First Practice - Information Security Management System Implementation and ISO 27001 Certification - PowerPoint PPT Presentation

Loading...

PPT – First Practice - Information Security Management System Implementation and ISO 27001 Certification PowerPoint presentation | free to download - id: 6c3ccc-M2I3Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

First Practice - Information Security Management System Implementation and ISO 27001 Certification

Description:

Title: Slide 1 Author: Irinka Qvlividze Last modified by: Vasil Tsvimitidze Created Date: 12/7/2011 10:25:45 PM Document presentation format: On-screen Show (4:3) – PowerPoint PPT presentation

Number of Views:0
Avg rating:3.0/5.0
Date added: 21 August 2019
Slides: 15
Provided by: Irin9
Learn more at: http://www.dea.gov.ge
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: First Practice - Information Security Management System Implementation and ISO 27001 Certification


1
First Practice - Information Security Management
System Implementation and ISO 27001 Certification
2
Scope
  • NBG Services
  • Evaluation criteria
  • Services and Business processes
  • Evaluation results
  • ISO/IEC 270012013 Certification
  • Legal requirements

3
Scope
  • International Payment and Reserve Management
    Service
  • Georgian Payment and Security Settlement Service
  • Human resources, Public Relations, Chancellery,
    Logistics, Legal, Accounting, Internal Audit)
  • All Types of Information Assets

4
Approach
5
Goals
  • Ensure compliance
  • Confidentiality, Availability And Integrity
    needs.
  • Establish controls for protection.
  • Motivate employees
  • Ensure in continuity.
  • Ensure the protection of personal data (privacy).
  • Ensure the availability and reliability of
    Infrastructure.
  • Comply with - ISO/IEC 270012013.
  • Ensure in external service providers compliance.
  • Ensure flexibility and an acceptable level of
    InfoSec security

6
Acceptable Level
7
Initiation Project
  • Competent Consultancy service
  • Accreditation requirements
  • Tender documentation
  • Service requirements
  • Project Management Practice

8
Policy
  • Context of the National Bank of Georgia
  • Scope (Procedure)
  • policy (Policy)
  • Objectives (Procedure)
  • Roles and Responsibilities (Procedure)
  • Risk management (Procedure)
  • Documented information (Procedure)
  • Internal audit (Procedure)
  • ISMS Policy Manual
  • Employee Guidelines National Bank of Georgia

9
Policy Cont.
  • Business Continuity Plan
  • BCP Procedure (Procedure)
  • Business continuity (policy)
  • Risk treatment plan
  • Statement of Applicability (SoA)
  • Plan to archive Information security objectives
  • Contracting rules and templates
  • Contract template with new employee (Contract
    template)
  • Internal audit plan
  • Information classification rule (Procedure)
  • Awareness program and training presentation

10
Records, Reports
  • Business impact analysis (Record)
  • BCP Testing and Maintenance Cycles (Record)
  • BCP Testing Report (Report)
  • Assets register (Report)
  • Risk identification and assessment (Report)
  • Risk treatment report (Report)
  • ISMS objectives status report (Report)
  • Evidence of competence (Record)
  • Monitoring and measurement (Record)
  • Internal audit program (Record)
  • Internal Audit report (Report)
  • List of corrective actions with results of
    effectively analysis (Record)
  • ISMS Management review (Record)
  • ISMS Contacts with authorities and special groups
    (Record)
  • List of suppliers related to ISMS (Record)
  • Regulation about acceptance of residual risks
    (Report)

11
Decision Making
  • Maximum 1 Working day
  • Information security management committee and
    working group
  • Change management committee
  • Business continuity management committee and
    working group
  • 2 months for 1 Service.

12
Acceptable Level
13
Audit Result
  • No critical nonconformities
  • No nonconformities
  • Several recommendations
  • 8 domains are on fifth level of CMM
  • 6 domains are on fourth level of CMM
  • ISO/IEC 270012013 cerficate

14
Thank You
About PowerShow.com