SlideShare a Scribd company logo

Know more about exin unique information security program

Elke Couto Morgado
Elke Couto Morgado

Conheça os benefícios do Programa de Certificação Profissional em Segurança da Informação baseada na ISO27002

Technology
1 of 25
Simple competence certification ! EXIN’s unique Information Security Certification Program (based on ISO/IEC 27002) Benefits and differences By Marc Taillefer 2012.03.15 1
Simple competence certification ! Objective for an Reduce risk by improving awareness organization: & practical skills in safety. Principle: People are the solution; processes and technology are needed to support people Agenda: • Many personal certification, which one is better? • Different international standards • EXIN’s Program • “Unsecured” factors in Security: the people 2
Personal certifications ! Certified Information Security Manager (CISM) awarded by ISACA Certifications: 5 years + experience in information security including 3 years in information security management • Information risk management • Managing incidents • Corporate governance • 200 multiple-choice questions (twice a year) ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives. 3
Personal certifications ! Certified Information Systems Security Professional (CISSP) awarded by ICS Accredited under ISO/IEC 17024:2003 standard • 5 years + experience of direct full-time security work experience in two or more of the ten (ISC)² information security domains • OR Associate of (ISC)² designation by passing CISSP exam • Criminal history and related background. • 6 hours exam 250 multiple-choice questions with 70% • Exam @ $450, last minute registration @ $100, annual fee @ $85 Based on the CIA triangle of confidentiality, integrity and availability 4
Different international standards Information technology, security techniques — Information security management systems ISO 27000 Security Overview and vocabulary ISO 27001 Requirements ISO 27002 Code of practice for information security management ISO 27003 Information security management system implementation guidance ISO 27013 Guidelines on the integrated implementation of ISO IEC 27001 and ISO IEC 20000-1 ISO 20000-1 Information technology -- Service management -- Part 1: Service management system requirements 5
Different international standards Governance Information security Information security Management system 27001 IT Service Code of practice 27002 management (control objectives) system Guidelines on people involvement and competence 10018, PCMMI … Auditing Auditing Auditing compliance compliance compliance 19001 27008:2011 27007 6
Different international standards • Competent people for implementation and third party management • Inform third party people, candidates, contractors • Activities to make people aware of ... • Adapted to their roles & responsibilities … so they understand … so they know who to contact for additional info … so they know how to report incidents • Disciplinary sanctions !! (specific process to be just and fair) • Change of position or leaving the organization 7
Code of practice (27002) NOTE: Items 1,2 and 3 are introduction items 8
Code of practice (27002) 6.1 Internal organization • … management framework for information security • Roles and responsibilities should be defined for the information security function. • Contacts should be established with relevant authorities (e.g. law enforcement) and special interest groups. Information security should be independently reviewed. 10.1 Operational procedures and responsibilities • IT operating responsibilities and procedures should be documented. • Duties should be segregated between 9 different people where relevant
Code of practice (27002) Section 8: Human resources security 8.1 Prior to employment Security responsibilities … when recruiting permanent employees, contractors and temporary staff • job descriptions, • pre-employment screening • terms and conditions of employment • signed agreements on security roles and responsibilities). During employment Management • All be made aware, educated in security procedure 8.3 Termination or change of employment / contract 10
Code of practice (27002) 11.3 User responsibilities Users should be made aware of their responsibilities towards maintaining effective access controls 13.1 An incident reporting/alarm procedure is required • plus the associated response • and escalation procedures • employees, contractors etc. should be informed of their incident reporting responsibilities. 11
Different Exin programs EXIN, the Examination Institute for Information Science • global, independent IT examination • qualification programs for • ITSM20 based, on ISO/IEC 20000:2011 • Information Security, based on ISO/IEC 27002 • Cloud • ITIL®, • Green IT • MOF • ASL, • BiSL • Tmap • Prince 2 ® EXIN enables professionals and organizations to turn their skills into a reputation. www.exin.com 12
EXIN’s Cloud program connection with security Cloud computing, EXIN’s exam requirements: 3.1 The candidate understands the security risks of Cloud computing and knows mitigating measures (10%) The candidate can: 3.1.1 Describe the essential elements of security in the cloud (Confidentiality, Integrity and Availability) 3.1.2 Describe the standard measures for authorized use (Authentication, Authorization and Accountability) 3.1.3 Describe the main security risks for the three types of virtualized environments 13
EXIN’s ITSM20 connection with Information security Foundation level: … Information Security management 3.1.1 Describe the objectives and quality requirements of the delivery processes 3.1.2 Describe the best practices of the delivery processes 2.3 Associate level: 2.3.1 Identify risks 2.3.2 Define mitigating actions 2.3.3 Monitor risks 14
EXIN’s security programs Foundation target group: • intended for everyone in the organization who is processing information • entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary • good start for new information security professionals. 15
EXIN’s security programs ISFS Foundation exam Mastery level: 40 questions, 10% - Information and Security 60 minutes, in understanding The Concept of 10% - Approach and Organization Information Security Policy and Value of Information Security Organization Reliability Aspects Components of the 30% - Threats and Risks Security Organization Threat and Risk Incident Management The Relationships 40% - Measures between Threats, Importance of Measures Risks and the Physical Security Reliability of Information Technical Security Organizational Measures 10% Legislation and Regulations 16
EXIN’s security programs Advance target group: Everyone involved in the implementation, evaluation and reporting of information security, such as: • Information Security Manager (ISM) • Information Security Officer (ISO) • Line Manager, • Process Manager • Project Manager. 17
EXIN’s security programs ISMAS Advance exam Mastery level: 30 questions, 20% Security policy and plan 90 minutes, in analyzing Information security policy 10% - Standards … plan Application of standards 30% Organization of ISO/27001 & 27002 information security 15% - Compliance Design of information security Legislation and regulations Function (roles) Protection of personal 15% Risk analysis data • Classification of Agreements and contracts information & management of capital 10% Evaluation assets • Quick review 18 • Risk analysis method • Audit
Exin’s security programs Expert level target group: IT professionals responsible for the partial or overall set up and development of structural information security • Chief Information Security Officer • Information Security Manager • Business Information Security Architect 19
EXIN’s security programs ISO/IEC 27002 Qualification scheme 20
EXIN’s security programs Context Wisdom Why? Knowledge How? Information Who, what, when, where? Understanding 21
Different standards Governance Information security Information security Management system 27001 IT Service Code of practice 27002 management (control objectives) system Guidelines on people involvement and competence 10018, PCMMI … Auditing Auditing Auditing compliance compliance compliance 19001 27008:2011 27007 22
Personal certifications ! People beyond the certification ! Understand why ! Reflect on the understanding, level by level ! Enthuse to know more, even if we are in a rapid-pace world ! Ask to inform others ! 23
EXIN’s security programs Questions / exchange 24
EXIN’s ITSM20 References http://www.iso27001security.com/ http://www.iso.org/iso/iso_catalogue.htm http://www.exin.com/NL/en/exams/ Milena Andrade, Regional Manager We turn skills into reputation Off: +55 11 3443 6270 Mob: +55 11 8786 1114 milena.andrade@exin.com Marc Taillefer, senior consultant Accredited trainer for EXIN’s Executive Manager/Consultant certification Accredited trainer for all of EXIN’s ISO/IEC 20000 and 27002 based courses marc@marc-taillefer.ca 25

Recommended

Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Introduction to Information System Security
Introduction to Information System SecurityIntroduction to Information System Security
Introduction to Information System Securitychauhankapil
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 

Recommended

Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Introduction to Information System Security
Introduction to Information System SecurityIntroduction to Information System Security
Introduction to Information System Securitychauhankapil
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security ManagementIT Governance Ltd
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Information Security
Information SecurityInformation Security
Information SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 

More Related Content

What's hot

information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsCertification Europe
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.IGN MANTRA
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practiceparves kamal
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-systemintellisenseit
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 

What's hot (20)

information security management
information security managementinformation security management
information security management
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 
Information security management best practice
Information security management best practiceInformation security management best practice
Information security management best practice
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
Information Security
Information SecurityInformation Security
Information Security
 
Information security-management-system
Information security-management-systemInformation security-management-system
Information security-management-system
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 

Similar to Know more about exin unique information security program

20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information TechnologyKathirvel Ayyaswamy
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxkevlekalakala
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdfDorcusSitali
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business ValueHyTrust
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Similar to Know more about exin unique information security program (20)

20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
Information security
Information securityInformation security
Information security
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
02 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v0502 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v05
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Know more about exin unique information security program

  • 1. Simple competence certification ! EXIN’s unique Information Security Certification Program (based on ISO/IEC 27002) Benefits and differences By Marc Taillefer 2012.03.15 1
  • 2. Simple competence certification ! Objective for an Reduce risk by improving awareness organization: & practical skills in safety. Principle: People are the solution; processes and technology are needed to support people Agenda: • Many personal certification, which one is better? • Different international standards • EXIN’s Program • “Unsecured” factors in Security: the people 2
  • 3. Personal certifications ! Certified Information Security Manager (CISM) awarded by ISACA Certifications: 5 years + experience in information security including 3 years in information security management • Information risk management • Managing incidents • Corporate governance • 200 multiple-choice questions (twice a year) ISACA created the CISM to help foster a better fusion between IT auditing and information security perspectives. 3
  • 4. Personal certifications ! Certified Information Systems Security Professional (CISSP) awarded by ICS Accredited under ISO/IEC 17024:2003 standard • 5 years + experience of direct full-time security work experience in two or more of the ten (ISC)² information security domains • OR Associate of (ISC)² designation by passing CISSP exam • Criminal history and related background. • 6 hours exam 250 multiple-choice questions with 70% • Exam @ $450, last minute registration @ $100, annual fee @ $85 Based on the CIA triangle of confidentiality, integrity and availability 4
  • 5. Different international standards Information technology, security techniques — Information security management systems ISO 27000 Security Overview and vocabulary ISO 27001 Requirements ISO 27002 Code of practice for information security management ISO 27003 Information security management system implementation guidance ISO 27013 Guidelines on the integrated implementation of ISO IEC 27001 and ISO IEC 20000-1 ISO 20000-1 Information technology -- Service management -- Part 1: Service management system requirements 5
  • 6. Different international standards Governance Information security Information security Management system 27001 IT Service Code of practice 27002 management (control objectives) system Guidelines on people involvement and competence 10018, PCMMI … Auditing Auditing Auditing compliance compliance compliance 19001 27008:2011 27007 6
  • 7. Different international standards • Competent people for implementation and third party management • Inform third party people, candidates, contractors • Activities to make people aware of ... • Adapted to their roles & responsibilities … so they understand … so they know who to contact for additional info … so they know how to report incidents • Disciplinary sanctions !! (specific process to be just and fair) • Change of position or leaving the organization 7
  • 8. Code of practice (27002) NOTE: Items 1,2 and 3 are introduction items 8
  • 9. Code of practice (27002) 6.1 Internal organization • … management framework for information security • Roles and responsibilities should be defined for the information security function. • Contacts should be established with relevant authorities (e.g. law enforcement) and special interest groups. Information security should be independently reviewed. 10.1 Operational procedures and responsibilities • IT operating responsibilities and procedures should be documented. • Duties should be segregated between 9 different people where relevant
  • 10. Code of practice (27002) Section 8: Human resources security 8.1 Prior to employment Security responsibilities … when recruiting permanent employees, contractors and temporary staff • job descriptions, • pre-employment screening • terms and conditions of employment • signed agreements on security roles and responsibilities). During employment Management • All be made aware, educated in security procedure 8.3 Termination or change of employment / contract 10
  • 11. Code of practice (27002) 11.3 User responsibilities Users should be made aware of their responsibilities towards maintaining effective access controls 13.1 An incident reporting/alarm procedure is required • plus the associated response • and escalation procedures • employees, contractors etc. should be informed of their incident reporting responsibilities. 11
  • 12. Different Exin programs EXIN, the Examination Institute for Information Science • global, independent IT examination • qualification programs for • ITSM20 based, on ISO/IEC 20000:2011 • Information Security, based on ISO/IEC 27002 • Cloud • ITIL®, • Green IT • MOF • ASL, • BiSL • Tmap • Prince 2 ® EXIN enables professionals and organizations to turn their skills into a reputation. www.exin.com 12
  • 13. EXIN’s Cloud program connection with security Cloud computing, EXIN’s exam requirements: 3.1 The candidate understands the security risks of Cloud computing and knows mitigating measures (10%) The candidate can: 3.1.1 Describe the essential elements of security in the cloud (Confidentiality, Integrity and Availability) 3.1.2 Describe the standard measures for authorized use (Authentication, Authorization and Accountability) 3.1.3 Describe the main security risks for the three types of virtualized environments 13
  • 14. EXIN’s ITSM20 connection with Information security Foundation level: … Information Security management 3.1.1 Describe the objectives and quality requirements of the delivery processes 3.1.2 Describe the best practices of the delivery processes 2.3 Associate level: 2.3.1 Identify risks 2.3.2 Define mitigating actions 2.3.3 Monitor risks 14
  • 15. EXIN’s security programs Foundation target group: • intended for everyone in the organization who is processing information • entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary • good start for new information security professionals. 15
  • 16. EXIN’s security programs ISFS Foundation exam Mastery level: 40 questions, 10% - Information and Security 60 minutes, in understanding The Concept of 10% - Approach and Organization Information Security Policy and Value of Information Security Organization Reliability Aspects Components of the 30% - Threats and Risks Security Organization Threat and Risk Incident Management The Relationships 40% - Measures between Threats, Importance of Measures Risks and the Physical Security Reliability of Information Technical Security Organizational Measures 10% Legislation and Regulations 16
  • 17. EXIN’s security programs Advance target group: Everyone involved in the implementation, evaluation and reporting of information security, such as: • Information Security Manager (ISM) • Information Security Officer (ISO) • Line Manager, • Process Manager • Project Manager. 17
  • 18. EXIN’s security programs ISMAS Advance exam Mastery level: 30 questions, 20% Security policy and plan 90 minutes, in analyzing Information security policy 10% - Standards … plan Application of standards 30% Organization of ISO/27001 & 27002 information security 15% - Compliance Design of information security Legislation and regulations Function (roles) Protection of personal 15% Risk analysis data • Classification of Agreements and contracts information & management of capital 10% Evaluation assets • Quick review 18 • Risk analysis method • Audit
  • 19. Exin’s security programs Expert level target group: IT professionals responsible for the partial or overall set up and development of structural information security • Chief Information Security Officer • Information Security Manager • Business Information Security Architect 19
  • 20. EXIN’s security programs ISO/IEC 27002 Qualification scheme 20
  • 21. EXIN’s security programs Context Wisdom Why? Knowledge How? Information Who, what, when, where? Understanding 21
  • 22. Different standards Governance Information security Information security Management system 27001 IT Service Code of practice 27002 management (control objectives) system Guidelines on people involvement and competence 10018, PCMMI … Auditing Auditing Auditing compliance compliance compliance 19001 27008:2011 27007 22
  • 23. Personal certifications ! People beyond the certification ! Understand why ! Reflect on the understanding, level by level ! Enthuse to know more, even if we are in a rapid-pace world ! Ask to inform others ! 23
  • 24. EXIN’s security programs Questions / exchange 24
  • 25. EXIN’s ITSM20 References http://www.iso27001security.com/ http://www.iso.org/iso/iso_catalogue.htm http://www.exin.com/NL/en/exams/ Milena Andrade, Regional Manager We turn skills into reputation Off: +55 11 3443 6270 Mob: +55 11 8786 1114 milena.andrade@exin.com Marc Taillefer, senior consultant Accredited trainer for EXIN’s Executive Manager/Consultant certification Accredited trainer for all of EXIN’s ISO/IEC 20000 and 27002 based courses marc@marc-taillefer.ca 25