isms framework management clause_8_operations
TRANSCRIPT
iFour ConsultancyISMS-Management Clause 8 - Operation
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com1
8.1 Operational Planning and Control
Implement the actions determined in 6.1 clause
Achieve information security objectives determined in 6.2 clause
Keep information documented to have confidence
Review consequences of unintended changes to mitigate adverse effects
ASP.NET software companies India
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com2
8.1 Operational Planning and Control continued
ASP.NET software companies Indiahttp://www.cambridge-risk.com/wp-content/uploads/2014/08/Business-Continuity-Management-diagram1.png
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
3
8.1 Operational Planning and Control continuedBenefitsDevelop plans and activities to perfect and synchronize the activities and communications
Systematic and measurable operational processes with means of objective evaluations
A well balanced, thoughtful team that now has ease of communication and purposeful guidance
8.2 Information Security Risk Assessment
information security risk assessment at planned intervals
Planned interval could be taken from criteria established in clause 6.1.2 a
Retain documented information of the results
ASP.NET software companies India
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com5
8.2 Information Security Risk Assessment Continued
ASP.NET software companies India
http://www.mass.gov/anf/images/itd/risk-assessment-chart.jpg
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
6
8.2 Information Security Risk Assessment ContinuedWhyInvestment justificationClear communicationRisk awarenessPhysical and logical considerations
Qualitative v/s Quantitative approach
ASP.NET software companies India
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
7
Implement information security risk treatment plan
Retain documented information of the results of information security risk treatment
8.3 Information Security Risk TreatmentASP.NET software companies India
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
8
8.3 Information Security Risk Treatment continued
ASP.NET software companies Indiahttp://image.slidesharecdn.com/hipaariskanalysis1-150420004244-conversion-gate01/95/hipaa-risk-analysis14-26-638.jpg?cb=1429490749
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
9
Move from theory to practice
Who is going to implement each control
considerable time and effort (and money) to implement all the controls
ISO 27001 forces you to make this journey in a systematic way.8.3 Information Security Risk Treatment continuedASP.NET software companies India
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
10
ISO 27001 forces you to make this journey in a systematic way.
Conclusion
References
ASP.NET software companies India
http://www.emrisk.com/knowledge-center/newsletters/assessing-information-security-risk
http://www.vbpm.org/wp-content/uploads/2012/04/Ops-Plan-Control-WW-Synopsis-20120213-Q2.pdf
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com12
Visit our website for more detailshttp://www.ifour-consultancy.com/
iFour Consultancy ServicesASP.NET software companies India
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com13