1. Three aspects of information security:
Confidentiality
Integrity
Availability
Confidentiality
Integrity
Availability
2. ISO PDCA Model:
Plan - Establish the ISMS
Do - Implement and Operate the ISMS
Check - Monitor and Review ISMS
Act - Maintain and Improve ISMS
Plan - Establish the ISMS
Do - Implement and Operate the ISMS
Check - Monitor and Review ISMS
Act - Maintain and Improve ISMS
3. Risk
Assessing security risks
Treating security risks
Risk Priority Number (RPN) = Severity x Occurrence x weakness
Assessing security risks
Treating security risks
Risk Priority Number (RPN) = Severity x Occurrence x weakness
4. The ISMS documentation:
Statement of ISMS Policy
Control of documents
Control of records
Risk assessment and treatment plan
Internal ISMS audits
Management Review of the ISMS
Corrective and Preventive actions
Statement of ISMS Policy
Control of documents
Control of records
Risk assessment and treatment plan
Internal ISMS audits
Management Review of the ISMS
Corrective and Preventive actions
5. Audit findings:
Noteworthy efforts
Observations
Non-conformities
Noteworthy efforts
Observations
Non-conformities
Annex A: Control Objectives and controls:
5. Information security policy
6. Organization of information security
7. asset management
8. human resources security
9. Physical and environment security
10. communications and operations management
11. access control
12. information systems acquisition, development and maintenance
13. management of information security incidents and improvement
14. Business continuity management
15. Compliance
5. Information security policy
6. Organization of information security
7. asset management
8. human resources security
9. Physical and environment security
10. communications and operations management
11. access control
12. information systems acquisition, development and maintenance
13. management of information security incidents and improvement
14. Business continuity management
15. Compliance