SlideShare une entreprise Scribd logo

ISO 27001 - information security user awareness training presentation -part 2

Télécharger en tant que PPTX, PDF
T
Tanmay Shinde

ISO 27001 - information security user awareness training presentation -part 2.

1  sur  17
iFour Consultancy Security awareness seminar An introduction to ISO27k Part 2
Agenda  Security incidents cause  What is risk?  Risk relationships  Threat agent  Motive  Threat type and Example  Compliance  Objectives of Compliance  SOX  Where SOX is Applicable  BASEL II http://www.ifour-consultancy.com Software outsourcing company in India
Security incidents cause • IT downtime, business interruption • Financial losses and costs • Devaluation of intellectual property • Breaking laws and regulations, leading to prosecutions, fines and penalties • Reputation and brand damage leading to loss of customer, market, business partner or owners’ confidence and lost business • Fear, uncertainty and doubt http://www.ifour-consultancy.com Software outsourcing company in India
What is risk? • Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization • Threat: something that might cause harm • Vulnerability: a weakness that might be exploited • Impact: financial damage etc. http://www.ifour-consultancy.com Software outsourcing company in India
Risk relationships http://www.ifour-consultancy.com Software outsourcing company in India
Threat agent The actor that represents, carries out or catalyzes the threat • Human • Machine • Nature http://www.ifour-consultancy.com Software outsourcing company in India
Motive • Something that causes the threat agent to act • Implies intentional/deliberate attacks but some are accidental http://www.ifour-consultancy.com Software outsourcing company in India
Threat type and Example http://www.ifour-consultancy.com Software outsourcing company in India
So how do we secure our information assets? http://www.ifour-consultancy.com Software outsourcing company in India 9
Compliance What is Compliance? Act or process of meeting specific standards with a desire, demand or proposal Compliance represents following in detail set of laws Regulations Rules Practices The role of the compliance in banks is to ensure that the rules/ regulations are appropriately incorporated in bank’s internal processes and that each functionary, right from the top to the bottom, appreciates the value of compliance http://www.ifour-consultancy.com Software outsourcing company in India
Compliance Internal compliance Banking Compliance Internal Policies Applicable to all employeesank Regulatory & Legal Compliance Laws and Standards Applicable to the bank as a whole http://www.ifour-consultancy.com Software outsourcing company in India
Objectives of Compliance Prudential—to reduce the level of risk to which clients are exposed Systemic risk reduction—to reduce the risk of disruption Avoid misuse of system—to reduce the risk of system being used for criminal purposes To protect confidentiality It may also include rules about treating customers fairly and having corporate social responsibility (CSR) http://www.ifour-consultancy.com Software outsourcing company in India
Objectives of Compliance Ensures orderliness Preventing chaos in systems Dedicated framework for overseeing the implementation of directions/guidelines issued by the Regulator/supervisor Ensure that there is a process to promptly respond to and redress the anomalies http://www.ifour-consultancy.com Software outsourcing company in India
SOX SOX: Sarbanes–Oxley Act also known as “Corporate and Auditing Accountability and Responsibility Act” SOX, is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms Act Contains 11 Sections and Major Elements Corporate board responsibilities to criminal penalties, Auditor independence, Corporate governance, Fraud and Enhanced financial disclosure http://www.ifour-consultancy.com Software outsourcing company in India
Where SOX is Applicable • (a) All public companies in the US • (b) international companies that have registered equity or debt securities with SEC • The Accounting firms that provide auditing services to (a) and (b) • It does not apply to privately companies • Act is administered by the Securities and Exchange Commission (SEC) • SEC deals with compliance, rules and requirements • The Act also created The Public Company Accounting Oversight Board (PCAOB) http://www.ifour-consultancy.com Software outsourcing company in India
BASEL II “A set of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates finance and banking internationally.” http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India

Recommandé

ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 

Recommandé

ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 

Contenu connexe

Tendances

NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 

Tendances (20)

ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 

En vedette

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
ISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the OrganisationISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the OrganisationRobert Clements
 
Security Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaSecurity Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaAtlantic Training, LLC.
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Computer Malware
Computer MalwareComputer Malware
Computer Malwareaztechtchr
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 

En vedette (17)

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
ISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the OrganisationISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the Organisation
 
Security Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaSecurity Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by Pedraza
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 

Similaire à ISO 27001 - information security user awareness training presentation -part 2

Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentationlucydavidson
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...South Tyrol Free Software Conference
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010simongreaves
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowNarola Infotech
 
LexComply - Regulatory compliance and Risk Management Software
LexComply - Regulatory compliance and Risk Management SoftwareLexComply - Regulatory compliance and Risk Management Software
LexComply - Regulatory compliance and Risk Management SoftwareLexComply
 
Berkeley publisher and Compliance
Berkeley publisher and ComplianceBerkeley publisher and Compliance
Berkeley publisher and ComplianceBerkeley Bridge
 
Software Asset Management Power Point For Employers W Presentation Notes
Software Asset Management Power Point For Employers W Presentation NotesSoftware Asset Management Power Point For Employers W Presentation Notes
Software Asset Management Power Point For Employers W Presentation Notesguest78023a
 
FircoSoft Company Overview
FircoSoft Company OverviewFircoSoft Company Overview
FircoSoft Company OverviewFircoSoft
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
Corporate Complience Management : A Risk Management
Corporate Complience Management : A Risk ManagementCorporate Complience Management : A Risk Management
Corporate Complience Management : A Risk ManagementPavan Kumar Vijay
 
Software Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsSoftware Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsEric Chiu
 
India’s Most Comprehensive Compliance Management software
India’s Most Comprehensive Compliance Management softwareIndia’s Most Comprehensive Compliance Management software
India’s Most Comprehensive Compliance Management softwareLexComply
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Simpliance - Simple Beautiful Effective Compliance
Simpliance - Simple Beautiful Effective ComplianceSimpliance - Simple Beautiful Effective Compliance
Simpliance - Simple Beautiful Effective ComplianceMudit Bhalla
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...iFour Consultancy
 

Similaire à ISO 27001 - information security user awareness training presentation -part 2 (20)

Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentation
 
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
SFScon 2020 - Luisa Romano - Cybersecurity Managers Liability and Use of Open...
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
LexComply - Regulatory compliance and Risk Management Software
LexComply - Regulatory compliance and Risk Management SoftwareLexComply - Regulatory compliance and Risk Management Software
LexComply - Regulatory compliance and Risk Management Software
 
Berkeley publisher and Compliance
Berkeley publisher and ComplianceBerkeley publisher and Compliance
Berkeley publisher and Compliance
 
Software Asset Management Power Point For Employers W Presentation Notes
Software Asset Management Power Point For Employers W Presentation NotesSoftware Asset Management Power Point For Employers W Presentation Notes
Software Asset Management Power Point For Employers W Presentation Notes
 
Lawrbit Global Regulatory Intelligence
Lawrbit Global Regulatory IntelligenceLawrbit Global Regulatory Intelligence
Lawrbit Global Regulatory Intelligence
 
FircoSoft Company Overview
FircoSoft Company OverviewFircoSoft Company Overview
FircoSoft Company Overview
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
Corporate Complience Management : A Risk Management
Corporate Complience Management : A Risk ManagementCorporate Complience Management : A Risk Management
Corporate Complience Management : A Risk Management
 
Software Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsSoftware Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival Benefits
 
India’s Most Comprehensive Compliance Management software
India’s Most Comprehensive Compliance Management softwareIndia’s Most Comprehensive Compliance Management software
India’s Most Comprehensive Compliance Management software
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
Simpliance - Simple Beautiful Effective Compliance
Simpliance - Simple Beautiful Effective ComplianceSimpliance - Simple Beautiful Effective Compliance
Simpliance - Simple Beautiful Effective Compliance
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next auditCompliance in the mobile enterprise: 5 tips to prepare for your next audit
Compliance in the mobile enterprise: 5 tips to prepare for your next audit
 
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
ISO 27001 2013 Clause 4 - context of an organization - by Software developmen...
 
Intredex trade compliance solutions
Intredex trade compliance solutionsIntredex trade compliance solutions
Intredex trade compliance solutions
 

ISO 27001 - information security user awareness training presentation -part 2

  • 1. iFour Consultancy Security awareness seminar An introduction to ISO27k Part 2
  • 2. Agenda  Security incidents cause  What is risk?  Risk relationships  Threat agent  Motive  Threat type and Example  Compliance  Objectives of Compliance  SOX  Where SOX is Applicable  BASEL II http://www.ifour-consultancy.com Software outsourcing company in India
  • 3. Security incidents cause • IT downtime, business interruption • Financial losses and costs • Devaluation of intellectual property • Breaking laws and regulations, leading to prosecutions, fines and penalties • Reputation and brand damage leading to loss of customer, market, business partner or owners’ confidence and lost business • Fear, uncertainty and doubt http://www.ifour-consultancy.com Software outsourcing company in India
  • 4. What is risk? • Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization • Threat: something that might cause harm • Vulnerability: a weakness that might be exploited • Impact: financial damage etc. http://www.ifour-consultancy.com Software outsourcing company in India
  • 5. Risk relationships http://www.ifour-consultancy.com Software outsourcing company in India
  • 6. Threat agent The actor that represents, carries out or catalyzes the threat • Human • Machine • Nature http://www.ifour-consultancy.com Software outsourcing company in India
  • 7. Motive • Something that causes the threat agent to act • Implies intentional/deliberate attacks but some are accidental http://www.ifour-consultancy.com Software outsourcing company in India
  • 8. Threat type and Example http://www.ifour-consultancy.com Software outsourcing company in India
  • 9. So how do we secure our information assets? http://www.ifour-consultancy.com Software outsourcing company in India 9
  • 10. Compliance What is Compliance? Act or process of meeting specific standards with a desire, demand or proposal Compliance represents following in detail set of laws Regulations Rules Practices The role of the compliance in banks is to ensure that the rules/ regulations are appropriately incorporated in bank’s internal processes and that each functionary, right from the top to the bottom, appreciates the value of compliance http://www.ifour-consultancy.com Software outsourcing company in India
  • 11. Compliance Internal compliance Banking Compliance Internal Policies Applicable to all employeesank Regulatory & Legal Compliance Laws and Standards Applicable to the bank as a whole http://www.ifour-consultancy.com Software outsourcing company in India
  • 12. Objectives of Compliance Prudential—to reduce the level of risk to which clients are exposed Systemic risk reduction—to reduce the risk of disruption Avoid misuse of system—to reduce the risk of system being used for criminal purposes To protect confidentiality It may also include rules about treating customers fairly and having corporate social responsibility (CSR) http://www.ifour-consultancy.com Software outsourcing company in India
  • 13. Objectives of Compliance Ensures orderliness Preventing chaos in systems Dedicated framework for overseeing the implementation of directions/guidelines issued by the Regulator/supervisor Ensure that there is a process to promptly respond to and redress the anomalies http://www.ifour-consultancy.com Software outsourcing company in India
  • 14. SOX SOX: Sarbanes–Oxley Act also known as “Corporate and Auditing Accountability and Responsibility Act” SOX, is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms Act Contains 11 Sections and Major Elements Corporate board responsibilities to criminal penalties, Auditor independence, Corporate governance, Fraud and Enhanced financial disclosure http://www.ifour-consultancy.com Software outsourcing company in India
  • 15. Where SOX is Applicable • (a) All public companies in the US • (b) international companies that have registered equity or debt securities with SEC • The Accounting firms that provide auditing services to (a) and (b) • It does not apply to privately companies • Act is administered by the Securities and Exchange Commission (SEC) • SEC deals with compliance, rules and requirements • The Act also created The Public Company Accounting Oversight Board (PCAOB) http://www.ifour-consultancy.com Software outsourcing company in India
  • 16. BASEL II “A set of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates finance and banking internationally.” http://www.ifour-consultancy.com Software outsourcing company in India

Notes de l'éditeur

  1. Software outsourcing company in India
  2. Software outsourcing company in India
  3. Software outsourcing company in India
  4. Software outsourcing company in India
  5. Software outsourcing company in India
  6. Software outsourcing company in India
  7. Software outsourcing company in India
  8. Software outsourcing company in India
  9. Software outsourcing company in India
  10. Software outsourcing company in India
  11. Software outsourcing company in India
  12. Software outsourcing company in India
  13. Software outsourcing company in India
  14. Software outsourcing company in India
  15. Software outsourcing company in India
  16. Software outsourcing company in India
  17. Software outsourcing company in India