Information’ is no doubt one of the most critical and strategic asset for any enterprise operating in this global arena. This information ranges from typical office documents to the information stored in highly sophisticated information systems. Most enterprises today relay on complex Information and Communication Technologies and Devices to transmit this information. Information must only be shared with the intended stakeholders (i.e. Confidentiality), must always be correct and up to date (i.e. Integrity) and available 24/7 (i.e. Availability).
•Overview to ISO 27001 (Information Security Management System- ISMS)
oSecurity Policy
oOrganization of information security
oAsset management
oHuman resource security
oPhysical and environmental security
oCommunications and operations management
oAccess control
oInformation systems acquisition , development and maintenance
oInformation security incident management
oBusiness continuity management
oInformation security compliance
•Implementing ISO 27001
oScope and Initiation
oAs-Is Analysis
oGap Analysis
oCharter of change
oTo-Be Process Development
oRisk assessment & asset valuation
oInternal / external audits
oTransition
•Group Case study