You are on page 1of 10

Information Security Management System

Information & Information Security

Information is an asset Essential Asset to meet Organizations Business Objectives Information Security is the protection of Confidentiality Integrity & Availability

Why Information Security

Business Interconnectivity Need Of Time More interconnectivity = Information is exposed to more audience More exposure = Information exposed to more varieties of Threats & Vulnerabilities Business Impacts on realization of threat Loss of Business, Legal actions, disrepute

Implementing Information Security

Identify the Security Requirements of the organization
Business Objectives

Legal Statutory Requirements

Contractual Requirements

Implementing Information Security

Selecting Controls Controls to be implemented selected based on Security Requirement Analysis Implementing Controls Organizational Policy Procedures Reviewing Controls Testing controls ( e.g. Vulnerability Assessment, Penetration Testing etc) Review as part of incident response (e.g. Virus attack, Hacker attack etc) Periodic Internal Audits

How may we help you

Consulting Services Information Security Management System (ISMS) BS 7799 (ISO 27001) BS 7799 (ISO 27001) Gap Analysis Information Security Policies & Procedures Formulation Risk Assessment Business Continuity Plan (BCP) Disaster Recovery Plan (DRP) Control Objectives for Information and Related Technology (COBIT)

How may we help you

Technical Services
Vulnerability Assessment & Penetration Testing Network Security Architecture Review & Design Technical Audit Application Security Testing Wireless Security Audit Computer Forensics Desktop Audit

How may we help you

Managed Security Services - as per clients security policy

Defining Security Policies for different security components. Identifying vulnerabilities and the risks Alerts and counter measure for potential threats. Log & Event Analysis. Pattern Monitoring and Intrusion trend Analysis Implementation of patches & upgrades Update of latest signatures for IDS and Anti-virus Incident Management Periodic audits Review organizations security policy Prepare activity list as per the organization security policy Monitor and review the implementation of policies. Incident Management Suggesting corrective and preventive measures Presentation to the steering committee Identify improvements in the ISMS and implement recommendations

Question Answer Session

Thank You !!