Registration Assessment ISO 27001:2013

ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO 27001: This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing; implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties

AWARNESS:

  .  The quality or state of being secure to be free from danger

  .  Security is achieved using several strategies

  .  Security is achieved using several strategies simultaneously or used in combination with one another

  .  Security is recognized as essential to protect vital processes and the systems that provide those processes

  .  Security is not something you buy, it is something you do

  .  The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and       vulnerability scans working together

  .  Monitored 24x7

  .  Having People, Processes, Technology, policies & procedures

  .  Security is for PPT and not only for appliances or devices

RISK?

Risk: A possibility that a threat exploits vulnerability in an asset and causes damage or loss to the asset.

THREAT

Threat: Something that can potentially cause damage to the organization, IT Systems or network.

Threat Sources
Source
Motivation
Threat
External Hackers Challenge Ego Game Playing System hacking Social engineering Dumpster diving
Internal Hackers Deadline Financial problems Disenchantment Backdoors Fraud Poor documentation
Terrorist Revenge Political System attacks Social engineering Letter bombs Viruses Denial of service
Poorly trained employees Unintentional errors Programming errors Data entry errors Corruption of data Malicious code introduction System bugs Unauthorized access
VULNERABILITY

Vulnerability: A weakness in the organization, IT Systems, or network that can be exploited by a threat.

Password Guidelines
  • Always use at least 8 character password with combination of alphabets, numbers and special characters (*, %, @, #, $, ^)
  • Use passwords that can be easily remembered by you
  • Change password regularly as per policy
  • Use password that is significantly different from earlier passwords
 

Enquiry

 Name :
 E-mail :
 Mobile :
 Query :