Security Mgt, ISO 27001, PDCA

Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt, ISO 27001, PDCA, created by jjanesko on 05/02/2013.

Created by jjanesko over 6 years ago
Security Mgt U5, risk analysis and mgt (part 1)
Security Mgt: Legislation, Organizations, Standards
Security Mgt U3, BS7799 (Part 2)
Music Therapy - CBMT practice exam #1
Jessica H.
Cell Physiology and General Physiology of Excitable Tissues- Physiology PMU 2nd Year
Med Student
Security Mgt U3, BS7799 (Part 1)
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, quantitative risk assessment forumula (image)
Security Mgt U8, Incident Recovery Image
Security Mgt, ISO 27001, PDCA
1 plan
1.1 establish ISMS
1.1.1 define policy includes framework for setting objectives takes into account requirements business regulatory contractual legal aligns with strategic risk mgt context establishes risk evaluation criteria approved by management
1.1.2 define scope and boundaries based on business characteristics location assets and technology
1.1.3 define risk assessment approach define suitable methodology define criteria for accepting risks define acceptable risk levels
1.1.4 identify risks 1. identify assets & owners 2. identify threats 3. identify vulnerabilities 4. identify impacts of loss of confidentiality, integrity, availability on asses
1.1.5 analyze & evaluate risks asess business impacts on organization from security failures assess likelihood with respect to currently implemented controls estimate the levels of risks determine if risks are acceptable using criteria for accepting risk
1.1.6 identify options for risk treatment controls accept avoid transfer
1.1.7 select controls
1.1.8 obtain management approval of residual risk
1.1.9 prepare statement of applicability documents control objectives, selected controls and reasoning currently implemented control objectives and controls any excluded ccontrol objectives and justification
2 do
2.1 implement and operate the ISMS
2.1.1 implement policy controls processes procedures
2.1.2 formulate risk treatment plan which identifies for risk management management action resources responsibilities priorities
2.1.3 implement selected controls
2.1.4 define how to measure and assess effectiveness
2.1.5 implement training and awareness programmes
2.1.6 manage ISMS operation
2.1.7 manage ISMS resources
2.1.8 implment procedures and controls capable of prompt detection of & response to security events
3 check
3.1 monitor and review the ISMS
3.1.1 execute monitoring & reviewing procedures to detect erros in processing results promptly identify security breaches enable management security activites are performing as expected activities assigned to people activities implemented in IT help detect and prevent security incidents by use of indicators determine whether actions to resolve a breach were effective
3.1.2 undertake regular reviews of effectiveness see results of security audits incident logs results from effectiveness measurements suggestions and feedback from stakeholders
3.1.3 measure effectivness of controls that verify security requirements have been met
3.1.4 Review risk assessment at regular intervals, taking in account changes to the organization technology business objectives and processes identified threats effectiveness of implemented controls external evants such as regulatory changes
3.1.5 conduct internal audit
3.1.6 undertake regular management review of ISMS
3.1.7 update security plans based on monitoring and review
3.1.8 record actions and events that could have an impact on the effectiveness of the ISMS
4 act
4.1 maintain and improve the ISMS
4.1.1 implement identified improvements
4.1.2 take appropriate corrective and preventative actions
4.1.3 apply lessons learned from internal and external organizations
4.1.4 communicate actions and improvements to all interested parties
4.1.5 ensure improvements achieve their intended objectives

Media attachments