Scribd
Upload
231 views14 pages

ISO 27001-2005 Awareness

The document provides an overview of the ISO 27001 information security standard, outlining key concepts like information assets, information security, the 11 domains addressed in ISO 27001, and the benefits of compliance such as effective controls and market differentiation.

Uploaded by

qadir147
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
231 views14 pages

ISO 27001-2005 Awareness

The document provides an overview of the ISO 27001 information security standard, outlining key concepts like information assets, information security, the 11 domains addressed in ISO 27001, and the benefits of compliance such as effective controls and market differentiation.

Uploaded by

qadir147
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 14

ISO 27001:2005

Information Security Standard


A brief Overview

Information
Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected. Printed or written on paper Stored electronically Transmitted by mail or electronic means Spoken in conversations

What is Information Security


ISO 27001 defines this as preservation of:

Achieving Information Security


4 Ps of Information Security

3 Basic Principles for ISMS


Confidentiality
Ensuring that information is accessible only to those authorised to have access. Safeguarding the accuracy and completeness of information and processing methods. Ensuring that authorised users have access to information and associated assets when required.

Integrity

Availability

ISMS Relationships
11 Domains of ISO27001

Procedural

Technical

Information Assets Physical Integrity

People

2006 IBM Corporation

11 Domains of ISO 27001


1.
2. 3.

Security Policy
Organization of Information Security Asset Management

4.
5. 6.

Human Resources Security


Physical & Environmental Security Access Control

7.
8. 9.

Communications & Operations Management


Information Systems acquisition, development and maintenance Compliance

10. Business Continuity Management


11. Information Security Incident management

What is ISO 27001?


International Standard for Information Security Management

Specifications for Information Security Management


Code of practice for Information Security Management Can be Certified by Certification Bodies Applicable to all industry sectors

ISO 27001 Drivers

Corporate Governance
Increased Risk Awareness Competition Customer Expectation

Market Expectation
Market Image Legislative drivers

Reasons for seeking Certification according to BSI-DISC Survey

Few Benefits of Compliance


Effective Controls of Information Security Market Differentiation Confidence to trading partners,stakeholders and
customers

ONLY standard with global acceptance

Legislative Compliance

ISO 27001:2005 PDCA

ISO 27001 can be..


Without genuine support from the top- a Failure
Without proper implementation-a burden With full support,proper implementation and
ongoing commitment a

major benefit

ISO 27001:2005 Information Security

GSDC certified against ISO/IEC 27001:2005 standard


- 27 April 2006

ITD GD completed the 1st Surveillance Audit March


2007

ITD GD is scheduled for the combined 2nd & 3rd


Surveillance Audit 24th to 26th March 2008

THANK YOU

You might also like