Anil_ISMS Implementer Course - Module 1 - Introduction to Information Security

8/8/2019 Anil_ISMS Implementer Course - Module 1 - Introduction to Information Security

http://slidepdf.com/reader/full/anilisms-implementer-course-module-1-introduction-to-information-security 1/14

© Infocounselors ISMS Implementer Course (V 1.0)

ISMS Implementer Course

Module 1Introduction to Information Security



Introduction to InformationSecurity

What is Information?

Information is stimuli that has meaning insome context for its receiver. When

information is entered into and stored ina computer, it is generally referred to asdata. After processing output data canagain be perceived as information.

(Source: SearchSQLServer.com Definitions)

ISMS Implementer Course(V 1.0)

© Infocounselors 22




What is Information?

“Information” is an asset which,like other important business

assets, has value to anorganization and consequentlyneeds to be suitably protected.

(Source: ISO 27002)

ISMS Implementer Course(V 1.0)

© Infocounselors 33



Information – Life Cycle

Creation

Storage

Processing

Access

Modification TransmissionPrintingDestructio

n


© Infocounselors 44ISMS Implementer Course(V 1.0)



Data storagedevices◦

Hard disks◦ CDs / Floppies◦ Pen drives◦ Zip drives◦ Tapes / DATs ……

Physical copies◦ Printed reports,

documents, graphs…

Accessed through◦ Desktop / Laptop◦

File server◦ Internet / Webserver

◦ Mail server (mailboxes)…

Accessed by◦ Employees◦ Contractors◦ Business partners◦

Vendors ………© Infocounselors ISMS Implementer Course(V 1.0)

55

Introduction to InformationSecurityWhere the ‘Information’ islocated?




What are information risks?

Risks present at each and every step in theinformation life cycle

Risks such as● Theft

● Misuse

● Corruption

●

Denial● Destruction

● ………………………

© Infocounselors ISMS Implementer Course(V 1.0)

66




Information Security Components

Availability : Authorized users shall have access

to the information as and when required for thebusiness use

Integrity : Accuracy and completeness of information

and information processing methods

Confidentiality : Information shall be accessible onlyto the users based on need-to-know, need-to-use





Information Security:

Preservation of confidentiality,integrity and availability of information; in addition, otherproperties such as authenticity,

accountability, non-repudiation andreliability can also be involved(ISO27001)







Goal is to protect ‘Information’

3 components : A – I - C

3 pillars: People – Process – Technology


1010




A holistic or enterprise informationsecurity approach is required

Proper identification of information

to be protected

Assessment of risks to information

Risk mitigation measuresProcess based approach

Management system


1111




Approach towards enterprisesecurity:

Layered defense


1212

PersonnelPersonnel

PhysicalPhysical

TechnologyTechnology

InformationInformation




How to proceed with implementationof a structured Information SecurityManagement System (ISMS)?

Proceed to Module 2 of thiscourse……..

The complete course consists of 15modules


1313




For Feedback / Queries mail to:

[email protected]

www.infocounselors.com

Course designed and delivered by:

Mumbai – India

© Infocounselors ISMS Implementer Course(V 1 0)

1414

mailto:[email protected]

http://www.infocounselors.com/

http://www.infocounselors.com/

mailto:[email protected]

Documents

Anil_ISMS Implementer Course - Module 1 - Introduction to Information Security