Search in ISMS Guides

Google
 

Tuesday, October 2, 2007

ISMS Implementation Guide

By Vinod Kumar Puthuseeri
Information Security Consultant

Objective
This paper can serve as a guideline for the implementation of ISMS practices using BS7799 / ISO 27001 standards. To give an insight and help those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.

Scope
This document will cover the requirements from an audit point of view, methods and tips on implementing ISMS practices.

Standard
BS7799 / ISO 27001
BS7799 is a British Standard that addresses Information Security in all areas including Physical Security. BS7799 was incorporated with some of the controls from ISO 9000 and the latest version is called ISO 27001.

There are 11 chapters in the ISO 27001 version.


Table of Contents

Objective
Scope
Standard
- BS7799 / ISO 27001
- The CIA triad
- PDCA Model
- Benefits
Management
- Management Commitment
- Case Study
Implementation Process
- The team
- Define the Scope
- Risk Assessment
Asset e Inventory
Asset e Value
Risk Value
Business Impact Analysis (BIA)
Probability of Occurrence
Risk Assessment Tools
Why identify the risk value
- Risk Management
Deciding Assets for Risk Mitigation
Different Methods of Handling Risks
- Statement of Applicability (SOA)
Business Continuity Plan & Disaster Recovery (BCP & DR)
- Process
- Business Impact Analysis
Audit
- Pre-Assessment Audit (Adequacy Audit)
- Document Review
- On Floor Audit
- Internal Audit
Desktop Audit
User Awareness Audit
Technical a Audit
Social a Engineering
Physical Security
Post Audit Check
User Awareness
- Train the trainer approach
- Without train the trainer approach
- Training Materials
Reference
Declaration
Disclaimer
Copyright
Contact
GNU Free Documentation License

Link : http://www.infosecwriters.com/text_resources/pdf/ISMS_VKumar.pdf

No comments: