Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security...
10
Simpler, Faster, Better 1 Adaptive Processes Adaptive Processes Understanding Information Security ISO 17799 / BS7799
-
Upload
gabriel-norman -
Category
Documents
-
view
218 -
download
0
Transcript of Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security...
Simpler, Faster, Better 1
Adaptive Processes
Adaptive Processes
Understanding Information Security
ISO 17799 / BS7799
Simpler, Faster, Better 2
Adaptive Processes
Just Imagine…
• What will happen if our current office can’t be used for few days because of fire?
• What will happen if our competitor hacks into our network and gets all sensitive information?
• Our communication link to our customer goes down for prolonged period?
• And many more…..
Simpler, Faster, Better 3
Adaptive Processes
So The Implications Are…
• Information security is essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image
• It is extremely critical for us to identify, assess and take preventive / corrective measures for risks that our business faces
• It is legally required to protect information that customers provide us
Simpler, Faster, Better 4
Adaptive Processes
Global Information Village
Simpler, Faster, Better 5
Adaptive Processes
Information Criticality
DigitalNervousSystem
StrategicThinking
BusinessReflexes
Basic Operations
Customer Interaction
Information systems are nervous system of an information enterprise - Failure of nervous system indicates failure of the organization
Simpler, Faster, Better 6
Adaptive Processes
Understanding Information Security
• Confidentiality– Ensuring that information is
accessible only to those authorized to have access
• Integrity– Safeguarding the accuracy
and completeness of information and processing methods
• Availability– Ensuring that authorized
users have access to information and associated assets when required
Simpler, Faster, Better 7
Adaptive Processes
Securing Information
INFORMATION
ATTACK
ATTACK
ATTA
CK
ATTA
CK
ATTACK
ATTACK
ATTACK
ATTACK
ATTACK
ATTACK
Simpler, Faster, Better 8
Adaptive Processes
Introducing ISO 17799
• Provides recommendations for information security management for use by those who are responsible for initiating, implementing or maintaining security in their organization
• Provides a common basis for developing organizational security standards and effective security management practice and to provide confidence in inter-organizational dealings
Simpler, Faster, Better 9
Adaptive Processes
ISO 17799
What it is:What it is:
• An internationally recognized structured methodology dedicated to information security
• A defined process to evaluate, implement, maintain, and manage information security
What it is:What it is:
• An internationally recognized structured methodology dedicated to information security
• A defined process to evaluate, implement, maintain, and manage information security
What it is not:What it is not:• A technical standard• Product or
technology driven• An equipment
evaluation methodology such as the Common Criteria/ISO 15408)
What it is not:What it is not:• A technical standard• Product or
technology driven• An equipment
evaluation methodology such as the Common Criteria/ISO 15408)
Simpler, Faster, Better 10
Adaptive Processes
ISO 17799
What it is:What it is:
• A comprehensive set of controls comprised of best practices in information security
• Developed by industry for industry
What it is:What it is:
• A comprehensive set of controls comprised of best practices in information security
• Developed by industry for industry
What it is not:What it is not:• Related to the
"Generally Accepted System Security Principles," or GASSP
• Related to the five-part "Guidelines for the Management of IT Security," or GMITS/ISO TR 13335
What it is not:What it is not:• Related to the
"Generally Accepted System Security Principles," or GASSP
• Related to the five-part "Guidelines for the Management of IT Security," or GMITS/ISO TR 13335
