SlideShare une entreprise Scribd logo

ISO 27001 2002 Update Webinar.pdf

ControlCase
ControlCase

ISO 27001:2002 Update Webinar by ControlCase.

Internet
1  sur  31
Télécharger pour lire hors ligne
WEBINAR: ISO 27001:2022 UPDATE Presented by: Ricardo Pardo, Controlcase Partner SOC & ISO Kishor Vaswani, ControlCase Chief Strategy Officer
Agenda © ControlCase. All Rights Reserved. 2 A. Introduction to ControlCase B. Overview of the ISO Family of Standards C. What are the updates to 27001:2022? 1. Revision Update 2. Summary of Changes 3. Timelines 4. Impact of the changes D. Q&A
A. © 2020 ControlCase. All Rights Reserved. 3 ControlCase Introduction
ControlCase Snapshot CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. © 2020 ControlCase. All Rights Reserved. 4 • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 300+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution © ControlCase. All Rights Reserved. 5 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
Certification Services One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 6 “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST CSF Risk Assessment PCI PIN PCI PA-DSS FedRAMP PCI 3DS
OVERVIEW OF THE ISO FAMILY OF STANDARDS B. © ControlCase. All Rights Reserved. 7
What is ISO 27001? © ControlCase. All Rights Reserved. 8 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ISO/IEC 27001 (WIDELY KNOWN AS ISO 27001) IS PART OF THE ISO/IEC 27000 FAMILY OF STANDARDS Focused on information security and enabling organizations to manage security assets. ISO 27001 provides the requirements for an Information Security Management System (ISMS). Takes a risk-based approach to managing information security.
ISO 27001 vs ISO 27002 © ControlCase. All Rights Reserved. 9 • ISO 27001 is the central framework of the ISO 27000 series relating to information security management. • Lists each aspect required for the ISMS. • ISO 27001 contains implementation requirements for an ISMS. • ISO 27001 is a certification. 27001 27002 • ISO 27002 is a supplementary standard that focuses on the information security controls that organizations might choose to implement. • Addresses information security controls only • ISO 27002 is not a certification
What is ISO 27701? © ControlCase. All Rights Reserved. 10 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002 and provides additional guidance for the protection of privacy, which is potentially affected by the collection and processing of personal information.
What is ISO 27017 and 27018? © ControlCase. All Rights Reserved. 11 Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services. 27017 27018 Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. • Both are add-on extensions of the ISO 27001 standard. • All of the clauses and annexures apply the same as the main 27001. • You cannot perform either of these without the 27001. • An accrediting body cannot performed these if they have not performed the 27001 assessment
What is an ISMS? An ISMS (Information Security Management Systems) is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. © ControlCase. All Rights Reserved. 12
Compliance vs Certification © ControlCase. All Rights Reserved. 13 ISO 27001 COMPLIANT Means the organization follows the ISO 27001 standard. ISO 27001 CERTIFIED Means the organization’s ISO 27001 Information Security Management System has been certified in compliance with the standard by auditors known as Certification Bodies.
Who Needs ISO 27001 Certification? Any organization that wishes or is required to formalise and improve business processes around information security, privacy and securing its information assets. The size/turnover of a business does not dictate the need for ISO 27001. © ControlCase. All Rights Reserved. 14
Privacy Add-on Assessment (ISO 27701) © ControlCase. All Rights Reserved. 15 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • Additional assessment time required. • Depends on the entity being a PII controller or PII processor or both. PII CONTROLLER • Covers areas like contracts and obligations to consumer. • Covers retention and disposal objectives. PII PROCESSOR • Covers areas such as marketing and advertising use. • Covers inter-organization and inter-country rules of PII.
How Often Do You Need ISO 27001? © ControlCase. All Rights Reserved. 16 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ISO Certification is valid for 3 years. Surveillance audits are required in year 2 and year 3.
Certification Methodology – YEAR 1 © ControlCase. All Rights Reserved. 17 ITERATIVE PRE-ASSESSMENT ISO STAGE 1 AUDIT ISO STAGE 2 AUDIT DELIVERABLES • Consolidated Pre-Assessment • Evaluation of policies and procedures. • Multiple rounds of assessment before Stage 1 and Stage 2 Audit. Onsite/ Remote Average of 4 days Onsite/ Remote Average of 6 days • ISO 27001 Certificate issued • Extension Documents Released PHASE PHASE 3 1 2 PHASE Minimum 10 days between Stage 1 – 2 2A 2B AVERAGE TIMELINE FOR PHASE 1 – 3 IS 6 MONTHS
ISO Surveillance Audits – YEAR 2 and YEAR 3 © ControlCase. All Rights Reserved. 18 ISO 27001 REQUIRES THAT SURVEILLANCE AUDITS BE COMPLETED FOR YEAR 2 AND YEAR 3. Surveillance audits are mini audits assessing the certified client's management system’s is still compliant to ISO 27001. Surveillance audits are not full system audits.
General Compliance Challenges © ControlCase. All Rights Reserved. 19 Takes people away from their core responsibilities Proving and maintaining compliance places a significant burden on organizations. Strains already taxed resources ORGANIZATIONS STRUGGLE WITH: Dealing with multiple regulations. Keeping up with changing regulations and compliance requirements. Understanding and translating compliance frameworks. The lack of visibility into their compliance posture. The time spent preparing for audits. TRADITIONAL AUDITOR’S CHECKLIST APPROACH ISN’T ENOUGH.
Common Challenges to ISO 27001/27701 Business Associate Vulnerability Management Logging & Monitoring Encryption PII Policies & Training • Agreements to be formalized • Vendor management process • Periodic vulnerability management • Patching devices • Application code rewrite • 24X7X365 monitoring • Managing volume of logs • Encryption of PII • Annual training • Documented PII policies and procedures © ControlCase. All Rights Reserved. 20
WHAT ARE THE UPDATES TO 27001:2022? C. © ControlCase. All Rights Reserved. 21
What are the updates to 27001:2022 © ControlCase. All Rights Reserved. 22 No major changes to ISO 27001: 2013 Mandatory Clauses 4 to 10. The Security Controls contained in Annex A have decreased from 114 to 93. Controls (ISO 27002:2022) are now grouped in 4 main domains (instead of the previous 14) and are tagged for easier reference and use. • Organizational Controls • People Controls • Physical Controls • Technological Controls New controls have been introduced, while none of the controls were deleted, many controls were merged, thereby reducing the overall number. SUMMARY OF CHANGES
Four Domains for ISO 27002:2022 © ControlCase. All Rights Reserved. 23 ORGANIZATIONAL CONTROLS PEOPLE CONTROLS PHYSICAL CONTROLS TECHNOLOGICAL CONTROLS
What are the Control Updates to 27002:2022 © ControlCase. All Rights Reserved. 24 Threat intelligence Physical security monitoring Data masking Web filtering Information security for the use of cloud services Configuration management Data leakage prevention Secure coding ICT readiness for business continuity Information deletion Monitoring activities
ISO 27002: Organizational Controls Policies for information security Return of assets Addressing information security within supplier agreements Information security during disruption Segregation of duties Classification of information Managing information security in the ICT supply chain ICT readiness for business continuity (new) Management responsibilities Labelling of information Monitoring, review and change management of supplier services Legal, statutory, regulatory, and contractual requirements Contact with authorities Information transfer Information security for use of cloud services (new) Intellectual property rights Contact with special interest groups Access control Information security incident management planning and preparation Protection of records Threat intelligence (new) Identity management Assessment and decision on information security events Privacy and protection of PII Information security in project management Authentication information Response to information security incidents Independent review of information security Inventory of information and other associated assets Access rights Learning from information security incidents Compliance with policies, rules and standards for information security Acceptable use of information and other associated assets Information security in supplier relationships Collection of evidence Documented operating procedures © ControlCase. All Rights Reserved. 25
ISO 27002: Physical Controls Physical security perimeters Securing offices, rooms and facilities Physical security monitoring (new) Protecting against physical and environmental threats Working in secure areas Clear desk and clear screen Equipment siting and protection Security of assets off-premises Storage media Supporting utilities Cabling security Equipment maintenance Secure disposal or re-use of equipment © ControlCase. All Rights Reserved. 26
Control 7.14: Secure disposal or re-use of equipment (example) © ControlCase. All Rights Reserved. 27
Adoption Timeline © ControlCase. All Rights Reserved. 28 Any ISO 27001 audit that happens after Oct 2025 must be against the new version. Companies can voluntarily choose to certify against the ISO 27002:2022 revision with ControlCase in mid 2023.
Next Steps © ControlCase. All Rights Reserved. 29 Companies should review their risk register and the applied risk treatments to ensure alignment with the revised standard. Update the Statement of Applicability (SoA) to align with the updated Annex A. Review and update your documentation, including policies and procedures to meet the new controls Get audited against the new ISO 27001:2022 standard using a certified auditor such as ControlCase Step 1 Step 2 Step 3 Step 4
Q & A D. © ControlCase. All Rights Reserved. 30
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download ISO 27001 Compliance Checklist ISO 27001 Compliance Blog Schedule ISO 27001 Compliance Discussion

Recommandé

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
Obrina Candra, CISA, ISMS-LA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 

Recommandé

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
Obrina Candra, CISA, ISMS-LA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
Akhil Garg
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
acinfotec
 

Contenu connexe

Tendances

NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
PECB
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 

Tendances (20)

27001.pptx
27001.pptx27001.pptx
27001.pptx
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 

Similaire à ISO 27001 2002 Update Webinar.pdf

Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 

Similaire à ISO 27001 2002 Update Webinar.pdf (20)

ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
A Comprehensive Guide To Information Security Excellence ISO 27001 Certificat...
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
 
Achieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdfAchieving ISO 27001 Certification.pdf
Achieving ISO 27001 Certification.pdf
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
Information security management system ISMS
Information security management system ISMSInformation security management system ISMS
Information security management system ISMS
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedSoc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-converted
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 

Plus de ControlCase

Plus de ControlCase (20)

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 

Dernier

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Delhi Call girls
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
soniya singh
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Sheetaleventcompany
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 

Dernier (20)

Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 

ISO 27001 2002 Update Webinar.pdf

  • 1. WEBINAR: ISO 27001:2022 UPDATE Presented by: Ricardo Pardo, Controlcase Partner SOC & ISO Kishor Vaswani, ControlCase Chief Strategy Officer
  • 2. Agenda © ControlCase. All Rights Reserved. 2 A. Introduction to ControlCase B. Overview of the ISO Family of Standards C. What are the updates to 27001:2022? 1. Revision Update 2. Summary of Changes 3. Timelines 4. Impact of the changes D. Q&A
  • 3. A. © 2020 ControlCase. All Rights Reserved. 3 ControlCase Introduction
  • 4. ControlCase Snapshot CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. © 2020 ControlCase. All Rights Reserved. 4 • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 300+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 5. Solution © ControlCase. All Rights Reserved. 5 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
  • 6. Certification Services One Audit™ Assess Once. Comply to Many. © 2020 ControlCase. All Rights Reserved. 6 “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST CSF Risk Assessment PCI PIN PCI PA-DSS FedRAMP PCI 3DS
  • 7. OVERVIEW OF THE ISO FAMILY OF STANDARDS B. © ControlCase. All Rights Reserved. 7
  • 8. What is ISO 27001? © ControlCase. All Rights Reserved. 8 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ISO/IEC 27001 (WIDELY KNOWN AS ISO 27001) IS PART OF THE ISO/IEC 27000 FAMILY OF STANDARDS Focused on information security and enabling organizations to manage security assets. ISO 27001 provides the requirements for an Information Security Management System (ISMS). Takes a risk-based approach to managing information security.
  • 9. ISO 27001 vs ISO 27002 © ControlCase. All Rights Reserved. 9 • ISO 27001 is the central framework of the ISO 27000 series relating to information security management. • Lists each aspect required for the ISMS. • ISO 27001 contains implementation requirements for an ISMS. • ISO 27001 is a certification. 27001 27002 • ISO 27002 is a supplementary standard that focuses on the information security controls that organizations might choose to implement. • Addresses information security controls only • ISO 27002 is not a certification
  • 10. What is ISO 27701? © ControlCase. All Rights Reserved. 10 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ISO/IEC 27701 is a privacy extension to ISO/IEC 27001 and ISO/IEC 27002 and provides additional guidance for the protection of privacy, which is potentially affected by the collection and processing of personal information.
  • 11. What is ISO 27017 and 27018? © ControlCase. All Rights Reserved. 11 Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services. 27017 27018 Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. • Both are add-on extensions of the ISO 27001 standard. • All of the clauses and annexures apply the same as the main 27001. • You cannot perform either of these without the 27001. • An accrediting body cannot performed these if they have not performed the 27001 assessment
  • 12. What is an ISMS? An ISMS (Information Security Management Systems) is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. © ControlCase. All Rights Reserved. 12
  • 13. Compliance vs Certification © ControlCase. All Rights Reserved. 13 ISO 27001 COMPLIANT Means the organization follows the ISO 27001 standard. ISO 27001 CERTIFIED Means the organization’s ISO 27001 Information Security Management System has been certified in compliance with the standard by auditors known as Certification Bodies.
  • 14. Who Needs ISO 27001 Certification? Any organization that wishes or is required to formalise and improve business processes around information security, privacy and securing its information assets. The size/turnover of a business does not dictate the need for ISO 27001. © ControlCase. All Rights Reserved. 14
  • 15. Privacy Add-on Assessment (ISO 27701) © ControlCase. All Rights Reserved. 15 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • Additional assessment time required. • Depends on the entity being a PII controller or PII processor or both. PII CONTROLLER • Covers areas like contracts and obligations to consumer. • Covers retention and disposal objectives. PII PROCESSOR • Covers areas such as marketing and advertising use. • Covers inter-organization and inter-country rules of PII.
  • 16. How Often Do You Need ISO 27001? © ControlCase. All Rights Reserved. 16 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ISO Certification is valid for 3 years. Surveillance audits are required in year 2 and year 3.
  • 17. Certification Methodology – YEAR 1 © ControlCase. All Rights Reserved. 17 ITERATIVE PRE-ASSESSMENT ISO STAGE 1 AUDIT ISO STAGE 2 AUDIT DELIVERABLES • Consolidated Pre-Assessment • Evaluation of policies and procedures. • Multiple rounds of assessment before Stage 1 and Stage 2 Audit. Onsite/ Remote Average of 4 days Onsite/ Remote Average of 6 days • ISO 27001 Certificate issued • Extension Documents Released PHASE PHASE 3 1 2 PHASE Minimum 10 days between Stage 1 – 2 2A 2B AVERAGE TIMELINE FOR PHASE 1 – 3 IS 6 MONTHS
  • 18. ISO Surveillance Audits – YEAR 2 and YEAR 3 © ControlCase. All Rights Reserved. 18 ISO 27001 REQUIRES THAT SURVEILLANCE AUDITS BE COMPLETED FOR YEAR 2 AND YEAR 3. Surveillance audits are mini audits assessing the certified client's management system’s is still compliant to ISO 27001. Surveillance audits are not full system audits.
  • 19. General Compliance Challenges © ControlCase. All Rights Reserved. 19 Takes people away from their core responsibilities Proving and maintaining compliance places a significant burden on organizations. Strains already taxed resources ORGANIZATIONS STRUGGLE WITH: Dealing with multiple regulations. Keeping up with changing regulations and compliance requirements. Understanding and translating compliance frameworks. The lack of visibility into their compliance posture. The time spent preparing for audits. TRADITIONAL AUDITOR’S CHECKLIST APPROACH ISN’T ENOUGH.
  • 20. Common Challenges to ISO 27001/27701 Business Associate Vulnerability Management Logging & Monitoring Encryption PII Policies & Training • Agreements to be formalized • Vendor management process • Periodic vulnerability management • Patching devices • Application code rewrite • 24X7X365 monitoring • Managing volume of logs • Encryption of PII • Annual training • Documented PII policies and procedures © ControlCase. All Rights Reserved. 20
  • 21. WHAT ARE THE UPDATES TO 27001:2022? C. © ControlCase. All Rights Reserved. 21
  • 22. What are the updates to 27001:2022 © ControlCase. All Rights Reserved. 22 No major changes to ISO 27001: 2013 Mandatory Clauses 4 to 10. The Security Controls contained in Annex A have decreased from 114 to 93. Controls (ISO 27002:2022) are now grouped in 4 main domains (instead of the previous 14) and are tagged for easier reference and use. • Organizational Controls • People Controls • Physical Controls • Technological Controls New controls have been introduced, while none of the controls were deleted, many controls were merged, thereby reducing the overall number. SUMMARY OF CHANGES
  • 23. Four Domains for ISO 27002:2022 © ControlCase. All Rights Reserved. 23 ORGANIZATIONAL CONTROLS PEOPLE CONTROLS PHYSICAL CONTROLS TECHNOLOGICAL CONTROLS
  • 24. What are the Control Updates to 27002:2022 © ControlCase. All Rights Reserved. 24 Threat intelligence Physical security monitoring Data masking Web filtering Information security for the use of cloud services Configuration management Data leakage prevention Secure coding ICT readiness for business continuity Information deletion Monitoring activities
  • 25. ISO 27002: Organizational Controls Policies for information security Return of assets Addressing information security within supplier agreements Information security during disruption Segregation of duties Classification of information Managing information security in the ICT supply chain ICT readiness for business continuity (new) Management responsibilities Labelling of information Monitoring, review and change management of supplier services Legal, statutory, regulatory, and contractual requirements Contact with authorities Information transfer Information security for use of cloud services (new) Intellectual property rights Contact with special interest groups Access control Information security incident management planning and preparation Protection of records Threat intelligence (new) Identity management Assessment and decision on information security events Privacy and protection of PII Information security in project management Authentication information Response to information security incidents Independent review of information security Inventory of information and other associated assets Access rights Learning from information security incidents Compliance with policies, rules and standards for information security Acceptable use of information and other associated assets Information security in supplier relationships Collection of evidence Documented operating procedures © ControlCase. All Rights Reserved. 25
  • 26. ISO 27002: Physical Controls Physical security perimeters Securing offices, rooms and facilities Physical security monitoring (new) Protecting against physical and environmental threats Working in secure areas Clear desk and clear screen Equipment siting and protection Security of assets off-premises Storage media Supporting utilities Cabling security Equipment maintenance Secure disposal or re-use of equipment © ControlCase. All Rights Reserved. 26
  • 27. Control 7.14: Secure disposal or re-use of equipment (example) © ControlCase. All Rights Reserved. 27
  • 28. Adoption Timeline © ControlCase. All Rights Reserved. 28 Any ISO 27001 audit that happens after Oct 2025 must be against the new version. Companies can voluntarily choose to certify against the ISO 27002:2022 revision with ControlCase in mid 2023.
  • 29. Next Steps © ControlCase. All Rights Reserved. 29 Companies should review their risk register and the applied risk treatments to ensure alignment with the revised standard. Update the Statement of Applicability (SoA) to align with the updated Annex A. Review and update your documentation, including policies and procedures to meet the new controls Get audited against the new ISO 27001:2022 standard using a certified auditor such as ControlCase Step 1 Step 2 Step 3 Step 4
  • 30. Q & A D. © ControlCase. All Rights Reserved. 30
  • 31. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download ISO 27001 Compliance Checklist ISO 27001 Compliance Blog Schedule ISO 27001 Compliance Discussion