

“Some perspectives”


Outline

oThe Journey So far – Fact Sheet

oThe Challenge

oRole of Standards

oSome Perspectives

oNext Steps -The Road Ahead

“Relentless Pursuit of Excellence”

2


The Journey So far – Fact

Sheet

3

www.sevenstepconsulting.com

20th Century -The Last Four Decades


The New Millennium- The Post PC Era

Seven Step Consulting Pvt. Ltd., India.


A Connected World


The Mobile Millennium!

• Mobile Ramping

Faster than Desktop

Internet Did and Will

Be Bigger Than Most

Think

• 5 Trends Converging

(3G + Social

Networking + Video +

VoIP + Impressive

Mobile Devices)


Next 5+ Years -Internet Meets Mobile!


Herbert Marshall McLuhan, (July 21, 1911 – December 31, 1980)McLuhan is known for coining the expressions "the medium is the message" and "the global village" and

predicted the World Wide Web almost thirty years before it was invented.


http://en.wikipedia.org/wiki/The_medium_is_the_message

http://en.wikipedia.org/wiki/Global_Village_(term)

http://en.wikipedia.org/wiki/World_Wide_Web


Mobile Devices + Infrastructure Enabling Attractive New Usage

Models…Ramping Fast on Various Networks



Cool Mobile Apps Today Reminiscent of Early

Websites in 1995



The Challenge

21Seven Step Consulting Pvt. Ltd., India.


Multiple Issues & Challenges•Rapid Technological Change

•User Awareness

•Increased Threats and Vulnerabilities

•Ease of Exploitation

•Lack Of Personnel

•Lack of Guidelines

•Lack Of Legal Frameworks

.. The list Goes on and on Seven Step Consulting Pvt. Ltd., India.


Role of standards



Brief History• Examples of prehistoric standardization are found in the ancient

regions of Mesopotamia, Sumer, Egypt and Babylon: at these locations, pre-Christian civilizations were found to use many kinds of standards in their daily activities.

• Around five to six thousand years ago, the Mohenjo-daro or Harappa civilizations of the Indus valley used standardization for town planning, water supply, drainage, house building and even weights and measures.

• Between the 7th century B.C. and the 17th century A.D., standards for units of measurement of length, volume, weight and money were further developed in various parts of the world.

• Standardization of screw threads by Sir Joseph Whitworth dates back to 1841.

• Other instances of early standardization can be found in the dawning age of the railway industry

• Mass production became possible through standardization



What are Standards?

Standards and standardization

• A standard is a document which provides, inter alia, requirements, rules, and guidelines, for a process, product or service. These requirements are sometimes complemented by a description of the process, products or services.

• Standards are the result of a consensus and are approved by a recognized body.

• Standards aim at achieving the optimum degree of order in a given context.

• The process of formulating, issuing and implementing standards is called standardization.



The primary aims of standardization

• Fitness for purpose

• Interchangeability

• Variety reduction

• Compatibility

• Guarding against factors that affect the health and safety

of consumers

• Environmental protection

• Better utilization of resources

• Better communication and understanding

• Transfer of technology

• Removal of trade barriers



Attributes of a standard• A standard generally has three

attributes:

• Level: such as at the company, national or international level.

• Subject: such as engineering, food, textile or management.

• Aspect: such as specification, testing and analysis, packaging and labelling (more than one aspect may be covered in a single standard: a standard may include specification of items such as the product, its sampling and inspection, related tests and analysis, packaging and labelling).

Standardization diagram

Created by Dr. Lal C. Verman,

Founder and Director General of the Bureau of Indian Standards,


ISO/IEC 27001:2005

Information technology — Security

techniques — Information security

management systems — Requirements


Types of standardsThere are several types of standards; these include:

• Vocabulary standards, e.g. glossaries, signs and symbols;

• Basic standards, such as units of measures;

• Product standards that cover, inter alia, specifications for dimensions, performance, health, safety, environmental protection and documentation;

• Standards for inspection, test methods and analysis;

• Standards that focus on organization, such as for logistics, maintenance, inventory management, quality management, project management and production management.

• Specification standards contain three categories of requirements, namely: obligatory requirements (essential characteristics that are needed to ensure the usefulness of a product),optional or recommendatory requirements (which help to improve the serviceability of a product or to meet the specific requirements of a particular type of customer) and informative requirements.



Example Adoption by Industry Bodies

• QS 9000 Quality System Requirements for Automatic Suppliers, published by Chrysler, Ford, General Motors and others.

• TL 9000 Telecommunications-specific Quality Management System Requirements, published by QUEST-USA.

• AS 9000 Aerospace Unique Requirements, published by the SAE.

• OHSAS 18001 Specifications for Occupational Health and Safety Management Systems, published by three NSBs and 10 certification bodies.

• HACCP Hazard Analysis Critical Control Point System and Guidelines for the Food Industry, published by CODEX.

• SA-8000 Social Accountability, published by the Council of Economic Principles Accreditation Agency (CEPAA).



Standards & Mobiles

Some Perspectives

Continual Revenue & Engagement Model



Management System Standards For Mobile Security

• No dedicated

international Standard

for Mobile System &

Security yet as on Date

http://en.wikipedia.org/wiki/List_of_

mobile_phone_standards


http://en.wikipedia.org/wiki/List_of_mobile_phone_standards

http://en.wikipedia.org/wiki/List_of_mobile_phone_standards


Management Aspects

Technical Aspects

Physical Aspects

Legend :

Security Policy

Organization of Information Security

Asset Management

Business Continuity Management

Compliance Communications & Operations Management

Human Resources Security

Information Security Incident Management

Information System Acquisition, Development & Maintenance

Access Control

Physical & Environmental Security

Operations

ManagementOrganizational Structure

The 11 Security Domains Security Policy (1) Organization of Information Security (2) Asset Management (2) Human Resources Security (3) Physical & Environmental Security (2) Communications & Operations

Management (10) Access Control (7) Information System Acquisition,

Development & Maintenance (6) Information Security Incident

Management (2) Business Continuity Management (1) Compliance (3)

The Eleven Security Domains in Annexure A

of ISO 27001:2005



A.10 Communications and operations

management• A.10.4.2 Controls against mobile code

• Control

• “Where the use of mobile code is

authorized, the configuration shall ensure

that the authorized mobile code operates

according to a clearly defined security

policy, and unauthorized mobile code shall

be prevented from executing.”



A.11 Access control

• A.11.7.1 Mobile computing and communications

• Control

• A formal policy shall be in place, and appropriate security measures shall be adopted to protect against the risks of using mobile computing and communication facilities.

• A.11.7.2

• Teleworking Control

• A policy, operational plans and procedures shall be developed and implemented for teleworkingactivities.



The Beginning of The Realization!



The Road Ahead



Process for the development of standards



ProActive Action by ALL Stakeholders

•Manufacturers

•Customers

•Corporates

•Technologists

•Administrators

•Regulators

•Legislators

•Policy Makers

•Educationists

•Trade Associations

•National ,Regional

And

•International

Standard

Bodies



R I P or Peacefully Resting?

The Choice is in Our hands?Seven Step Consulting Pvt. Ltd., India.


Thank You ! Lets talk………

[email protected]


Seven Step Consulting Pvt. Ltd.153 Maidangarhi , New Delhi 110068. (India)Phone: + 91 11 29533609Mobile: + 91 9810609560E-Mail: [email protected]: www.sevenstepconsulting.com

Reach Us at:

This document or any part thereof may not, without the written consent of Seven Step

Consulting Pvt. Ltd. , be copied, reprinted, or reproduced in any material form, including but

not limited to photocopying, transcribing, transmitting, or storing it in any medium or translating

it into any language, in any form or by any means, be it electronic, mechanical, xerographic,

optical, magnetic or otherwise.

The information contained in this document is proprietary and confidential; all copyrights,

trademarks, trade names, patents and other intellectual property rights in the documentation

are the exclusive property of 7SConsulting International unless otherwise specified. The

information (including but not limited to data, drawings, specification, and documentation) shall

not at any time, be disclosed directly or indirectly to any third party without the prior written

consent of Seven Step Consulting Pvt. Ltd. .

The information contained herein is believed to be accurate and reliable. Seven Step

Consulting Pvt. Ltd. accepts no responsibility for its use by any means or in any way

whatsoever. The information contained herein is subject to change without notice.


Delhi

Mauritius

MumbaiRiyadh

Bangalore

HEAD OFFICE

ASSOCIATE OFFICES

system standards for managing in a connected world · 2012-03-02 · • ohsas 18001 specifications...

Documents