ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what...
Transcript of ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what...
![Page 1: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/1.jpg)
ISO27000 MICRO BOOT CAMP
DIRK MAIJ, CISSP ONYX CYBERSECURITY
![Page 2: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/2.jpg)
AGENDA
THEORETICAL PART WHAT IS ISO27000 HOW DOES AN IMPLEMENTATION PROJECT
PRACTICAL PART MICRO IMPLEMENTATION
![Page 3: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/3.jpg)
PRESENTATION RULES
NO MOBILE PHONES OR AT LEAST SET TO QUIET FREE TO ASK QUESTIONS, RAISE HAND FREE TO GIVE REMARKS, KEEP IT IN CONTEXT
![Page 4: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/4.jpg)
THE THEORY
![Page 5: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/5.jpg)
INFORMATION SECURITY WHAT IS INFORMATION ANYWAY?
![Page 6: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/6.jpg)
CIA TRIAD
Confidentiality
Integrity Availability
![Page 7: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/7.jpg)
WHAT IS ISO27KINTERNATIONAL STANDARD FRAMEWORK MOST POPULAR STANDARD WORLDWIDE SET OF AROUND 30 DOCUMENTS 1 PARTICULARLY INTERESTING ISO 27001
![Page 8: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/8.jpg)
WHY ISO27K?
COMPLIANCE TO LAW OR REGULATION (SOX, BASEL III, PCI-DSS, ETC) BETTER MARKET POSITION LOWERING COST IMPROVING COMPANY PROCESSES
https://www.youtube.com/watch?v=Mpt5_RsLH6o
![Page 9: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/9.jpg)
ALTERNATIVES TO ISO27K
CYBERSECURITY FRAMEWORK (NIST) STANDARD OF GOOD PRACTICE (ISF) NIST SP 800 SERIES RISK FRAMEWORKS LIKE COBIT, OCTAVE, COSO ETC
![Page 10: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/10.jpg)
MAIN ADVANTAGES OF ISO
CERTIFICATION CONTINUOUS IMPROVEMENT INTERNATIONALLY ACCEPTED RELATIVELY WELL KNOWN, SO MUCH INFORMATION AVAILABLE
![Page 11: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/11.jpg)
![Page 12: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/12.jpg)
INFORMATION SECURITY MANAGEMENT SYSTEM
SET OF POLICIES, PROCEDURES, STANDARDS AND GUIDELINES AGREED TO BY MANAGEMENT IN PLACE TO PROTECT INFORMATION / ASSETS ESSENTIALLY MANAGES RISK
![Page 13: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/13.jpg)
RISK
THE PROBABILITY OR THREAT OF QUANTIFIABLE DAMAGE, INJURY, LIABILITY, LOSS, OR ANY OTHER NEGATIVE OCCURRENCE THAT IS CAUSED BY EXTERNAL OR INTERNAL VULNERABILITIES, AND THAT MAY BE AVOIDED THROUGH PREEMPTIVE ACTION.
![Page 14: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/14.jpg)
RISK MANAGEMENT METHODS
ASSET BASED ISACA RISK IT FRAMEWORK / COBIT 5 COSO OCTAVE CRAMM STANDARDS OF GOOD PRACTICE FAIR
![Page 15: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/15.jpg)
PHASES OF THE PROJECT
PLAN (4,5,6) DO (7,8) CHECK (9) ACT (10)
![Page 16: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/16.jpg)
PLAN
GET MANAGEMENT SUPPORT DETERMINE SCOPE CREATE INVENTORY OF INFORMATION ASSETS ANALYSE RISKS AND DETERMINE TREATMENT
![Page 17: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/17.jpg)
DOEXECUTE RISK TREATMENT CONTROLS MONITOR AND MEASURE CONTROLS
![Page 18: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/18.jpg)
CHECKANALYSE MEASUREMENTS REVIEW ISMS
![Page 19: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/19.jpg)
ACT
PERFORM CORRECTIVE ACTIONS ADJUST ISMS CONTINUAL IMPROVEMENT
![Page 20: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/20.jpg)
CERTIFICATION
![Page 21: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/21.jpg)
CERTIFICATION
PHASE 1: DOCUMENTATION AUDIT PHASE 2: MAIN AUDIT SURVEILLANCE VISITS (YEARLY) 3 YEARS VALID, AFTER THAT RECERTIFICATION NEEDED
![Page 22: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/22.jpg)
IN PRACTICEISO27001 MICRO BOOT CAMP
https://www.youtube.com/watch?v=AskktIDYe3A
chris davenporthttps://www.youtube.com/watch?
![Page 23: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/23.jpg)
![Page 24: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/24.jpg)
PICK 5 IMPORTANT ASSETS
HardwareSoftware
Information InfrastructurePeople
Outsourced services
![Page 25: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/25.jpg)
PER ASSET, PICK 2 THREATS AND VULNERABILITIES
FireFloodFraud
Falsification of records
Loss of electricitySoftware errors
Social engineeringTheft
Unauthorized use of copyright material
User error
Default passwords not changed
THREATS VULNERABILITIES
Inadequate physical protection
Inadequate security awarenessLocation vulnerable to flooding
Too much power in one person
Unmotivated employees
Uncontrolled download from the Internet
![Page 26: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/26.jpg)
DETERMINE LIKELIHOOD / IMPACT
QUALITATIVE
Low
Medium
High
QUANTITATIVE
Probability %
Value $
Cost of incident $
![Page 27: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/27.jpg)
FILL RISK MATRIX
![Page 28: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/28.jpg)
DETERMINE RISK TREATMENT LEVEL
Likelihood + Impact = Risk level
All risks get a value, determine maximum acceptance level (for instance 7)
![Page 29: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/29.jpg)
DETERMINE RISKS TO TREAT
All risks above risk level
- Mitigate
- Accept
- Transfer
- Avoid
![Page 30: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/30.jpg)
DETERMINE RISK TREATMENT
For all mitigated risks, choose risk treatment
![Page 31: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/31.jpg)
RINSE AND REPEAT
![Page 32: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/32.jpg)
![Page 33: ISO27000 MICRO BOOT CAMP - ISACA Curacaoisacacuracao.com/.../10/ISO-Micro-Boot-Camp-Curacao...what is iso27k international standard framework most popular standard worldwide set of](https://reader033.fdocuments.us/reader033/viewer/2022042206/5ea804e72022bf2e52428858/html5/thumbnails/33.jpg)
[email protected] +31(0) 612 930 341