Scribd Logo
Upload

Welcome to Scribd!

  • ISO 27001 Information Security Management System Requirements

    Uploaded by

    Kansha Gupta
    24 views2 pages

    Original Title

    Notes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views2 pages

    ISO 27001 Information Security Management System Requirements

    Uploaded by

    Kansha Gupta

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    ISO/IEC 27001

     A systematic framework to protect information inside an organization.


     It specifies the requirements for an ISMS(Information Security Mgmt. system)
     It is different from other mgmt. standards because it has annex A.
     Annex A- It is a list of control objectives and controls of information security. There are 114
    info. Sec. controls under 35 categories which are commonly accepted.
    2.ISO/IEC 27002
     It is a guidance for the implementation of controls in Annex A of ISO/IEC 27001 controls.

    ISO Family:
    1.ISO/IEC 27001- specifies the requirement for an ISMS.
    2.ISO/IEC 27002- guideline for implementation of the controls in Annex A
    3.ISO/IEC 27000- a general overview of information security &terms & definitions.
    4.ISO/IEC 27003- general guidance for the implementation of an ISMS.
    5.ISO/IEC 27004- advice on how organizations can monitor and measure the performance of their
    ISMS.
    6.ISO/IEC 27005-Guidance on risk management.
    7.ISO/IEC 27006-for audit & certification of ISMS.
    8.ISO/IEC 27007-guideline on how to audit an ISMS.
    Sector Specific
    9.ISO/IEC 27011-application of security controls in telecommunication
    10.ISO/IEC TR 27015-information security management in financial services

    ISO 27001 Controls:


     
    A5:Information Security Policies
    A5.1: Management direction for information security: Information security policy must be
    communicated to staff, persons working for organization and external parties

     
    A6: Roles, Responsibilities & Segregation of Duties: Roles & responsibilities of each employee must
    be clearly defined & allocated. Segregation of duties must be practices as it reduces opportunities
    for unauthorized or unintentional modification of misuse of assets.
     
    A7: Human Resource Security:
    A7.1Prior to employment: Screening including the process of background checks must be done to
    ensure right person is joining org.
    A7.2During employment: Employee are required to apply information security policies & procedures
    defined by org. Appropriate awareness and training on information security must be given to all
    employees
    A7.3Termination of employment: During termination ensure logical and physical access rights are
    removed.
    COBIT: The Common Objectives for IT is issued by IT Governance of Institute of ISACA. The objective
    of COBIT is to provide generally applicable and accepted standard for IT security & control practices.
    It works on 5 principles & 7 enablers.
    7 Enablers:
    1. Confidentiality 2. Integrity 3. Availability 4. Effectiveness 5. Reliability 6. Efficiency 7.
    Compliance 
    5 Principles:
    1. People 2. Data 3. Application 4. Technology 5.Facilities
    COBIT brings together 5 principles that allow enterprise to build an effective governance and
    management framework based on a holistic set of 7 enablers that optimizes information &
    technology investment and use for the benefit of stakeholders.

    You might also like