Power Point PPTX | Diposting 26 Aug 2022 | 3 thn lalu
Authentication
digital resources
252x Tipe PPTX Ukuran file 2.50 MB Source: indico.egi.eu
About BSI
• Thought Leaders: Shaped the world’s most adopted
standards, incl. ISO 9001, ISO 14001, OHSAS 18001 and ISO
27001.
• Global Network: 70,000 clients in 150 countries worldwide
including governments, global brands and SME’s.
• Leading Global Standards Creation Body: British, European,
ISO, Public, Private.
• The UK National Standards Body: The source of British
Standards.
• Specialist Focus on Standards Creation, Training and
Certification.
Copyright © 2013 BSI. All rights 08/26/2022 2
reserved. 2
ISO 27001
• ISO 27001 is the
international standard for
information security.
• It was developed from BS
7799.
• There are over 17,500
organisations certified
globally in over 120
countries.
• A new version of the
standard is due out soon.
Source – ISO survey
Copyright © 2013 BSI. All rights 08/26/2022 2011
3
reserved. 3
How does it work?
• It is a management systems standard – it outlines the processes and
procedures an organisation must have in place to manage
Information Security issues in core areas of the business.
• The standard does not stipulate exactly how the process should
operate.
Context
Context
Performance
Performance Leadership
Monitoring Leadership
Monitoring
Improvemen
Improvemen Planning
t Planning Risk
t
Assessmen
Select t
Operation Support
Controls Operation Support
Copyright © 2013 BSI. All rights 08/26/2022 4
reserved. 4
Risk Assessment and Controls
• As part of the planning area the client must conduct a risk
assessment and identify the appropriate controls.
• There is a suggested list of controls in an Annex to ISO 27001 (written
in 2005)
• But ,‘The control objectives and controls listed in Annex A are not
exhaustive and additional control objectives and controls may be
needed’
Range of organisations to be covered:
• Atomic Power Plant
• Exam Marking Company
• A Large Bank
Copyright © 2013 BSI. All rights 08/26/2022 5
reserved. 5
Criticisms – that other people have voiced…
1. ISO 27001 is updated every 8 years – the controls become obsolete
faster than that.
2. It is a one size fits all standard but there are some industry specific
concerns it does not cover.
3. Any standard can become a lowest common denominator.
4. People can certify any scope they like within their organisation.
This is where the CSA’s Cloud Controls
Matrix fill a need.
• There are a number of frameworks and control list out their but
there are several reason by BSI chose to work with CSA and their
CCM.
Copyright © 2013 BSI. All rights 08/26/2022 6
reserved. 6
no reviews yet
Please Login to review.
