SlideShare une entreprise Scribd logo

ISO 270001 Management Clause - 6

Télécharger en tant que PPTX, PDF
P
Pooja Soni

This presentation talks about the clause 6 which focuses on the organization of Information Security

Technologie
1  sur  14
iFour ConsultancyISMS Framework: Clause 6 – Organization of Information Security
 ISO 27001:2013 has classified the Organization of Information Security into: Clause A.6.1: Internal Organization Clause A.6.2: Mobile devices and Teleworking Organization of Information Security – ISMS Requirements ISO for Software Outsourcing Companies in India
 To establish a management framework to initiate and control the implementation operation of information security within the organization. Clause A.6.1: Internal Organization A.6.1.1 Information security roles and responsibilities A.6.1.2 Segregation of duties A.6.1.3 Contact with authorities A.6.1.4 Contact with special interest groups A.6.1.5 Information security in project management
Identification of the individual/individuals responsible for security of each information facility Clear definition and identification of assets and associated security controls for each information facility A.6.1.1 Information Security Roles and Responsibilities ISO for Software Outsourcing Companies in India • All information security responsibilities shall be defined and allocated.
A.6.1.2 Segregation of Duties The first is the prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. • Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets.
A.6.1.3 Contact with Authorities Specification of the manner and timing in which breaches shall be communicated to external authorities so as to ensure appropriate reporting Development of procedures, policies and contact lists that specify by whom and when external authorities should be contacted • Appropriate contacts with relevant authorities shall be maintained.
A.6.1.4 Contact with Special Interest Groups • Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.
A.6.1.5 Information Security in Project Management set out the basics of how information security should be considered as part of the overall framework of the project management with organization creation of “mini-ISMS” within the project to ensure that risks are identified and managed • Information security shall be addressed in project management, regardless of the type of the project.
 To ensure the security of teleworking and use of mobile devices. A.6.2 Mobile Devices and Teleworking A.6.2.1 Mobile Device Policy A.6.2.2 Teleworking Policy
A.6.2.1 Mobile Device Policy Regular data backups for stored sensitive data Physical security measures Secure communication methods for transmitted data such as Virtual Private Network Updates for operating system and other software updating Access control and appropriate user authentication (biometric-based) Cryptographic methods for sensitive data Protective software such as anti-virus and others
A.6.2.2 Teleworking Policy Environmental and physical security measures Policies concerning safety of private property used at the site Appropriate user access control and authentication Security measures for wireless and wired network configurations at the site Cryptographic techniques for communications from/to the site and data storage Data backup at regular intervals and security measures for those backup copies
 https://spaces.internet2.edu/display/2014infosecurityguide/Asset+Management  http://it.med.miami.edu/x2227.xml  http://it.med.miami.edu/x1771.xml  https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja& uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.com  http://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it- security.html References ISO for Software Outsourcing Companies in India
Visit our websites :  http://www.ifour-consultancy.com  http://www.ifourtechnolab.com For more details : ISO for Software Outsourcing Companies in India
ISO 270001 Management Clause - 6

Recommandé

Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...iFour Consultancy
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...iFour Consultancy
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...iFour Consultancy
 
Comparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkComparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkPooja Soni
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaiFour Consultancy
 
A18 compliance
A18 complianceA18 compliance
A18 complianceifourkhushbooshah
 

Recommandé

Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...
Iso 27001 control a.12.1,a.12.2 & a.12.3 - by software outsourcing company in...iFour Consultancy
 
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...
ISO 27001 2013 A12 Operations Security Part 2 - by Software development compa...iFour Consultancy
 
Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...Iso 27001 control a.7.2 – during employment - by software outsourcing company...
Iso 27001 control a.7.2 – during employment - by software outsourcing company...iFour Consultancy
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...iFour Consultancy
 
Comparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkComparision of ISO with NIST and COBIT framework
Comparision of ISO with NIST and COBIT frameworkPooja Soni
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
Control a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaControl a.18 compliance - by software outsourcing company in India
Control a.18 compliance - by software outsourcing company in IndiaiFour Consultancy
 
A18 compliance
A18 complianceA18 compliance
A18 complianceifourkhushbooshah
 
ISO 27001 management clause 7 support - by software development company in india
ISO 27001 management clause 7 support - by software development company in indiaISO 27001 management clause 7 support - by software development company in india
ISO 27001 management clause 7 support - by software development company in indiaiFour Consultancy
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaiFour Consultancy
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 

Contenu connexe

Tendances

ISO 27001 management clause 7 support - by software development company in india
ISO 27001 management clause 7 support - by software development company in indiaISO 27001 management clause 7 support - by software development company in india
ISO 27001 management clause 7 support - by software development company in indiaiFour Consultancy
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaiFour Consultancy
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 

Tendances (20)

ISO 27001 management clause 7 support - by software development company in india
ISO 27001 management clause 7 support - by software development company in indiaISO 27001 management clause 7 support - by software development company in india
ISO 27001 management clause 7 support - by software development company in india
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to security
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Training
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
IS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in indiaIS Audit Checklist- by Software development company in india
IS Audit Checklist- by Software development company in india
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 

Similaire à ISO 270001 Management Clause - 6

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Jerimi Soma
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesNowSecure
 
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfMicrosoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfVipulKumar221864
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIskcon Ahmedabad
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & complianceVandana Verma
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirementshumanus2
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxadampcarr67227
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Under Controls
 

Similaire à ISO 270001 Management Clause - 6 (20)

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
Personally Identifiable Information (ISO27701) on cloud and PCI DSS Conformit...
 
Solving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial servicesSolving for Compliance: Mobile app security for banking and financial services
Solving for Compliance: Mobile app security for banking and financial services
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
AnnexIX1302.pdf
AnnexIX1302.pdfAnnexIX1302.pdf
AnnexIX1302.pdf
 
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdfMicrosoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
Microsoft_Cyber_Offerings_Mapped_to_Security_Frameworks_EN_US.pdf
 
Iso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consultingIso 27001 2005- by netpeckers consulting
Iso 27001 2005- by netpeckers consulting
 
Security audits & compliance
Security audits & complianceSecurity audits & compliance
Security audits & compliance
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
 
ISMS Requirements
ISMS RequirementsISMS Requirements
ISMS Requirements
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docxHomework AssignmentShort Answer Responses.1. Describe the fiv.docx
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 

Dernier

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

ISO 270001 Management Clause - 6

  • 1. iFour ConsultancyISMS Framework: Clause 6 – Organization of Information Security
  • 2.  ISO 27001:2013 has classified the Organization of Information Security into: Clause A.6.1: Internal Organization Clause A.6.2: Mobile devices and Teleworking Organization of Information Security – ISMS Requirements ISO for Software Outsourcing Companies in India
  • 3.  To establish a management framework to initiate and control the implementation operation of information security within the organization. Clause A.6.1: Internal Organization A.6.1.1 Information security roles and responsibilities A.6.1.2 Segregation of duties A.6.1.3 Contact with authorities A.6.1.4 Contact with special interest groups A.6.1.5 Information security in project management
  • 4. Identification of the individual/individuals responsible for security of each information facility Clear definition and identification of assets and associated security controls for each information facility A.6.1.1 Information Security Roles and Responsibilities ISO for Software Outsourcing Companies in India • All information security responsibilities shall be defined and allocated.
  • 5. A.6.1.2 Segregation of Duties The first is the prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors. The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls. • Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets.
  • 6. A.6.1.3 Contact with Authorities Specification of the manner and timing in which breaches shall be communicated to external authorities so as to ensure appropriate reporting Development of procedures, policies and contact lists that specify by whom and when external authorities should be contacted • Appropriate contacts with relevant authorities shall be maintained.
  • 7. A.6.1.4 Contact with Special Interest Groups • Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.
  • 8. A.6.1.5 Information Security in Project Management set out the basics of how information security should be considered as part of the overall framework of the project management with organization creation of “mini-ISMS” within the project to ensure that risks are identified and managed • Information security shall be addressed in project management, regardless of the type of the project.
  • 9.  To ensure the security of teleworking and use of mobile devices. A.6.2 Mobile Devices and Teleworking A.6.2.1 Mobile Device Policy A.6.2.2 Teleworking Policy
  • 10. A.6.2.1 Mobile Device Policy Regular data backups for stored sensitive data Physical security measures Secure communication methods for transmitted data such as Virtual Private Network Updates for operating system and other software updating Access control and appropriate user authentication (biometric-based) Cryptographic methods for sensitive data Protective software such as anti-virus and others
  • 11. A.6.2.2 Teleworking Policy Environmental and physical security measures Policies concerning safety of private property used at the site Appropriate user access control and authentication Security measures for wireless and wired network configurations at the site Cryptographic techniques for communications from/to the site and data storage Data backup at regular intervals and security measures for those backup copies
  • 12.  https://spaces.internet2.edu/display/2014infosecurityguide/Asset+Management  http://it.med.miami.edu/x2227.xml  http://it.med.miami.edu/x1771.xml  https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja& uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.com  http://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it- security.html References ISO for Software Outsourcing Companies in India
  • 13. Visit our websites :  http://www.ifour-consultancy.com  http://www.ifourtechnolab.com For more details : ISO for Software Outsourcing Companies in India

Notes de l'éditeur

  1. ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com http://www.ifourtechnolab.com
  2. ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com http://www.ifourtechnolab.com
  3. ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com http://www.ifourtechnolab.com
  4. ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com http://www.ifourtechnolab.com
  5. ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com http://www.ifourtechnolab.com