Michele Moss, Booz Allen Hamilton - Build Security In

More documents

Recommendations

Info

Draft ISO/IEC 27002:2013 Security Controls • Security Policies • Organization of information security • Human resource security • Asset Management • Access Control • Cryptography • Physical and Environmental Security • Operations Security • Communications Security • System Acquisition, Development, and Maintenance • Supplier Relationships • Information Security Incident Management • Information Security Aspects of Business Continuity Management • Compliance 3/11/2013 18 Source: Booz Allen Hamilton and DoD © 2012 Utilities Telecom Council
Existing and Emerging Practices ISO/IEC 27036, Information Technology – Security Techniques – Information Security for Supplier Relationships • Addresses Acquirer and Supplier practices • Applies to all types of organizations e.g., commercial, public sector, non-profit and all types of supplier relationships that may have security implications • Harmonized with ISO standards for system/software engineering and information security • Parts 1-3 are currently Draft International Standard, Part 4 is Working Draft Part 1 – Overview and Concepts Part 3 – Guidelines for ICT Supply Chain Security Part 2 –Requirements Part 4 – Guidelines for Security of Cloud Services 19 © 2012 Utilities Telecom Council
Page 1 and 2: International Standards Efforts Hel
Page 3 and 4: Critical Infrastructure Perspective
Page 5 and 6: Mandiant APT 1 Report - February 20
Page 7 and 8: Success Involves Multiple Standards
Page 9 and 10: Panel Members • Nadya Bartol, Uti
Page 11 and 12: ISO/IEC 27036 - Information Securit
Page 13 and 14: Standards Landscape 3/11/2013 13 So
Page 15 and 16: ISO has over 90 existing cyber secu
Page 17: Why Use ISO/IEC 27001 • Integrate
Page 21 and 22: Using ISO/IEC 27036 with other SC27
Page 23 and 24: Contact Information • Nadya Barto
Page 25 and 26: Panel Members • Mike Grimm, Micro
Page 27: Questions

Michele Moss, Booz Allen Hamilton - Build Security In

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?