Security Mgt, ISO 27001, PDCA

jjanesko
Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt, ISO 27001, PDCA, created by jjanesko on 05/02/2013.

167
22
0
Tags
jjanesko
Created by jjanesko over 6 years ago
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt: Legislation, Organizations, Standards
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Music Therapy - CBMT practice exam #1
Jessica H.
Cell Physiology and General Physiology of Excitable Tissues- Physiology PMU 2nd Year
Med Student
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt, ISO 27001, PDCA
1 plan
1.1 establish ISMS
1.1.1 define policy
1.1.1.1 includes framework for setting objectives
1.1.1.2 takes into account requirements
1.1.1.2.1 business
1.1.1.2.2 regulatory
1.1.1.2.3 contractual
1.1.1.2.4 legal
1.1.1.3 aligns with strategic risk mgt context
1.1.1.4 establishes risk evaluation criteria
1.1.1.5 approved by management
1.1.2 define scope and boundaries based on
1.1.2.1 business characteristics
1.1.2.2 location
1.1.2.3 assets and technology
1.1.3 define risk assessment approach
1.1.3.1 define suitable methodology
1.1.3.2 define criteria for accepting risks
1.1.3.3 define acceptable risk levels
1.1.4 identify risks
1.1.4.1 1. identify assets & owners
1.1.4.2 2. identify threats
1.1.4.3 3. identify vulnerabilities
1.1.4.4 4. identify impacts of loss of confidentiality, integrity, availability on asses
1.1.5 analyze & evaluate risks
1.1.5.1 asess business impacts on organization from security failures
1.1.5.2 assess likelihood with respect to currently implemented controls
1.1.5.3 estimate the levels of risks
1.1.5.4 determine if risks are acceptable using criteria for accepting risk
1.1.6 identify options for risk treatment
1.1.6.1 controls
1.1.6.2 accept
1.1.6.3 avoid
1.1.6.4 transfer
1.1.7 select controls
1.1.8 obtain management approval of residual risk
1.1.9 prepare statement of applicability
1.1.9.1 documents control objectives, selected controls and reasoning
1.1.9.2 currently implemented control objectives and controls
1.1.9.3 any excluded ccontrol objectives and justification
2 do
2.1 implement and operate the ISMS
2.1.1 implement
2.1.1.1 policy
2.1.1.2 controls
2.1.1.3 processes
2.1.1.4 procedures
2.1.2 formulate risk treatment plan which identifies for risk management
2.1.2.1 management action
2.1.2.2 resources
2.1.2.3 responsibilities
2.1.2.4 priorities
2.1.3 implement selected controls
2.1.4 define how to measure and assess effectiveness
2.1.5 implement training and awareness programmes
2.1.6 manage ISMS operation
2.1.7 manage ISMS resources
2.1.8 implment procedures and controls capable of prompt detection of & response to security events
3 check
3.1 monitor and review the ISMS
3.1.1 execute monitoring & reviewing procedures to
3.1.1.1 detect erros in processing results
3.1.1.2 promptly identify security breaches
3.1.1.3 enable management security activites are performing as expected
3.1.1.3.1 activities assigned to people
3.1.1.3.2 activities implemented in IT
3.1.1.4 help detect and prevent security incidents by use of indicators
3.1.1.5 determine whether actions to resolve a breach were effective
3.1.2 undertake regular reviews of effectiveness
3.1.2.1 see results of security audits
3.1.2.2 incident logs
3.1.2.3 results from effectiveness measurements
3.1.2.4 suggestions and feedback from stakeholders
3.1.3 measure effectivness of controls that verify security requirements have been met
3.1.4 Review risk assessment at regular intervals, taking in account changes to
3.1.4.1 the organization
3.1.4.2 technology
3.1.4.3 business objectives and processes
3.1.4.4 identified threats
3.1.4.5 effectiveness of implemented controls
3.1.4.6 external evants such as regulatory changes
3.1.5 conduct internal audit
3.1.6 undertake regular management review of ISMS
3.1.7 update security plans based on monitoring and review
3.1.8 record actions and events that could have an impact on the effectiveness of the ISMS
4 act
4.1 maintain and improve the ISMS
4.1.1 implement identified improvements
4.1.2 take appropriate corrective and preventative actions
4.1.3 apply lessons learned from internal and external organizations
4.1.4 communicate actions and improvements to all interested parties
4.1.5 ensure improvements achieve their intended objectives

Media attachments