ISO 27001 presentation

Prepared By
LRSN-M

ID: ISMS.V2.01 1
 What is ISO 27000

Is a collection of international standards •

published jointly by the International
Organization for Standardization (ISO) and
the International Electrotechnical
Commission (IEC) that Provides a
comprehensive framework for organizations
to implement an Information Security
.Management System (ISMS)

ID: ISMS.V2.01 2
 Purpose and benifits

•Purpose: An ISMS is a systematic approach to managing

information security risks, ensuring the confidentiality,
integrity, and availability of information assets.
•Benefits:
• Protects against data breaches and cyberattacks.
• Builds trust with clients and partners through strong information
security.
• Demonstrates commitment to information security compliance.

ID: ISMS.V2.01 3
 ISO 27000 family

•ISO/IEC 27000: Offers an overview and vocabulary related

to information security management systems.
•SO/IEC 27001: Specifies the requirements for an ISMS.
Organizations can be certified against this standard.
•ISO/IEC 27002: Provides recommendations for information
security controls that can be implemented to address various
information security risks. (Annex A of ISO 27001:2022 is
aligned with this updated standard).
ISO 27005: Information security risk management.

ID: ISMS.V2.01 4
 Approach to implementing ISMS based on ISO
27001

1-Gap Analysis and Risk Assessment:

•Identify Assets: Inventory all your information assets (digital
and physical) including hardware, software, data, and
intellectual property.
•Conduct Risk Assessment: Analyze identified information
assets to understand potential threats and vulnerabilities.
Evaluate the likelihood and impact of these risks to prioritize
them.

ID: ISMS.V2.01 5
 Approach to implementing ISMS based on ISO
27001

2. Develop and Implement Controls:

•Selection of Controls: Based on your risk assessment, choose
appropriate security controls from ISO 27002 (Annex A of ISO
27001:2022) or other sources. These controls can be
preventive, detective, corrective, or reductive.
•Develop Documentation: Document your ISMS policies,
procedures, and controls. This includes an information security
policy, risk management plan, and statement of applicability
outlining chosen controls.

ID: ISMS.V2.01 6
 Approach to implementing ISMS based on ISO
27001

3. Implementation and Operation:

•Implement Controls: Put the chosen controls into practice.
This might involve policy roll-out, staff training, technical
configurations, or acquiring necessary security tools.
•Raise Awareness and Training: Train employees on
information security policies, procedures, and their roles in
upholding them. Regular awareness programs are crucial.

ID: ISMS.V2.01 7
 Approach to implementing ISMS based on ISO
27001

4. Maintain and Continual Improvement:

•Monitor and Measure: Continuously monitor the
effectiveness of your ISMS controls. Track metrics related to
security incidents, control performance, and user behavior.
•Internal Audit: Conduct regular internal audits to assess the
ongoing effectiveness of your ISMS and identify areas for
improvement.
•Management Review: Hold periodic management reviews to
assess the overall performance of the ISMS, address any
identified issues, and set future goals for improvement.

ID: ISMS.V2.01 8
 LRSN-M Contact Information

Website : www.lrsn-m.com
Email : ramy@lrsn-m.com
Name: Eng. Ramy Nour ElDien
Position : Managing Director
Mob: +2 01271752166

ID: ISMS.V2.01 9