artificial intelligence bsc - iso 27001 information security
TRANSCRIPT
HOW TO BUILD EFFECTIVE FORMS
• IF A FIELD REPEATS THEN DESIGN IT AS COLUMNS OTHERWISE ROWS• FORM NO AND FORM NAME MUST BE UNIQUE. • FORM NAME SHOULD DESCRIBE ITSELF• IF POSSIBLE, DATA ENTRY SCREEN AND FORM DESIGN SHOULD BE SIMILAR.• IF THE FORM IS USED IN COMPUTER, USE COMBO BOX STRUCTURE IF
POSSIBLE.• IF POSSIBLE, FORM NAME AND FORM NAME IN COMPUTER MUST BE THE
SAME.
HOW TO BUILD EFFECTIVE REPORTS:• TIME OF REPORT & DATE on every Page• TOTAL-AVERAGE-COUNT ETC.• DISC-MONITOR-PRINT
What is BALANCED SCORECARD?
Don’t forget to read the following paper !
• Cebeci, U. (2009). Fuzzy AHP-based decision support system for selecting ERP systems in textile industry by using balanced scorecard. Expert Systems with Applications, 36(5), 8900-8909.
ARTIFICIAL INTELLIGENCE
• EXPERT SYSTEMS-(Chess Game, DIAGNOSIS• FUZZY LOGIC• PATTERN RECOGNITION• ROBOTICS• MACHINE LEARNING• NATURAL LANGUAGE PROCESSING• SEARCH ENGINES• NEURAL NETWORKS• GENETIC ALGORITHMS
TG4.1 Introduction to Intelligent Systems
Intelligent systems Artificial intelligence (AI)
© Luis Alonso Ocana/Age Fotostock America, Inc.
TG 4.2 Expert Systems
Expertise Expert systems (ESs)
Expertise Transfer from Human to Computer
Knowledge acquisitionKnowledge representationKnowledge inferencingKnowledge transfer
The Components of Expert Systems
Knowledge base Inference engine User interface Blackboard Explanation subsystem
TG4.3 Neural Network
TG 4.5 Genetic Algorithms
Genetic algorithms have three functional characteristics:
• Selection
• Crossover:
• Mutation:
TG 4.6 Intelligent Agents
Information AgentsMonitoring-and-Surveillance AgentsUser Agents
Fuzzy Logic
• By using fuzzy logic, we can convert some linguistic variables to numbers so that we can process the values in computers.
• Define membership function : to be tall for turkish boys
• (Example: To be old)
Information Security Management System (ISMS)
ISO 27001 Standard
What is ISMS?
• That part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.
(ISO/IEC 27001:2005 Clause 3.7)
INFORMATION SECURITY MANAGEMENT
Factors affecting ISMS
Escalating RiskGlobalization
Legislation
Government
NGOs
Competition - cost
Corporate culture
Employee
Union Corporate vision & policy
Shareholder
Customer requirements
Consumer
Competition-business
Neighbor
Societal values
Risk toleranceInsurance
Compatibility with other standards• ISO 9001
Quality Management Systems – requirements
• ISO 14001Environmental Management Systems – specification
with guidance for use
PURPOSE OF ISO 27001
Benefits of ISMS• To protect an organization’s information assets in
order to: ensure business continuity, minimize business damage, and maximize return on investments
• Internationally recognized, structured methodology• Defined process to evaluate, implement, maintain,
and manage information security,• Tailored policies, standards, procedures, and
guidelines
Benefits of ISMS• Efficient and effective security planning and
management• Increased credibility, trust and confidence of partners
and customers• Compliance to all relevant commitment• Compatibility with other standards
Information security concepts
Non-Repudiation
Availability
AccountabilityIntegrity
Reliability
Confidentiality
Accountability
Plan-Do-Check-Act cycle & Continual Improvement
Take actions to continually improve process performance – effectiveness and efficiency
Establish objectives necessary to deliver results in accordance with customer requirements and the organization’s policies
Implement the processesMonitor and measure processes and product against policies, objectives and requirements
PDCA Model applied to ISMS processes
ISO 27001 REQUIREMENTS
ISO 27001 REQUIREMENTS
ISO 27001 Requirements
• 1 Scope– 1.1 General– 1.2 Application
• 2 Normative References• 3 Term and definitions• 4 Information security management system
– 4.1 General requirements– 4.2 Establishing and managing the ISMS– 4.3 Documentation requirements
ISO 27001 Requirements
• 5 Management Responsibility– 5.1 Management commitment– 5.2 Resource management
• 6 Internal ISMS audits• 7 Management review of the ISMS
– 7.1 General – 7.2 Review input– 7.3 Review output
ISO 27001 Requirements
• 8 ISMS Improvement– 8.1 Continual improvement– 8.2 Corrective action– 8.3 Preventive action
Audit / Certification Process
Pre-assessment (Optional)
Stage 1: Desk Study
Stage 2: Certification Audit
Surveillance 1
Surveillance 2
Surveillance 3 Surveillance 3
Surveillance 5
Stage 1: Desk Study•Evaluate the location and site-specific conditions•Collection of information regarding the scope of supply chain SMS, information about risk assessment performed and processes•Relevant ISMS documentation and records•Previous audit reports
Stage 2: Certification Audit•Obtain information and evidence about conformity to all requirements of the applicable normative document•Operational control•Internal auditing and Management review
Surveillance Audits•Maintenance visits•Verify continuous implementation of the system in accordance with the requirements of the standard•Evaluation of the effectiveness of corrective action implementation to previously raised NCs
Failure Mode and Effects Analysis Technique for Information Security
• Fill the second line above (fire risk) for the company