Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Fact Sheet - IsO17799 - ISO27001 Services

    Hochgeladen von

    owais800
    33 Ansichten2 Seiten
    Fact Sheet - IsO17799_ISO27001 Services

    Originaltitel

    Fact Sheet - IsO17799_ISO27001 Services

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Fact Sheet - IsO17799_ISO27001 Services

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    33 Ansichten2 Seiten

    Fact Sheet - IsO17799 - ISO27001 Services

    Hochgeladen von

    owais800
    Fact Sheet - IsO17799_ISO27001 Services

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 2

    ISO17799 & ISO27001 Standards

    ORGANISING INFORMATION
    SECURITY
    Internal Organisation
    External Parties
    SECURITY POLICY

    ASSET
    MANAGEMENT
    Responsibility
    for Assets
    Information
    Classification

    BUSINESS CONTINUITY MANAGEMENT


    Information Security Aspects of Business
    Continuity Management

    Information Security
    COMMUNICATION AND
    OPERATIONS MANAGEMENT

    ACCESS CONTROL
    Business Requirement for
    Access Control
    User Access Management
    Users Responsibilities
    Network Access Control
    Operating System Access
    Control
    Application and Information
    Access Control
    Mobile Computing and
    Teleworking

    INFORMATION SYSTEMS
    ACQUISITION,
    DEVELOPMENT
    AND MAINTENANCE
    Security Requirements of
    Information Systems
    Correct Processing in
    Applications
    Cryptographic Controls
    Security of System Files
    Security in Development
    and Support Processes
    Technical Vulnerability
    Management

    Do (D)

    Plan (P)

    An ISMS to protect
    your
    Information Assets
    Check (C)

    Improve (A)

    Operational Procedures and


    Responsibilities
    Third Party Service Delivery
    Management
    System Planning and
    Acceptance
    Protection Against Malicious
    and Mobile Code
    Backup
    Network Management
    Media Handling
    Exchanges of Information
    Electronic Commerce
    Services
    Monitoring
    HUMAN RESOURCES SECURITY

    COMPLIANCE
    Compliance with
    Legal
    Requirements
    Compliance with
    Security Policy
    and Standards
    and Technical
    Compliance
    Information
    System Audit
    Considerations

    PHYSICAL AND
    ENVIRONMENTAL
    SECURITY
    Secure Areas
    Equipment
    Security

    Prior to Employment
    During Employment
    Termination of Change of
    Employment
    INFORMATION SECURITY
    INCIDENT MANAGEMENT
    Reporting Information
    Security Events and
    Weaknesses
    Management of Information
    Security Incidents and
    Improvements

    ISO17799:2005 Code of practice for information security management


    ISO27001:2005 Information security management systems - Requirements
    ISMS Information Security Management System

    KPMGs
    ISO17799 / ISO27001
    Service Offering
    BENEFITS OF ISO17799 and ISO27001
    Use an internationally recognised information security framework
    Meet and maintain regulatory compliance
    Increase efficiencies and effectiveness through standardisation
    Measure the effectiveness of information security efforts (ROI)
    Improve risk management posture
    Obtain a competitive advantage - move from reactive to proactive
    Drive process improvement
    Meet internal and external business requirements
    HOW ARE COMPANIES USING IT?
    Many companies are turning to ISO17799 and ISO27001 as a foundation for their information security efforts, including:
    Security Program Development and Assessment
    Foundation for the development of the overall security program
    Assessment and ongoing monitoring of the overall effectiveness of the information security program
    Policy Framework
    Baseline for the development and implementation of information security policy framework
    Compliance
    Build applicable controls in order to measure and maintain internal and external compliance
    Governance and Certification
    Obtain formal certification by an accredited body by applying a governance PDCA framework through implementing an ISMS

    KPMG ISO17799/ISO27001 DELIVERY METHODOLOGY

    Gap analysis

    Assessment of security

    posture across people,


    process and technology

    Comparison of

    company capabilities
    against ISO17799/
    ISO27001 controls

    Development of an
    implementation
    roadmap

    Implementation

    Certification*

    Training of company

    Assessment of a

    Development of

    Issuance of accredited

    personnel

    framework, policies,
    processes, standards
    and procedures

    Assistance with

    information security
    management system
    (ISMS) implementation

    companys ISMS
    certificate for
    successful assessment

    Re-certification and

    renewal assessments
    (ongoing)

    * Certification services are only available in selected countries, and apply to the certification of a company s ISMS, according to ISO27001:2005

    THE KPMG VALUE PROPOSITION


    We have a portfolio of successfully completed projects around world
    We have a mature and proven methodology base, which includes information security process and controls design,
    deployment, and project management
    We have the knowledge, skills, experience, tools and techniques to design and implement an ISMS that can be put
    forward for formal certification
    We have local capabilities in information security with the ability to leverage our global experience and knowledge base
    for the benefit of our clients
    We have consistently demonstrated our ability to construct and implement a security strategy across the organisation
    to meet business needs
    We have proven Training capabilities as demonstrated through external approvals

    2005 KPMG LLP, the U.K. member firm of KPMG International, a Swiss cooperative. All rights reserved. The KPMG logo and name are trademarks of KPMG.

    Das könnte Ihnen auch gefallen