ISMS ISO 27001 Implementation

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
• Introduction and Bio

• CyberSecurity Defined
• CyberSecurity Risks
• NIST CyberSecurity Framework
• References

Chapter 3. Framework Implementation
• Relationship of the COBIT 5 Goals Cascade to the CSF
• Step 1: Prioritize and Scope
• Step 2: Orient, and Step 3: Create a Current Profile
• Step 4: Conduct a Risk Assessment,
• Step 5: Create a Target Profile
• Step 6: Determine, Analyze, and Prioritize Gaps
• Step 7: Implement Action Plan
• Action Plan Review
• Life Cycle Management
http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Implementing-the-
NIST-Cybersecurity-Framework.aspx

Mark E.S. Bernard CyberSecurity Courses:
• White label Foundation Course: http://itprn.rs/1MscLu8
• Subscription Mentorship Practitioner Course: http://itsmmentor.com/mark-e-s-bernard/

Mark E.S. Bernard,
CRISC, CGEIT, CISA, CISM,
CISSP, PM, ISO 27001 Lead
Auditor, SABSA-F2
Information Security, Privacy,

Governance ,Risk Management,
Compliance Consultant

Link; CyberSecurity Infographic. http://tinyurl.com/mhm7k5d
CyberSecurity Defined
The Enterprise’s Cyber Security Management System

encompasses Governance, Risk Management, Internal
Audit, Quality Management, Continuous Improvement,
Incident Management, Vulnerability Management, Active
Monitoring, Cryptographic Management, Identity and
Access Management, Procurement and Supply Chain
Management to be established to drive the CyberSecurity
Program the brings value to the organization, resilience,
and sustainable.
Key takeaways from this research include:
• Cyber crimes are costly. We found that the average annualized cost of cyber crime for 234
organizations in our study is $7.2 million per year, with a range of $375,387 to $58 million. This
represents an increase in cost of 30 percent from the consolidated global results of last year’s
cyber cost study.
• Cyber attacks have become common occurrences. The companies in our study experienced 343
successful attacks per week and 1.4 successful attacks per company per week.1 This represents
an increase of 20 percent from last year’s successful attack experience. Last year’s study reported
262 successful attacks on average per week.
• The most costly cyber crimes are those caused by malicious insiders, denial of service and web-
based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion
prevention systems, application security testing and enterprise governance, risk management
and compliance (GRC) solutions.
Credits - October 2013 Ponemon Institute© Research Report

Credits - 2013 Cost of Data Breach Study: Global Analysis

Source:
Credits - 2013 Cost of Data Breach Study: Global Analysis

Source:
Credits – RedSocks 2015 Quarterly Report

Source:
Link; http://tinyurl.com/kmy35wn
Source:
• FIPP Act clause 74 – Financial penalties, ZERO!

Source; BC Information and Privacy Commissionaire
Source:
• 3.7 Million Records worth $50.00 per on Black Market.

• Credit Report costs $150.00 per record
Source:
Link; http://tinyurl.com/q4n6soq
Source:
Link; http://tinyurl.com/omhworn
The Most Significant Threats Link; http://tinyurl.com/oaorzda
The Most Common Vulnerabilities Link; http://tinyurl.com/k3bedps
DETECT

Foundation Practitioner Professional
Knowledge /Comprehension Implementation /Maintenance Design /Architecture
ISO/IEC 27001 ITIL ISO/IEC 27001/2 ITIL EA - FEMA TOGAF Java

Executive Overview
ISO/IEC 9001 ISO/IEC 38500 ISO/IEC 9001 ISO/IEC 38500 CISSP CISM OSI
NIST /UK CyberSecurity
ISO/IEC 31000 SIRT ISO/IEC 31000 SIRT GIAC CISA DBA
System
ISO/IEC 14001 ISO 18001 ISO/IEC 14001 ISO 18001 CGEIT CRISC
Admin
BS 25999 COSO ERM BS 25999 COSO ERM SABSA CISCO Programmer
COBiT NIST COBiT NIST IBM SAP API
Industry
RMCP HTRA RMCP HTRA PMP/Prince2 ORACLE TCP/IP ARC
Standards
Buy Blooms 1-2, Knowledge &

Blooms 3-4, Application & Analysis Blooms 5-6, Synthesis & Evaluation
In Comprehension
Work-stream Leaders Managers /PM Subject Matter Experts
Notes: other considerations Accounting skills, communications, skills & competencies, procurement, strategic planning, etc…
The knowledge transfer process will establish a link between our
instructional objectives and your knowledge deliverables. During the
knowledge transfer process we will improve three predominant skills,
they are as follows:
• Cognitive; intellectual outcomes;

• Psychomotor; new physical skills; and
• Affective; attitudes, values, beliefs.
Step 1 Step 2 Step 3 Step 4
Knowledge Comprehension Application Analysis

• Defense Industrial Base • Financial Services
• Emergency Services • Food and Agriculture
• Commercial Facilities • Government Facilities
• Communications • Healthcare and Public Health
• Critical Manufacturing
• Information Technology
• Chemical
• Dams • Nuclear Reactors, Materials, and Waste
• Energy • Transportation Systems
• Water and Wastewater Systems

The NIST CyberSecurity Foundation course comprises the following Processes.
• Identify: Business Environment, Governance, Risk

Management Strategy, Risk Assessment, Asset
Management
• Protect : Access Control, Awareness Training,

Data Security, Information Protection Processes and
Procedures, Maintenance, Protective Technology
• Detect: Anomalies and events, Security

Continuous Monitoring, Detection Processes.
• Respond: Response Planning, Communications,

Analysis, Mitigation, Improvements.
• Recover: Recovery Planning, Improvements,

Communications.

• NIST CyberSecurity Framework
• Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience
• ISO 27001 – Information Security Management System
• ITIL – Service Management
• ISO 9001 – Quality Management Systems
• RCMP HTRA – Harmonized Threat Risk Assessment
• COSO Enterprise Risk Management – Integrated Framework
• Carnegie Mellon CSIRT (Computer Security Incident Response Team)
• COBIT5 – Control Objectives for Information and Related Technology
• ISO 31000 Risk Management – Principles and Guidelines
• ISO 20000 Information Technology – Service Management – Concepts and Terminology
• ISO 38501 Governance – Corporate Governance of Information Technology
• ISO 14001 Environmental Management Systems
• ISO 18001 Occupational Health and Safety
• ISO 22000 Requirements for a Food Safety Management System
• ISO 55001 Asset Management and Supply Chain
• ISO 28001 Supply Chain Security Management Standard
• Carnegie Mellon Defence-in-Depth: Foundations for Secure and Resilient IT Enterprises
• Carnegie Mellon Software Development Life Cycle
• BS 25999 Business Continuity
For more information contact
Email /skype; mesbernard@gmail.com

ISMS ISO 27001 Implementation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISMS ISO 27001 Implementation

Uploaded by

Copyright:

Available Formats

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

• Introduction and Bio

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Information Security, Privacy,

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

The Enterprise’s Cyber Security Management System

Credits - October 2013 Ponemon Institute© Research Report

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Credits - 2013 Cost of Data Breach Study: Global Analysis

Credits – RedSocks 2015 Quarterly Report

• FIPP Act clause 74 – Financial penalties, ZERO!

• 3.7 Million Records worth $50.00 per on Black Market.

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

ISO/IEC 27001 ITIL ISO/IEC 27001/2 ITIL EA - FEMA TOGAF Java

ISO/IEC 31000 SIRT ISO/IEC 31000 SIRT GIAC CISA DBA

BS 25999 COSO ERM BS 25999 COSO ERM SABSA CISCO Programmer

COBiT NIST COBiT NIST IBM SAP API

Buy Blooms 1-2, Knowledge &

Work-stream Leaders Managers /PM Subject Matter Experts

• Cognitive; intellectual outcomes;

Step 1 Step 2 Step 3 Step 4

Knowledge Comprehension Application Analysis

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

• Identify: Business Environment, Governance, Risk

• Protect : Access Control, Awareness Training,

• Detect: Anomalies and events, Security

• Respond: Response Planning, Communications,

• Recover: Recovery Planning, Improvements,

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

You might also like

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *

* THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *