SlideShare une entreprise Scribd logo

How Does the New ISO 27001 Impact Your IT Risk Management Processes?

Lars Neupart
Lars Neupart

The document discusses changes to the new ISO 27001 standard for information security management systems. Some key changes include new content and requirements numbering, while maintaining backwards compatibility. It emphasizes the importance of risk management, referencing ISO 31000 for enterprise risk management. The new standard provides more flexibility in choosing a risk assessment method. It also requires identifying risks and opportunities, and designating a risk owner to approve treatment plans and accept residual risks.

BusinessTechnologie
1  sur  30
Télécharger pour lire hors ligne
How  Does  the  new  ISO  27001  Impact   Your  IT  Risk  Management  Processes?   Presented  by  Lars  Neupart     Founder,  CEO  of   Neupart  –  The  ERP  of  Security   LN@neupart.com   twiBer  @neupart    
The  ISO  2700x  standards   ISO  27000   • Overview  and   vocabulary   ISO27001   • InformaKon  Security   Management  Systems  –   Requirements   ISO27002   • Code  of  pracKce  for   informaKon  security   management   ISO  27003     • ISMS  ImplementaKon   Guidelines   ISO  27004   • InformaKon  Security   Management  -­‐   Measurement.     ISO27005   • InformaKon  Security   Risk  Management   ISO27006   • Requirements  for   bodies  providing  audit   and  cerKficaKon     +  +  +  +    
New  drafts  available   ISO  27000   • Overview  and   vocabulary   ISO27001   • InformaKon  Security   Management  Systems  –   Requirements   ISO27002   • Code  of  pracKce  for   informaKon  security   management   ISO  27003     • ISMS  ImplementaKon   Guidelines   ISO  27004   • InformaKon  Security   Management  -­‐   Measurement     ISO27005   • InformaKon  Security   Risk  Management   ISO27006   • Requirements  for   bodies  providing  audit   and  cerKficaKon     +  +  +  +    
Information  Security   Management  Systems  –   Requirements   ISO  27001  –  the  2013  edition  ISO/IEC  DIS  27001  =  draft.     I.e.  changes  are  likely  to  happen     Aim  of  todays  webinar  is  to  give  you  a  head  start  preparing  for   the  new  standard  so  you  can  have  a  smoother  transition.  
What’s  new?   •  A  lot!   •  New  content   •  New  requirements   numbering   •  Still  short:  9  pages  of   requirements  to  an  ISMS   •  Controls  are  still  listed  in   Annex  A,  and  referring   to  ISO  27002  (the  new)   •  Maintaining  a  fair   portion  of  backwards   compatibility  
Poll:  How  do  you  use  ISO  27001   today?   •  We  are  certified   •  We  plan  to  certify   •  We  plan  to  comply;  no   certification   •  Best  practice   inspiration   •  Don't  know  
Still  risk  oriented:   •  The  first  requirement   in  the  new  ISO  27001   refers  to  an  Enterprise   Risk  Management   Standard:  ISO  31000  
ISO  31000  Enterprise  Risk  Management   Plan   Do   Check   Act  
Enterprise  Risk   Management  (ISO   31000)   InformaKon   Security  Risk   Management  (ISO   27005)   ISMS   Requirements   (ISO  27001)    
ISO  27005  recap  
IT  Risk  Management  -­‐  Explained   Risk Incident Likelihood Incident Consequence Threat Frequency Threat Effect Threats Preventive Measures Corrective Measures
Reduce LikelihoodProactive Security IT Security Policy Compliance & Awareness Change Management Operating Procedures Access Control Monitoring System Redundancy Firewall Antivirus Reactive Security Reduce Consequence IT Service Continuity Teams IT Service Continuity Strategy IT Service Continuity Plans Disaster Recovery Procedures Emergency Operations Flexibility Standby Equipment Virtualization Backup IT  Risk  Management  -­‐  Explained   Risk Prioritization Incident Likelihood Incident Consequence Threat Frequency Threat Effect Threats Preventive Measures Corrective Measures
Vulnerability  &  control  environment  assessment   AdministraKve   Measures   Physical  /  Technical   Measures   PrevenKve   Measures   CorrecKve   Measures   Firewall   AnKvirus   Server   Cluster   RAID   Backup   Standby   Equipment   VirtualizaKon   Security   Policy   System   DocumentaKon   Awareness   Compliance   Checks   Alarm   System   Fire   Suppression   Logging   Change   Management   IT  Service   ConKnuity  Plan   Disaster  Recovery   Procedures   Business   ConKnuity   Strategy   Redundancy   Access  Control   System   Standby  Site   Server  snapshots   Assessments  based  on   Capability  Maturity   Model   Monitoring  
Assets:  Dependency  Hierarchy   Business  Impact  values   are  inherited  downwards   Vulnerability  values   are  inherited  upwards   Server  01   Virtual  Server   SAN  01   Data  Staorage   HP  DL380   Hardware    unit   Data  Center  Oslo   Datacenter   Finance  DB   Database   ERP   IT  Service   Dynamics  AOS   Business  system   HP  DL380   Hardware  unit   Server  02   Virtual  Server   Finance   Business  Process  
Comparing  ISO  27005,  NIST  SP800-­‐30   ISO  27005   NIST  SP800-­‐30   Context  establishment               Identification  of  assets   System  Characterization   Identification  of  threats   Threat  Identification   Identification  of  existing  controls   Vulnerability  Identification   Identification  of  vulnerabilities   Control  Analysis   Identification  of  consequences               Assessment  of  consequences   Likelihood  Determination   Assessment  of  incident  likelihood   Impact  Analysis   Risk  estimation   Risk  Determination           Risk  evaluation               Risk  treatment   Control  Recommendations   Risk  acceptance       Risk  communication   Results  Documentation  
Examples  of  how  the  27001  update   will  impact  your  risk  management   processes  
27001:  Not  only  downside  risks   •  6.1  Actions  to  address  risks   and  opportunities     •  Quote  ISO  31000:   “Organizations  of  all  types   and  sizes  face  internal  and   external  factors  and   influences  that  make  it   uncertain  whether  and   when  they  will  achieve   their  objectives.  The  effect   this  uncertainty  has  on  an   organization's  objectives  is   “risk”.  
Risk  Owner   •  Risk  Owner  approves  risk  treatment  plan  and  accepts  residual  risks   •  Note:  Asset  ownership  is  formally  no  longer  a  ISO  27001  requirement,  but  it’s  still  in  the  annex  A  Control   List.  Practically  same  requirement,  as  you  can’t  expect  it  to  not  be  in  your  Statement  of  Applicability  
Increased  flexibility  in  your  choice     of  risk  method   The  organization  shall  define  an  information   security  risk  assessment  process  that:     1.  establishes  and  maintains  information  security   risk  criteria,  including  the  risk  acceptance   criteria;     2.  determines  the  criteria  for  performing   information  security  risk  assessments;  and     3.  ensures  that  repeated  information  security  risk   assessments  produce  consistent,  valid  and   comparable  results.     (section  6.1  )    
Time  to  vote   •  What  IT  risk  assessment   method  or  framework   do  you  use  today?   –  ISO  27005   –  NIST  SP  800  series   –  IRAM     –  OCTAVE   –  Some  other  threat  based   approach   –  Some  other  control  based   approach   –  Don’t  know  
The  organization  shall  apply  an   information  security  risk  treatment   process    
Treating  Risks   Accept   Reduce   Share   Avoid   Treatment  opKons  according  to  ISO  27001:2005  and  ISO  27005.   ISO  27001:2013,  do  not  require  these  specific  treatment  opKons;  but   you  are  free  to    choose  these.  
SoA  linked  even  closer  to  Risk  Treatment   Risk  treatment   SoA  =   Statement  of   Applicability   •  Select  treatment  options   •  Determine  controls   •  Check  controls  with  Annex  A,     verify  no  necessary  controls  are   omitted   •  Make  SoA  and  justify  exclusions   AND  inclusions  (new)   •  Clearly  worded  that  you  must   determine  all  necessary  controls  
Review  of  Neuparts  well  known  4   responsible  short-­‐cuts  –  do  they  still  apply?   Assess  your  most   important  assets  first     (you  can  add  more   later)   1:  Not  all  assets   Do  not  use  complete   threat  catalogue  on   each  of  your  assets   (relevant  threats   depends  on  asset  type)   2:  Not  all  threats   • Inheritance:  Business   impact  values  inherits   downwards   • Vulnerability  scores   inherits  upwards   • Asset  dependencies  /   Hierarchy   3:  Inheritance   • Make  overall   assessment  first  –   refine  later   • Example:  Assess   threats  combined  first   –  individually  later   4:  Fewer  assessments  
Oh,  what  happened  to  PDCA?   Plan  -­‐  Do  –  Check  -­‐  Act  is  still  there,  now  called  continual   improvement  
Risk  Management   •  Risk  Owner   •  (Assets)   •  Threats   •  Business  Impact   Assessment   •  Vulnerability  Assessment   •  Reporting  &  evaluating   •  Treating  (Accept,  Reduce,  Share,   Avoid)  
Time  to  vote   •  Will  the  new  ISO  improve   your  risk  management   processes?   –  Yes  –  the  update  is  easy  to   understand  and  makes   sense   –  Not  much  –  nothing  really   new  here   –  I’m  concerned  of  the   introduced  flexibility   –  Don’t  know  
About  Neupart   •  ISO  27001  certified  company   •  Provides  SecureAware®,    an  all-­‐in-­‐one,   efficient  IT  GRC  solution  allowing   organizations  to  automate  IT  governance,   risk  and  compliance  management     •  “The  ERP  of  Security”   •  HQ  in  Denmark,  subsidiary  in  Germany  and   a  200+  customer  portfolio  covering  a  wide   range  of  private  enterprises  and   governmental  agencies     IT  GRC  =   IT  Governance,     Risk  &  Compliance   Management  
SecureAware  Risk  TNG  Benefits   •  Less  specialist  knowledge   needed  to  conduct  professional   risk  management   •  Know  your  IT  related  business   risks   •  Fast  results   •  Saves  time  for  you  and  your   organization   •  ISO  27005  based  methodology  – and  fully  compatible  with  NIST   SP800-­‐30     •  Cloud  or  on-­‐premise  software  
Try  ISO  27001  compliant  IT  GRC  soluKon  at  www.neupart.com   Presented  by  Lars  Neupart     Founder,  CEO  of   Neupart  –  The  ERP  of  Security   LN@neupart.com   twiBer  @neupart    

Recommandé

ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 

Recommandé

ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Isms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information SecurityIsms Implementer Course Module 1 Introduction To Information Security
Isms Implementer Course Module 1 Introduction To Information Securityanilchip
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
ISO 27701
ISO 27701ISO 27701
ISO 27701UtkarshDhiman4
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Iso 27001
Iso 27001Iso 27001
Iso 27001Adam Miller
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 

Contenu connexe

Tendances

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 

Tendances (20)

Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Iso 27001
Iso 27001Iso 27001
Iso 27001
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 

En vedette

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureUppala Anand
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...KMD
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementLars Neupart
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyBest Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyPECB
 
ISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the OrganisationISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the OrganisationRobert Clements
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListSriramITISConsultant
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014DQS Inc.
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 

En vedette (20)

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
Neupart Bright Talk - How Does the New ISO 27001 Impact Your IT Risk Manageme...
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk Management
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 SimultaneouslyBest Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
Best Approach to Integrate ISO 9001 and ISO 27001 Simultaneously
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
ISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the OrganisationISO Annex SL Clause 4: Context of the Organisation
ISO Annex SL Clause 4: Context of the Organisation
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001
 
ISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_ListISO 27001 Implementation_Documentation_Mandatory_List
ISO 27001 Implementation_Documentation_Mandatory_List
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014Iso 27001 transition to 2013 03202014
Iso 27001 transition to 2013 03202014
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 

Similaire à How Does the New ISO 27001 Impact Your IT Risk Management Processes?

Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013Andrea Porter
 
Neupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessmentsNeupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessmentsLars Neupart
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012Hakem Filiz
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxSIS Certifications Pvt Ltd
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramTammy Clark
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NA Putra
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Greenlight Guru
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?PECB
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxssuser00d6eb
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business ValueHyTrust
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Chandan Singh Ghodela
 
8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lankaAnoosha Factocert
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdfSharudinBoriak1
 

Similaire à How Does the New ISO 27001 Impact Your IT Risk Management Processes? (20)

Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013Auditing Information Security Management System Using ISO 27001 2013
Auditing Information Security Management System Using ISO 27001 2013
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
Neupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessmentsNeupart webinar 1: Four shortcuts to better risk assessments
Neupart webinar 1: Four shortcuts to better risk assessments
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012
 
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptxISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
ISO 27001 Compliance Checklist 9 Step Implementation Guide.pptx
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Developing A Risk Based Information Security Program
Developing A Risk Based Information Security ProgramDeveloping A Risk Based Information Security Program
Developing A Risk Based Information Security Program
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001NQA Your Complete Guide to ISO 27001
NQA Your Complete Guide to ISO 27001
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview Risk Management for Medical Devices - ISO 14971 Overview
Risk Management for Medical Devices - ISO 14971 Overview
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
ISO27001
ISO27001ISO27001
ISO27001
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
 
english_bok_ismp_202306.pptx
english_bok_ismp_202306.pptxenglish_bok_ismp_202306.pptx
english_bok_ismp_202306.pptx
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
 
8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka8 requirements to get iso 27001 certification in sri lanka
8 requirements to get iso 27001 certification in sri lanka
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf
 

Plus de Lars Neupart

Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22
Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22
Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22Lars Neupart
 
Til ledelsen it-sikkerhed for forretningen
Til ledelsen it-sikkerhed for forretningen Til ledelsen it-sikkerhed for forretningen
Til ledelsen it-sikkerhed for forretningen Lars Neupart
 
Dansk It Neupart Cloud Sikkerhed Risikovurdering
Dansk It Neupart Cloud Sikkerhed RisikovurderingDansk It Neupart Cloud Sikkerhed Risikovurdering
Dansk It Neupart Cloud Sikkerhed RisikovurderingLars Neupart
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012Lars Neupart
 
Muligheder for sikker cloud computing
Muligheder for sikker cloud computingMuligheder for sikker cloud computing
Muligheder for sikker cloud computingLars Neupart
 
Tror du stadig du kan sige nej tak til Web 2.0 og skyen?
Tror du stadig du kan sige nej tak til Web 2.0 og skyen?Tror du stadig du kan sige nej tak til Web 2.0 og skyen?
Tror du stadig du kan sige nej tak til Web 2.0 og skyen?Lars Neupart
 

Plus de Lars Neupart (6)

Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22
Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22
Neupart indlæg om den ny iso 27001 hos dansk it i århus 2013 05-22
 
Til ledelsen it-sikkerhed for forretningen
Til ledelsen it-sikkerhed for forretningen Til ledelsen it-sikkerhed for forretningen
Til ledelsen it-sikkerhed for forretningen
 
Dansk It Neupart Cloud Sikkerhed Risikovurdering
Dansk It Neupart Cloud Sikkerhed RisikovurderingDansk It Neupart Cloud Sikkerhed Risikovurdering
Dansk It Neupart Cloud Sikkerhed Risikovurdering
 
Neupart Isaca April 2012
Neupart Isaca April 2012Neupart Isaca April 2012
Neupart Isaca April 2012
 
Muligheder for sikker cloud computing
Muligheder for sikker cloud computingMuligheder for sikker cloud computing
Muligheder for sikker cloud computing
 
Tror du stadig du kan sige nej tak til Web 2.0 og skyen?
Tror du stadig du kan sige nej tak til Web 2.0 og skyen?Tror du stadig du kan sige nej tak til Web 2.0 og skyen?
Tror du stadig du kan sige nej tak til Web 2.0 og skyen?
 

Dernier

8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 

Dernier (20)

8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 

How Does the New ISO 27001 Impact Your IT Risk Management Processes?

  • 1. How  Does  the  new  ISO  27001  Impact   Your  IT  Risk  Management  Processes?   Presented  by  Lars  Neupart     Founder,  CEO  of   Neupart  –  The  ERP  of  Security   LN@neupart.com   twiBer  @neupart    
  • 2. The  ISO  2700x  standards   ISO  27000   • Overview  and   vocabulary   ISO27001   • InformaKon  Security   Management  Systems  –   Requirements   ISO27002   • Code  of  pracKce  for   informaKon  security   management   ISO  27003     • ISMS  ImplementaKon   Guidelines   ISO  27004   • InformaKon  Security   Management  -­‐   Measurement.     ISO27005   • InformaKon  Security   Risk  Management   ISO27006   • Requirements  for   bodies  providing  audit   and  cerKficaKon     +  +  +  +    
  • 3. New  drafts  available   ISO  27000   • Overview  and   vocabulary   ISO27001   • InformaKon  Security   Management  Systems  –   Requirements   ISO27002   • Code  of  pracKce  for   informaKon  security   management   ISO  27003     • ISMS  ImplementaKon   Guidelines   ISO  27004   • InformaKon  Security   Management  -­‐   Measurement     ISO27005   • InformaKon  Security   Risk  Management   ISO27006   • Requirements  for   bodies  providing  audit   and  cerKficaKon     +  +  +  +    
  • 4. Information  Security   Management  Systems  –   Requirements   ISO  27001  –  the  2013  edition  ISO/IEC  DIS  27001  =  draft.     I.e.  changes  are  likely  to  happen     Aim  of  todays  webinar  is  to  give  you  a  head  start  preparing  for   the  new  standard  so  you  can  have  a  smoother  transition.  
  • 5. What’s  new?   •  A  lot!   •  New  content   •  New  requirements   numbering   •  Still  short:  9  pages  of   requirements  to  an  ISMS   •  Controls  are  still  listed  in   Annex  A,  and  referring   to  ISO  27002  (the  new)   •  Maintaining  a  fair   portion  of  backwards   compatibility  
  • 6. Poll:  How  do  you  use  ISO  27001   today?   •  We  are  certified   •  We  plan  to  certify   •  We  plan  to  comply;  no   certification   •  Best  practice   inspiration   •  Don't  know  
  • 7. Still  risk  oriented:   •  The  first  requirement   in  the  new  ISO  27001   refers  to  an  Enterprise   Risk  Management   Standard:  ISO  31000  
  • 8. ISO  31000  Enterprise  Risk  Management   Plan   Do   Check   Act  
  • 9. Enterprise  Risk   Management  (ISO   31000)   InformaKon   Security  Risk   Management  (ISO   27005)   ISMS   Requirements   (ISO  27001)    
  • 11. IT  Risk  Management  -­‐  Explained   Risk Incident Likelihood Incident Consequence Threat Frequency Threat Effect Threats Preventive Measures Corrective Measures
  • 12. Reduce LikelihoodProactive Security IT Security Policy Compliance & Awareness Change Management Operating Procedures Access Control Monitoring System Redundancy Firewall Antivirus Reactive Security Reduce Consequence IT Service Continuity Teams IT Service Continuity Strategy IT Service Continuity Plans Disaster Recovery Procedures Emergency Operations Flexibility Standby Equipment Virtualization Backup IT  Risk  Management  -­‐  Explained   Risk Prioritization Incident Likelihood Incident Consequence Threat Frequency Threat Effect Threats Preventive Measures Corrective Measures
  • 13. Vulnerability  &  control  environment  assessment   AdministraKve   Measures   Physical  /  Technical   Measures   PrevenKve   Measures   CorrecKve   Measures   Firewall   AnKvirus   Server   Cluster   RAID   Backup   Standby   Equipment   VirtualizaKon   Security   Policy   System   DocumentaKon   Awareness   Compliance   Checks   Alarm   System   Fire   Suppression   Logging   Change   Management   IT  Service   ConKnuity  Plan   Disaster  Recovery   Procedures   Business   ConKnuity   Strategy   Redundancy   Access  Control   System   Standby  Site   Server  snapshots   Assessments  based  on   Capability  Maturity   Model   Monitoring  
  • 14. Assets:  Dependency  Hierarchy   Business  Impact  values   are  inherited  downwards   Vulnerability  values   are  inherited  upwards   Server  01   Virtual  Server   SAN  01   Data  Staorage   HP  DL380   Hardware    unit   Data  Center  Oslo   Datacenter   Finance  DB   Database   ERP   IT  Service   Dynamics  AOS   Business  system   HP  DL380   Hardware  unit   Server  02   Virtual  Server   Finance   Business  Process  
  • 15. Comparing  ISO  27005,  NIST  SP800-­‐30   ISO  27005   NIST  SP800-­‐30   Context  establishment               Identification  of  assets   System  Characterization   Identification  of  threats   Threat  Identification   Identification  of  existing  controls   Vulnerability  Identification   Identification  of  vulnerabilities   Control  Analysis   Identification  of  consequences               Assessment  of  consequences   Likelihood  Determination   Assessment  of  incident  likelihood   Impact  Analysis   Risk  estimation   Risk  Determination           Risk  evaluation               Risk  treatment   Control  Recommendations   Risk  acceptance       Risk  communication   Results  Documentation  
  • 16. Examples  of  how  the  27001  update   will  impact  your  risk  management   processes  
  • 17. 27001:  Not  only  downside  risks   •  6.1  Actions  to  address  risks   and  opportunities     •  Quote  ISO  31000:   “Organizations  of  all  types   and  sizes  face  internal  and   external  factors  and   influences  that  make  it   uncertain  whether  and   when  they  will  achieve   their  objectives.  The  effect   this  uncertainty  has  on  an   organization's  objectives  is   “risk”.  
  • 18. Risk  Owner   •  Risk  Owner  approves  risk  treatment  plan  and  accepts  residual  risks   •  Note:  Asset  ownership  is  formally  no  longer  a  ISO  27001  requirement,  but  it’s  still  in  the  annex  A  Control   List.  Practically  same  requirement,  as  you  can’t  expect  it  to  not  be  in  your  Statement  of  Applicability  
  • 19. Increased  flexibility  in  your  choice     of  risk  method   The  organization  shall  define  an  information   security  risk  assessment  process  that:     1.  establishes  and  maintains  information  security   risk  criteria,  including  the  risk  acceptance   criteria;     2.  determines  the  criteria  for  performing   information  security  risk  assessments;  and     3.  ensures  that  repeated  information  security  risk   assessments  produce  consistent,  valid  and   comparable  results.     (section  6.1  )    
  • 20. Time  to  vote   •  What  IT  risk  assessment   method  or  framework   do  you  use  today?   –  ISO  27005   –  NIST  SP  800  series   –  IRAM     –  OCTAVE   –  Some  other  threat  based   approach   –  Some  other  control  based   approach   –  Don’t  know  
  • 21. The  organization  shall  apply  an   information  security  risk  treatment   process    
  • 22. Treating  Risks   Accept   Reduce   Share   Avoid   Treatment  opKons  according  to  ISO  27001:2005  and  ISO  27005.   ISO  27001:2013,  do  not  require  these  specific  treatment  opKons;  but   you  are  free  to    choose  these.  
  • 23. SoA  linked  even  closer  to  Risk  Treatment   Risk  treatment   SoA  =   Statement  of   Applicability   •  Select  treatment  options   •  Determine  controls   •  Check  controls  with  Annex  A,     verify  no  necessary  controls  are   omitted   •  Make  SoA  and  justify  exclusions   AND  inclusions  (new)   •  Clearly  worded  that  you  must   determine  all  necessary  controls  
  • 24. Review  of  Neuparts  well  known  4   responsible  short-­‐cuts  –  do  they  still  apply?   Assess  your  most   important  assets  first     (you  can  add  more   later)   1:  Not  all  assets   Do  not  use  complete   threat  catalogue  on   each  of  your  assets   (relevant  threats   depends  on  asset  type)   2:  Not  all  threats   • Inheritance:  Business   impact  values  inherits   downwards   • Vulnerability  scores   inherits  upwards   • Asset  dependencies  /   Hierarchy   3:  Inheritance   • Make  overall   assessment  first  –   refine  later   • Example:  Assess   threats  combined  first   –  individually  later   4:  Fewer  assessments  
  • 25. Oh,  what  happened  to  PDCA?   Plan  -­‐  Do  –  Check  -­‐  Act  is  still  there,  now  called  continual   improvement  
  • 26. Risk  Management   •  Risk  Owner   •  (Assets)   •  Threats   •  Business  Impact   Assessment   •  Vulnerability  Assessment   •  Reporting  &  evaluating   •  Treating  (Accept,  Reduce,  Share,   Avoid)  
  • 27. Time  to  vote   •  Will  the  new  ISO  improve   your  risk  management   processes?   –  Yes  –  the  update  is  easy  to   understand  and  makes   sense   –  Not  much  –  nothing  really   new  here   –  I’m  concerned  of  the   introduced  flexibility   –  Don’t  know  
  • 28. About  Neupart   •  ISO  27001  certified  company   •  Provides  SecureAware®,    an  all-­‐in-­‐one,   efficient  IT  GRC  solution  allowing   organizations  to  automate  IT  governance,   risk  and  compliance  management     •  “The  ERP  of  Security”   •  HQ  in  Denmark,  subsidiary  in  Germany  and   a  200+  customer  portfolio  covering  a  wide   range  of  private  enterprises  and   governmental  agencies     IT  GRC  =   IT  Governance,     Risk  &  Compliance   Management  
  • 29. SecureAware  Risk  TNG  Benefits   •  Less  specialist  knowledge   needed  to  conduct  professional   risk  management   •  Know  your  IT  related  business   risks   •  Fast  results   •  Saves  time  for  you  and  your   organization   •  ISO  27005  based  methodology  – and  fully  compatible  with  NIST   SP800-­‐30     •  Cloud  or  on-­‐premise  software  
  • 30. Try  ISO  27001  compliant  IT  GRC  soluKon  at  www.neupart.com   Presented  by  Lars  Neupart     Founder,  CEO  of   Neupart  –  The  ERP  of  Security   LN@neupart.com   twiBer  @neupart