Jul 09, 2017 CERT.Global 1403times

Information Security Management (ISO/IEC 270xx)

 

Why the organisation needs to improve their information security management?

  1. Risk-based thinking, the information security is crucial for business operation and shall be protected
  2. Technical compliance with latest information technology, i.e. cryptography
  3. Legal compliance, i.e. PDPA(Personal Data Protection Act), IPR
  4. Government regulation for IT service provider, i.e. telecommunication, financial, healthcare...etc.
  5. Contractual requirements, i.e. supplier contract, service level agreement
  6. Social responsibilities, common practice for IT and service management 
  7. Technically sounds and effective, i.e. vulnerability management, penetration testing (PT)
  8. Market competition, i.e. competitor

Critical success factors

  • information security policy, objectives, and activities that reflect business objectives;
  • an approach and framework to implementing, maintaining, monitoring, and improving information security that is consistent with the organizational culture;
  • visible support and commitment from all levels of management;
  • a good understanding of the information security requirements, risk assessment, and risk management;
  • effective marketing of information security to all managers, employees, and other parties to achieve awareness;
  • distribution of guidance on information security policy and standards to all managers, employees and other parties;
  • provision to fund information security management activities;
  • providing appropriate awareness, training, and education;
  • establishing an effective information security incident management process;
  • implementation of a measurement system that is used to evaluate performance in information security management and feedback suggestions for improvement.

Starting Point of Information Security Management

Considered to be essential to an organization from a legal, legislative point of view include, depending on applicable legislation:

  • business objectives 
  • data protection and privacy of personal information;
  • protection of organizational records;
  • intellectual property rights.

Considered to be common practice for information security managing include:

  • Business/Organisational risk analysis according to risk management principal (ISO 31000)
  • information security policy document;
  • allocation of information security responsibilities;
  • information security awareness, education, and training;
  • correct processing in applications;
  • technical vulnerability management;
  • business continuity management;
  • management of information security incidents and improvements. 

Learn how to manage information security with our experts.

The international standard ISO/IEC 27001:2013 sets out the requirements to establish, implement and continually improve an information security management system (ISMS) for the organisation.

Base on ISMS (ISO/IEC 270xx) family of standards, we are offering a serious of training programmes to help you to understand WHAT are the requirements, know HOW TO how to plan and implement a ISMS, and capability of audit.

 

 

Related items

Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Jul 09, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipment, people, communication, networking, system, and application.

Jul 09, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course

To compliance with ISO/IEC 27001, the organisation shall demonstrate its capability on conducting an effective Internal Audit, to ensure the management system fulfills legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures requirements.

Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.

Jul 09, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Jul 09, 2017
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services

協助企業在即時偵測惡意攻擊與可疑的內部資料外洩偵測行為,防止惡意軟體蒐集將資料外送。

Jul 09, 2017
Risk Management (ISO 31000) on Information Security Management Training Course
Risk Management (ISO 31000) on Information Security Management Training Course

Understand how to apply risk management principles (ISO 31000) on organization's information security management.

Jul 09, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course

(Registered Course Nr. PR320 / A17533)

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation and continual improvements in the management system to control the risks and achieve its expected outcome.

Jul 09, 2017
Go to top
Template by JoomlaShine