• Home

  • Documents

  • Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team...
12
Compliance Case Study

Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

Compliance

Case Study

Page 2: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

2

Solution/Service Title

Client Overview Client Challenge

Scope

Key Benefits

Results

Client Industry

Page 3: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

3

Certifications

Page 4: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

4

Big Picture of the Certification Journey

Page 5: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

5

ISO/IEC 27001:2013 Annex A Reference

Page 6: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

6

Team composition

1 ISO 27001 Lead Auditor2 Cyber Security Auditors

Page 7: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

7

Initial Assessment Overview

1Documentation analysisInformal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization's information security policy, Statement of Applicability (SoA) and Risk Treatment Plan (RTP). This stage serves to familiarize the assessors with the organization and vice versa.

2

3

4

5Interviews phaseA more detailed and formal check, independently testing the ISMS against the requirements specified in ISO/IEC 27001. The assessors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS).

Security posture analysisUD team process findings collected during interviews and checks, this is the phase where we write down what we have found during the main audit – names of persons we spoke to, quotes of what respondentsaid, IDs and content of records we examined, description of facilities we visited, observations about the equipment we checked, etc

RecommendationsFollowing the evaluation, the team prepare comprehensive roadmap to rapidly eliminate nonconformities, detailed recommendations following the ISO/IEC 27002:2013 best practice guidance

Final resultsThe team deliver Initial Assessment Report, make final presentation that represent key findings and mapped roadmap to future improvements

Page 8: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

8

Documentation analysis

Page 9: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

9

Security posture analysis

Page 10: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

10

Recommendations

Hardware and software inventory

Risk assessment plan

Roadmap

Access control procedures

Clean Desk Policy

Statement of Applicability

Change management

Antivirus procedures

Backup process

Vulnerability Management

Network Controls

SDLC procedures

Incident Response

Security Awareness

Disaster Recovery

Page 11: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

11

Final results

Page 12: Case Study Compliance - UnderDefense€¦ · ISO/IEC 27001:2013 Annex A Reference . 6 Team composition ... 27001 Lead Auditor 2 Cyber Security Auditors. 7 Initial Assessment Overview

Thank you!

Ukraine Poland Malta USA

12

https://underdefence.com/wp-admin/post.php?post=44&action=edit#

ISO 27001:2005 Information Security Management Systems 27001.pdfSejarah ISO 27001:2005 (ISMS) ISO 27001:2005 atau yang disebut juga ISO 17799:2005-2 adalah suatu standar keamanan yang

ISO 27001:2005 Information Security Management Systems 27001.pdfSejarah ISO 27001:2005 (ISMS) ISO 27001:2005 atau yang disebut juga ISO 17799:2005-2 adalah suatu standar keamanan yang

Documents
27001 Guidelines

27001 Guidelines

Documents
SGSI 27001

SGSI 27001

Documents
Aplicando Iso 27001

Aplicando Iso 27001

Documents
ISO 27001 -6

ISO 27001 -6

Education
Palestra - IsO 27001

Palestra - IsO 27001

Documents
CSA STAR - BSI Group · for a CSA STAR audit • Recommended for ISO/IEC 27001 qualified auditors or those with equivalent knowledge and experience Advanced Auditing Cloud Security

CSA STAR - BSI Group · for a CSA STAR audit • Recommended for ISO/IEC 27001 qualified auditors or those with equivalent knowledge and experience Advanced Auditing Cloud Security

Documents
ISO 27001 4

ISO 27001 4

Education
27001 S21SEC

27001 S21SEC

Documents
Charla 27001

Charla 27001

Documents
Szkolenia IT - Akademia MDDP · Foundation). » Audytor ISO/IEC 27001 (PECB ISO/IEC 27001 Lead Auditor). » Wdrożenie normy ISO/IEC 27001 (PECB ISO/ IEC 27001 Lead Implementer)

Szkolenia IT - Akademia MDDP · Foundation). » Audytor ISO/IEC 27001 (PECB ISO/IEC 27001 Lead Auditor). » Wdrożenie normy ISO/IEC 27001 (PECB ISO/ IEC 27001 Lead Implementer)

Documents
Isoiec 27001

Isoiec 27001

Technology
Transitioning from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Transitioning from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Documents
ISO 27001 IMPLEMENTATION - ISACAsfisaca.org/images/SF ISACA March16 ISO 27001 Implementation.pdfISO 27001 IMPLEMENTATION Presented to: ISACA ... •An Information Security Management

ISO 27001 IMPLEMENTATION - ISACAsfisaca.org/images/SF ISACA March16 ISO 27001 Implementation.pdfISO 27001 IMPLEMENTATION Presented to: ISACA ... •An Information Security Management

Documents
Mapping of ISO 27001:2005 with ISO 27001:2013

Mapping of ISO 27001:2005 with ISO 27001:2013

Technology
Iso 27001 10_apr_2006

Iso 27001 10_apr_2006

Technology
PECB CERTIFIED ISO/IEC 27001 LEAD AUDITOR · Internal auditors Auditors wanting to perform and lead an ISMS certification audits Members of an Information Security team Technical

PECB CERTIFIED ISO/IEC 27001 LEAD AUDITOR · Internal auditors Auditors wanting to perform and lead an ISMS certification audits Members of an Information Security team Technical

Documents
Implementacion iso 27001 - openaccess.uoc.eduopenaccess.uoc.edu/webapps/o2/bitstream/10609/... · Conociendo la ISO 27001 – ISO 27002 ISO 27001 La ISO 27001 es una norma internacional

Implementacion iso 27001 - openaccess.uoc.eduopenaccess.uoc.edu/webapps/o2/bitstream/10609/... · Conociendo la ISO 27001 – ISO 27002 ISO 27001 La ISO 27001 es una norma internacional

Documents
Certificación de SGSI 27001 - Hermes Sistemas SGSI 270… · (ISO 27001) ISO 27001 es el estándar internacional para los SGSI, y ... UNE ISO/IEC 27001:2007/1M Dic. 2009 (correspondencia

Certificación de SGSI 27001 - Hermes Sistemas SGSI 270… · (ISO 27001) ISO 27001 es el estándar internacional para los SGSI, y ... UNE ISO/IEC 27001:2007/1M Dic. 2009 (correspondencia

Documents
Von Berlin nach Brüssel und zurück De-Mail, eIDAS und die ... · ISO 27001 nativ (A9, A11) ISO/ICE 29115 ISO 27001 nativ ISO 27001 nativ ISO 27001 nativ (A10) ISO 27001 nativ Signaturen:

Von Berlin nach Brüssel und zurück De-Mail, eIDAS und die ... · ISO 27001 nativ (A9, A11) ISO/ICE 29115 ISO 27001 nativ ISO 27001 nativ ISO 27001 nativ (A10) ISO 27001 nativ Signaturen:

Documents
ISO IEC 27001

ISO IEC 27001

Documents
PECB CERTIFIED ISO/IEC 27001 LEAD AUDITOR · PECB CERTIFIED ISO/IEC 27001 LEAD AUDITOR 855.476.2701 | Training@iCertWorks.com | Internal auditors Auditors wanting to perform and lead

PECB CERTIFIED ISO/IEC 27001 LEAD AUDITOR · PECB CERTIFIED ISO/IEC 27001 LEAD AUDITOR 855.476.2701 | [email protected] | Internal auditors Auditors wanting to perform and lead

Documents
Estandares ISO 27001

Estandares ISO 27001

Technology
Auditor Registration Scheme for Information Security ...nbqp.qci.org.in/auditor/upload/Auditors/NBQP-ISMS Auditor Criteria.pdfcontents of ISO/IEC 27001:2013 Information technology

Auditor Registration Scheme for Information Security ...nbqp.qci.org.in/auditor/upload/Auditors/NBQP-ISMS Auditor Criteria.pdfcontents of ISO/IEC 27001:2013 Information technology

Documents
ISO 27001 Global Report - Consultia · ISO 27001 Global Report 2015 ISO 27001 certification is the norm 84% of organisations that have implemented an ISO 27001-compliant information

ISO 27001 Global Report - Consultia · ISO 27001 Global Report 2015 ISO 27001 certification is the norm 84% of organisations that have implemented an ISO 27001-compliant information

Documents
NBR ISO 27001

NBR ISO 27001

Documents
Auditors guide-iso-27001-on-russian

Auditors guide-iso-27001-on-russian

Technology
ISO 27001 –nowy standard bezpieczeństwa - security.dga.plsecurity.dga.pl/content/Konferencje_CryptoCon2006_DGA_060830.pdf · ISO/IEC 27001 –Spis treści ISO/IEC 27001 Wymagania

ISO 27001 –nowy standard bezpieczeństwa - security.dga.plsecurity.dga.pl/content/Konferencje_CryptoCon2006_DGA_060830.pdf · ISO/IEC 27001 –Spis treści ISO/IEC 27001 Wymagania

Documents
Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

Documents
ISO 27001 Introduction - lpm.ulm.ac.idlpm.ulm.ac.id/download/Introduction ISMS ISO 27001.pdf · •2005 ISO 27001 specification was published –contains Audit Requirements, with

ISO 27001 Introduction - lpm.ulm.ac.idlpm.ulm.ac.id/download/Introduction ISMS ISO 27001.pdf · •2005 ISO 27001 specification was published –contains Audit Requirements, with

Documents