Professional Documents
Culture Documents
ISMS Presentation
ISMS Presentation
The bank has a network of 628 branches, 689 automated teller machines
(ATMs), 123 CDM network and 15 regional loan centres within the country. It
also has an around-the-clock call centre at 0094 11 2204444 and an around
the clock branch at its Colombo office.
In addition to the local presence, the bank maintains an off-shore banking unit
in the head office in Colombo, and three branches in Malé, Chennai and
Seychelles, and a subsidiary in London.
ISMS Introduction
An information security management system (ISMS) is a framework of policies
and controls that manage security and risks systematically and across your entire
enterprise—information security
The framework for ISMS is usually focused on risk assessment and risk
management.
ISMS Benefits
Secures your information in all its forms
• An ISMS helps protect all forms of information,
including digital, paper-based, intellectual property,
company secrets, data on devices and in the Cloud, hard
copies and personal information.
These are the main costs associated with the management system elements of an
ISO27000 ISMS.
o Business Databases
o Physical Assets
o People Assets
o Network Devices
o Media
o Support Utilities
Registered Assets
Digital Assets Media
• Banking Website • Commercial Advertisements
• Self Banking Mobile app • Public campaign and Banners
Business Databases
• Employees database
• Account holder's information
database
Physical Assets
• ATM Machines
• Vehicles
People Assets
• Database Manager
• Network Administrator
Most Critical Assets
ATM Machines
Online Banking web site & mobile app
Account holder's information database
Database Manager
Network Engineer
ATM Machines
undetectability
Incident
occurrence
Known or Primary
Known or suspected Key information security controls in
suspected concerns
vulnerabilities effect
threats (C/I/A) ♦
♠ ♣ ♥
undetectability
Incident
occurrence
Known or Primary
Known or suspected Key information security
suspected concerns
vulnerabilities controls in effect
threats (C/I/A) ♦
♠ ♣ ♥
Virus Anti-virus program is not properly C+I+A 4 3 12 Renew the anti-virus program 2 24
updated and update system
40
Hacking Network connectivity, Inadequate C+I+A 2 2 4 Data protection policies & 4 16
firewall protection procedures , Network security
controls, System security
controls
Software errors Software have not proper access C+A 5 4 20 Want to make sure proper 2 40
control connection to network
Account holder's information database
undetectability
Incident
occurrence
Known or Primary
Known or suspected Key information security
suspected concerns
vulnerabilities controls in effect
threats (C/I/A) ♦
♠ ♣ ♥
42
Unauthorized Access was given to too many C+I+A 2.5 4 10 Data protection policies & 3 30
access people and access control procedures , Network security
scheme is not properly controls, System security
defined controls
Virus Anti-virus program is not C+I+A 3 5 15 Renew the anti-virus program 3 45
properly updated and update system
Database Manager
Incident undetectability
undetectability
Incident
occurrence
Known or Primary
Known or suspected Key information security
suspected concerns
vulnerabilities controls in effect
threats (C/I/A) ♦
♠ ♣ ♥
51
Frequent errors Lack of training I+A 1.5 2 3 Network Engineers must have 5 15
proper training on network
knowledge
Access to the Lack of policies for the correct C+A 2 5 10 Company policies, Data 3 30
network by use of telecommunications media protection policies &
unauthorized and messaging procedures , Network security
persons controls, System security
controls
Our Group