1. Verônica Simões – Diretora Geral [email_address] ITIL V3 EXPERT COBIT CGEIT ISO/IEC 27001 Lead Auditor ISO/IEC 20000 Lead Auditor itSMF Brasil Council Member PÓS- GRADUAÇÃO Gerência de Projetos PÓS- GRADUAÇÃO Gerência de Telecomunicações PÓS- GRADUAÇÃO E-Business COMO IMPLANTAR A GESTÃO DE INCIDENTES DE SEGURANÇA COM BASE NAS BOAS PRÁTICAS
2.
3.
4. Operações de TI BPM PMBOK/ PRINCE2 ISO 27000 ISO 19770 CMMI / MPSBR CBTS/ SQA ISO 10006 ISO 9000/ SIX SIGMA Planejamento de TI E-SCM COBIT TOGAF ISO 38500 ISO 20000 ITIL Planejamento Estratégico MOF M_O_R ISO 31000 PORTER BSC – KAPLAN &NORTON
5. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems Manage IT Risks
6. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems ITIL V3 Manage IT Risks
7. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems ITIL V3 Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management PMBok Project Management Institute Manage IT Risks
8. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems PMBok Project Management Institute CMM Manage IT Risks ITIL V3 Service Delivery Service Support Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management
9. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems CMM ISO 9000 Quality Management Manage IT Risks ITIL V3 Service Delivery Service Support Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management PMBok Project Management Institute
10. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems Manage IT Risks PMBok Project Management Institute CMM ISO 9000 Quality Management ISO 20000 ITIL V3 Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management
11. Deliver & Support Monitor & Evaluate Acquire & Implement Plan & Organise Define Strategic IT Plan Define IT Processes Organisation Relationships Manage IT Investment Determine Technological Direction Communicate Aims & Direction Manage IT Human Resource Manage IT Risks Manage Projects Manage Quality Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology Infrastructure Procure IT Resources Install & Accredit Solutions and Changes Manage Changes Manage Performance & Capacity Ensure Continuous Service Ensure System Security Identify & Allocate Costs Manage Third-Party Services Define & Manage Service Levels Educate & Train Users Manage Configuration Manage Service Desk & Incidents Manage Data Manage the Physical Environment Manage Operations Monitor and Evaluate Performance Monitor and Evaluate Internal Control Ensure Compliance with External Requirements Provide IT Gorvenance Define Information Architecture Enable Operation and Use Manage Problems PMBok Project Management Institute CMM ISO 9000 Quality Management ISO 20000 ISO 27000 ITIL V3 Service Desk Incident Management Change Management Release Management Problem Management Configuration Management Service Level Management Availability Management Financial Management Continuity Management Capacity Management
12.
13. DIRETRIZES DO TCU “ NBRISO/IEC 27002, item 14.1.3 – Desenvolvimento e implementação de planos de continuidade relativos à segurança da informação: convém que os planos sejam desenvolvidos e implementados para a manutenção ou recuperação das operações e para assegurar a disponibilidade da informação no nível requerido e na escala de tempo requerida , após a ocorrência de interrupções ou falhas dos processos críticos do negócio.” ACORDÃO Nº1.603/2008-TCU-PLENÁRIO:
14.
15. ISO 27000 – O QUE É ? Um padrão britânico que trata da definição de requisitos para um Sistema de Gestão de Segurança da Informação - SGSI Confidencial
16. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 Vocabulário e definições a serem utilizadas pelas demais Normas ISO 27006
17. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 Define os requisitos para a implementação de um SGSI ISO 27006
18. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 Atual ISO-17799, Define boas práticas para a gestão da segurança da Informação ISO 27006
19. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 É um Guia para a Implementação de um SGSI ISO 27006
20. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 Define métricas para avaliar a eficácia de um SGSI ISO 27006
21. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 Define linhas de orientação para a gestão de risco da segurança da Informação ISO 27006
22. ISO 27000 – O QUE É ? ISO 27000 ISO 27001 ISO 27002 ISO 27003 ISO 27004 ISO 27005 Um guia para o processo de acreditação de entidades certificadoras ISO 27006
23. ISO 27000 – O QUE É ? ISO 27007 ISO 27008 ISO 27011 ISO 27799 Um guia para auditoria do SGSI - 2009 Normas aprovadas para publicação Um guia para auditoria do com foco em controles de segurança - 2011 Um guia para gerenciamento da segurança da informação com foco em telecomunicações - 2009 Um guia para gerenciamento da segurança da informação com foco em saúde com base na ISO/IEC 17799 - 2009
24. ISO 27000 – O QUE É ? ISO 27010 ISO 27031 ISO 27032 Um guia segurança do trabalho e comunicações Continuidade de negócio Cyber Security Normas aguardando confirmação ISO 27033 Segurança em rede / Detecção de Intrusos ISO 27034 Guia para Segurança em aplicações ISO 27051 Telecomunicações
25. ISO 27000 – O QUE É ? ISO 27012 ISO 27013 Finanças ou Industria Automativa Manufatura ou Loterias Normas em especulação – especificas para a industria
32. ISO 27000 – PORQUE ADOTAR? Você já deu sua senha por prova de amor? Pense bem...
33. ISO 27000 – PORQUE ADOTAR? SUA SENHA É SUA IDENTIDADE DIGITAL!!! O login com a senha determinam AUTORIA! Se alguém utilizar sua senha para fazer algo de errado em ambiente eletrônico, como retirar conteúdos da rede ou enviar uma mensagem ofensiva, O PRINCIPAL SUSPEITO SERÁ VOCÊ!
61. ISO 27000 – PRÓXIMOS PASSOS GERÊNCIA CENTRALIZADA DE LOGS
62.
63. Verônica Simões – Diretora Geral [email_address] ITIL V3 EXPERT COBIT CGEIT ISO/IEC 27001 Lead Auditor ISO/IEC 20000 Lead Auditor itSMF Brasil Council Member PÓS- GRADUAÇÃO Gerência de Projetos PÓS- GRADUAÇÃO Gerência de Telecomunicações PÓS- GRADUAÇÃO E-Business A Segurança só atinge os seus objetivos sob a forma de mobilização geral. Obrigada a todos!!!