Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 9
ISO 27001 presentation
Prepared By LRSN-M
ID: ISMS.V2.01 1 What is ISO 27000
Is a collection of international standards •
published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that Provides a comprehensive framework for organizations to implement an Information Security .Management System (ISMS)
ID: ISMS.V2.01 2 Purpose and benifits
•Purpose: An ISMS is a systematic approach to managing
information security risks, ensuring the confidentiality, integrity, and availability of information assets. •Benefits: • Protects against data breaches and cyberattacks. • Builds trust with clients and partners through strong information security. • Demonstrates commitment to information security compliance.
ID: ISMS.V2.01 3 ISO 27000 family
•ISO/IEC 27000: Offers an overview and vocabulary related
to information security management systems. •SO/IEC 27001: Specifies the requirements for an ISMS. Organizations can be certified against this standard. •ISO/IEC 27002: Provides recommendations for information security controls that can be implemented to address various information security risks. (Annex A of ISO 27001:2022 is aligned with this updated standard). ISO 27005: Information security risk management.
ID: ISMS.V2.01 4 Approach to implementing ISMS based on ISO 27001
1-Gap Analysis and Risk Assessment:
•Identify Assets: Inventory all your information assets (digital and physical) including hardware, software, data, and intellectual property. •Conduct Risk Assessment: Analyze identified information assets to understand potential threats and vulnerabilities. Evaluate the likelihood and impact of these risks to prioritize them.
ID: ISMS.V2.01 5 Approach to implementing ISMS based on ISO 27001
2. Develop and Implement Controls:
•Selection of Controls: Based on your risk assessment, choose appropriate security controls from ISO 27002 (Annex A of ISO 27001:2022) or other sources. These controls can be preventive, detective, corrective, or reductive. •Develop Documentation: Document your ISMS policies, procedures, and controls. This includes an information security policy, risk management plan, and statement of applicability outlining chosen controls.
ID: ISMS.V2.01 6 Approach to implementing ISMS based on ISO 27001
3. Implementation and Operation:
•Implement Controls: Put the chosen controls into practice. This might involve policy roll-out, staff training, technical configurations, or acquiring necessary security tools. •Raise Awareness and Training: Train employees on information security policies, procedures, and their roles in upholding them. Regular awareness programs are crucial.
ID: ISMS.V2.01 7 Approach to implementing ISMS based on ISO 27001
4. Maintain and Continual Improvement:
•Monitor and Measure: Continuously monitor the effectiveness of your ISMS controls. Track metrics related to security incidents, control performance, and user behavior. •Internal Audit: Conduct regular internal audits to assess the ongoing effectiveness of your ISMS and identify areas for improvement. •Management Review: Hold periodic management reviews to assess the overall performance of the ISMS, address any identified issues, and set future goals for improvement.
ID: ISMS.V2.01 8 LRSN-M Contact Information
Website : www.lrsn-m.com Email : ramy@lrsn-m.com Name: Eng. Ramy Nour ElDien Position : Managing Director Mob: +2 01271752166
