Upload File

we45 iso-27001 case study

8

Upload: we45

Post on 06-Aug-2015

39 views

Category:

Services


2 download

Report

TRANSCRIPT

Page 1: we45 ISO-27001 Case Study
Page 2: we45 ISO-27001 Case Study

Contents

!   Overview

!   Pre Engagement Scenario

!   we45 Proposed Solution

!   Post Engagement Scenario

Page 3: we45 ISO-27001 Case Study

Overview

!   As the only Company offering products for extra high voltage data and power transmission, our client is positioned strongly in high growth geographies and high growth industries.

!   Net Revenue: $500 Million

!   Centralized IT Services: Firewall & Content Filtering Services, Google Apps, SAP, Cordys, HRMS.

!   Localized IT Services: Local File Server monitoring and maintenance, Backup and Restoration and Genereic IT Support (daily operations)

!   No. of Locations: 9

!   Overall IT Employee Strength: 50

!   IT Employee Strength per location: 5

Page 4: we45 ISO-27001 Case Study

Pre - we45- Engagement Scenario

!   ISO 27001 was a critical requirement for the organization from a global market reach perspective.

!   Non – Standard IT operational procedure across the group

!   Low levels of awareness and understanding on Information Security and ISO 27001 requirements across the group and departments.

!   Non availability of dedicated resources for the ISO 27001 implementation.

!   Lack of in-house technical security competency.

!   Streamlining of existing standard operating procedures was a challenge as each of the 9 locations were following their own standard operating procedure.

!   Existing Information Security Policies & Procedures (ISPP) were ineffective and lacked technical granularity.

Page 5: we45 ISO-27001 Case Study

we45 Proposed Solution

!   Conducting of a comprehensive workshop on ISO/IEC 27001:2005

!   Identification of an appropriate and effective Scope for the ISO 27001

!   Conducting an IT Risk Assessment based on the OCTAVE Methodology to identify critical assets and drafting of a Risk Mitigation Plan for the identifed asset –risk values.

!   Preparation of a Statement of Applicability based on the agreed controls applicable and identified in the Risk Mitigation Plan

!   Amendment of the existing Information Security Policies & Procedures (ISPP) in aligment to the ISO 27001 mandates and ensuring that they map to the controls identified earlier on.

!   Technical Assessment (Vulnerability Assessment / Penetration Test) conducted for all 9 locations on sampled critical information assets and services.

!   Implementation of the ISO/IEC 27001:2005 suggested controls and generation of evidences.

!   Comprehensive ISO/IEC 27001:2005 based (pre-certification) Internal Audit.

Page 6: we45 ISO-27001 Case Study

Implementation – Activity Chart

Activities performed No of we45 Consultants

Effort (in Working

Days)

Deliverables

1.  Understand Business Environment 2.  ISMS Scope Definition & Documentation 3.  Setting up of Security Steering Committee 2 7

1.  ISMS Scope Documentation 2.  Org. specific high level security policy statement

1.  Risk Assessment 2.  Technical VAPT 3.  Gap Analysis as per ISO/IEC 27001:2005 guidelines 4.  Asset Identification, Valuation & Classification 5.  SOA (Statement of Applicability)

2 15

1.  Risk Assessment Reports 2.  VAPT Reports 3.  Gap Analysis Report 4.  Asset Register 5.  SOA.

Create / Review / Amend Policies & Procedures. 1 30

ISO/IEC 27001:2005 Information Security Policy and Procedure deck.

ISO/IEC 27001 Implementation Workshops. 1 15

ISO/IEC 27001:2005 Awareness & Implementation Manual

ISO/IEC 27001:2005 Internal Audit and Preparation , Follow up & closure of CAPA.

1 7

ISO/IEC 27001:2005 Internal Audit Plan & Report

Page 7: we45 ISO-27001 Case Study

Post Engagement Scenario

!   A successful attainment of the ISO 27001:2005 certification for 9 location at one-go

!   A marked increase in the awareness and knowledge levels of an Information Security Management System (ISMS) across the organization.

!   Enhanced levels of technical, operational and knowledge on Security Best Practices.

!   A measurable and repeatable IT Operations Process instilled across the organization at both the Central and Local entities.

!   A sound Incident Management Response and Learning system in place that captures and reports IT and Non IT security incidents. This is followed up by a root cause analysis, preventive and corrective action mechanisms.

!   The Sales and Marketing team able to showcase the mature and secure IT practices at the organization to the global partner and client network

Page 8: we45 ISO-27001 Case Study

Thank You


Iso 27001 Training

ISO/IEC 27001 Information Security Management › LocalFiles › en-SG › ISO 27001... · ISO/IEC 27001 Information Security Management Securing your information assets ... It is

Mapping between the requirements of ISO/IEC 27001:2005 and ... · ISO/IEC 27001 Mapping guide Mapping between the requirements of ISO/IEC 27001:2005 and ISO/IEC 27001:2013 Introduction

ISO 27001 IMPLEMENTATION

ISO IEC 27001

ISO/IEC 27001 Controls - Solutions Exchangenetwrix.solutions-exchange.fr/wp-content/uploads/pdf...ISO/IEC 27001 Controls and Netwrix Auditor Mapping 2 About ISO/IEC 27001 ISO 27001

Transitioning from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Isms Iso 27001 Common

ISO 27001 - 27002

ISO 27001 presentacion.ppt

 · ISO 9001 2008 Certification Services in India céL ISO 27001 ISO 27001 Certification in India CDG REGISTERED ISO ISO 27001:2013 Certification Services US FDA Registration Service

ISO 27001 – Lessons from the Trenches - EventSystemPro - ISO-27001... · ISO 27001 Implementation Lessons from the Trenches ... ISMS implementation andKey lessons from ISMS implementation

ISO 27001 - Cyprus

ISO 27001 Introduction - lpm.ulm.ac.idlpm.ulm.ac.id/download/Introduction ISMS ISO 27001.pdf · •2005 ISO 27001 specification was published –contains Audit Requirements, with

ISO 27001 Primer

Reports ISO 27001

Mapping between the requirements of ISO/IEC 27001:2005 …...3 ISO/IEC 27001 - Information Security Management - Mapping guide Mapping of ISO/IEC 27001:2013 to ISO/IEC 27001:2005 Note

ISO 27001 - ISACA Puerto Rico · Relationship between ISO 31000, ISO 27001 and ISO 27005 ... –Self-assessment questionnaire ... 27001/resources/BSI-ISOIEC27001-Assessment-Checklist-UK-EN.pdf)

ISO 27001:2005

PECB CERTIFIED ISO/IEC 27001 LEAD IMPLEMENTER · for an ISO 27001 certification Domain 4: Implementing an ISMS based on ISO/IEC 27001 Main Objective: To ensure that the ISO/IEC 27001

ISO 27001 7-2017 - ISO Registration 27001.pdfISO 27001 incorporates key elements of the ISO 9001 and ISO 14001 standards, both being popular quality management standards. Organizations

Iso 27001 10_apr_2006

Information Security Management System ISO 27001:2013 ...engg.hbl.in/qms/pdfs/ISO 27001_ISMS Awareness Training...Refer to ( ISO/IEC 27001:2013 clause 6.1, 6.2, 6.3) ISO 27001 –ISMS

ISO 27001 Global Report - Consultia · ISO 27001 Global Report 2015 ISO 27001 certification is the norm 84% of organisations that have implemented an ISO 27001-compliant information

ISO 27001 Compliance Checklist

ISO 27001:2005 Information Security Management Systems 27001.pdfSejarah ISO 27001:2005 (ISMS) ISO 27001:2005 atau yang disebut juga ISO 17799:2005-2 adalah suatu standar keamanan yang

Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013cbexcelente.wdfiles.com/local--files/est-seginfo-27001-de2005a2013... · 1 Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013 Carlos

THCOTIC ISO 27001 MAPPING TO ISO 27001 CONTROLS

ISO 27001:2013 ISMS Consultancy ISO 27001 ISMS...ISO 27001:2013 ISMS, the following objectives are as follows: 1 ISO/IEC 27001 is widely known, providing requirements for an information

New ISO 27001 27001... · 2020. 4. 23. · Framework to Meet ISO 27001 man. August 2018 How to Implement an Information Security framework to Meet ISO 27001 Webinar Background In

THCOTIC ISO 27001 MAPPING TO ISO 27001 CONTROLS · PDF fileTHCOTIC ISO 27001 C | LONON | SNE e salesthycoticcom t thycotic thycoticcom MAPPING TO ISO 27001 CONTROLS Thycotic helps

ISO/IEC 27001:2013 - BSI Group · What is ISO/IEC 27001? • Benefits • ISO/IEC 27001: 2013 clause by clause • Top tips from our clients • Your ISO/IEC 27001 journey • BSI

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 · PDF fileTransition guide Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 The new international standard for information

ISO/IEC 27001:2013 - BSI Group 27001/Documents/ISO... · What is ISO/IEC 27001? • Benefits • ISO/IEC 27001: 2013 clause by clause • Top tips from our clients • Your ISO/IEC

Integration Technologies Group, Inc. - ISO Registration 27001 Overview.pdfOverview of ISO 27001 • ISO/IEC 27001 defines the requirements for an Information Security Management System