一招教会你执行ISO27001全英文版本着名认证公司的培训教材.ppt

ISO 27001 – An Introduction ISO 27001 – An Introduction ISO 27001 is A standard for Information Security Management System (ISMS) Provides the ISMS requirements and specifications of controls for certification Establishes PDCA approach to ISMS Aligned with ISO 9001/ ISO 14001 Mature being nurtured (Past, present and future) Benefits of ISO 27001 ? Improved effectiveness of Information Security ? Market Differentiation ? Provides confidence to trading partners, stakeholders, and ? Customers (certification demonstrates due diligence) ? The only standard with global acceptance ? Potential lower rates on insurance premiums ? Compliance with mandates and laws (e.g., Data Protection Act, Communications Protection Act) Benefits of ISO 27001 ? Standard covers IT as well as organization, personnel, and facilities ? Focused staff responsibilities ? Independent review of the Information Security Management System ? Better awareness of security ? Combined resources with other Management Systems (e.g. QMS) ? Mechanism for measuring the success of the security controls What is Information Security ISO 27001:2005 Structure 4.0 Information Security Management System ? General requirements ? Establishing and managing the ISMS (e.g. Risk Assessment) ? Documentation Requirements 5.0 Management Responsibility ? Management Commitment ? Resource Management (e.g. Training, Awareness) 6.0 Internal ISMS Audits 7.0 Management Review of the ISMS ? Review Input (e.g. Audits, Measurement, Recommendations) ? Review Output (e.g. Update Risk Treatment Plan, New Recourses) 8.0 ISMS Improvement ? Continual Improvement ? Corrective Action ? Preventive Action History Present Future Process-based ISMS Model ISO 27001– PDCA Approach Establish ISMS Implement Operate ISMS Monitor Review ISMS Maintain Improve ISMS ISMS Documentation ISO/IEC Guide 73: Risk Management Controls in a perspective The 11