ISO 27001:2005 O00Audit ProcessusTHE SSGS GROUUP IS THEE GLOBAALL LEADERR AND INNOVATOR IN INSPECTION, VERIFICATION, INTOSNIC, TESTING & CERTIFICATION SERVICESTIERTIV„ Established in 1878 - Head Office in Geneva, Switzerland„ 42’000 employees -1000 Offices and 385 Laboratories in more than 140 Countries „ SGS is recognized as the global benchmark in quality and integrity„ Global accreditation for numerous management systems standards„ UKAS Accredited ISO 27001 Certification Body (no. 005)2October 3, 2006I nformation Security ConceptsotSriopWhat is information?Ensuring that information “Information can exist in many forms. is accessible only to It can be printed or written on paper, those authorized to have stored electronically, transmitted by Confidentialityaccess.post or using electronic means, shown on films, or spoken in conversation”AvailabilityEnsuring that authorized users have access to Informationatinformation and associated assets when Safeguarding the accuracy required. and completeness of information and processing IntegrityMethods.3October 3, 2006Is Information Security Important?Information is the key to success and growth for an organisation.You do not want this happening to you…ƒ 15.000 hospital records found in a waste binƒ 30.000 passwords to Internet accounts published on the Internetƒ 25 people from the development department moved to a ...
T HE SGS GROUP IS THE GLOBAL LEA DE R AND INNOVATOR IN INSPECTION, V ERIFICATION, T ES T I NG & CERTIFICATION SERVICE S
.005)
I nfor m a t i o n Sec u ri t y C o n ce pt s
What is information? “Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation”
October 3, 2006
Ensuring that information is accessible only to Confidentiality tahcocseessa.uthorizedtohave
Safeguarding the accuracy eteness of iannfodrcmoamtioplnandprocessingIntegrity Methods.
Availability
Ensuring that authorized users have access to information and associated assets when required.
3
Is Information Security Important?
Information is the key to success and growth for an organisation.
You do not want this happening to you … 15.000 hospital records found in a waste bin 30 000 passwords to Internet accounts published on the Internet . 25 people from the development department moved to a competitor Banks pay millions to blackmailing crackers 300.000 account numbers stolen - some published on the WEB
October 3, 2006
4
October 3, 2006
St ru ct ure of I S O 2 7 0 0 1
ISO 2700:2005 proposes measures for an efficient information security management framework. ISO 27001 helps an organization establish an information security management system (ISMS) and thus prepare for the audit.
ISO 27001 contains 39 control objectives and 133 controls essential as basis for an ISMS.