Michele Moss, Booz Allen Hamilton - Build Security In

More documents

Recommendations

Info

Guidelines Requirements Terminology Governance ISO/IEC Information Security Management System (ISMS) Family of Standards ISO/IEC 27000 – Overview and Vocabulary ISO/IEC 27001 – ISMS Requirements ISO/IEC 27006 – Audit & Certification Requirements ISO/IEC 27002 – Code of Practice ISO/IEC 27003 – ISMS Guidelines ISO/IEC 27007 – Audit Guidelines ISO/IEC 27008 – Guidance for auditors on ISMS controls ISO/IEC 27004 – Measurement ISO/IEC 27005 – Risk Management ISO/IEC 270XX (concept) – ISO/IEC 2700X (concept) – Sector-Specific Guidelines Sector-Specific Guidelines ISO/IEC 27017 (concept) – ISO/IEC 27017 - ISMS – Code of practice for information security controls for cloud computing services Security Engineering Tamper Protection Study Period ISO/IEC 15408 - Common Criteria ISO/IEC 21913 – Secure System Engineering Principles and Techniques ISO/IEC 20004-Secure software development and evaluation under ISO/IEC 15408 and ISO/IEC 18405 Implementation ISO/IEC 27034– Application Security ISO/IEC 27036– Supplier Relationships ISO/IEC 27033– Network Security 3/11/2013 16 Source: Booz Allen Hamilton © 2012 Utilities Telecom Council
Why Use ISO/IEC 27001 • Integrate security governance into business and IT processes Plan – Standardize security processes and controls – Establish a common approach to risk management – Reduce the likelihood, severity, duration and cost of incidents Establish • Establish risk-based control selection as a standard for risk management – Focus resources only on your organization’s risks – Facilitate identification and elimination (or minimal retention) of non-critical data Do Implement and operate Maintain and improve Act – Ensure costs reflect the risk’ appetite • Use ISMS processes to improve overall asset management capabilities – Identify and eliminate redundant, duplicate and obsolete assets – Enable simplified cost determination for new or revised control deployments Monitor and review Check – Provide risk reference point for both operations and management Source: Booz Allen Hamilton and DoD © 2012 Utilities Telecom Council
Page 1 and 2: International Standards Efforts Hel
Page 3 and 4: Critical Infrastructure Perspective
Page 5 and 6: Mandiant APT 1 Report - February 20
Page 7 and 8: Success Involves Multiple Standards
Page 9 and 10: Panel Members • Nadya Bartol, Uti
Page 11 and 12: ISO/IEC 27036 - Information Securit
Page 13 and 14: Standards Landscape 3/11/2013 13 So
Page 15: ISO has over 90 existing cyber secu
Page 19 and 20: Existing and Emerging Practices ISO
Page 21 and 22: Using ISO/IEC 27036 with other SC27
Page 23 and 24: Contact Information • Nadya Barto
Page 25 and 26: Panel Members • Mike Grimm, Micro
Page 27: Questions

Michele Moss, Booz Allen Hamilton - Build Security In

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?