ISMS Consultancy for JPKN Project Kick-off Meeting 12th May 2011
Agenda •
•
•
Project Objective & Key Stakeholders Overview of ISMS Project Management Plan –
–
–
–
•
•
•
Project Organization Project Phases Activities & Deliverables Project Plan (WBS)
Project Risks & Critical Success Factors Project Monitoring & Communication Plan Project “Scope” & “Not in Scope”
Project Objective •
The main objective of this project is to achieve ISO/IEC 27001:2005 Certification for the –
JPKN Head Quarters (JPKN HQ) •
–
Scope of certification to be decided / agreed upon
State Government Data Centre (JPKN DC)
Key Stakeholders •
•
•
JPKN – Sabah State Government organization, responsible for providing efficient IT services to various state government organizations and citizen services HeiTech Padu – A leading ICT service provider in Malaysia. It manages many mission critical projects for both public and private sector organizations Paladion – An Information Security and Risk Management service provider, serviced many public and private institutions around the world for their various needs in Information Security
ISMS Overview
Overview of ISMS •
ISMS is –
–
An organizational approach to Information Security Business risk based approach to •
establish,
•
implement, operate,
•
monitor, review,
•
maintain and improve information security
ISO/IEC 27001 Standard •
•
A management standard that helps to build, maintain and improve an Information Security Management System (ISMS) Based on –
–
–
–
•
Risk Assessment, Treatment Plan-Do-Check-Act model (similar to ISO/IEC 9001) 8 main clauses 11 domains & 133 controls
Global acceptance –
No. of certifications worldwide – 7136 (as at April 2011 )
Number of Certifications COUNTRY
TOTAL
Japan
3790
India
516
China
495
UK
460
Taiwan
410
Germany
154
Korea
106
Czech Republic
101
USA
99
Hungary
72
Spain
67
Italy
64
Poland
58
Malaysia
52
•
•
84 countries embarked on ISMS Malaysia is at no. 14 as at April 2011
ISO/IEC 27001 Requirements •
8 Main Clauses –
Clause 1
: Scope
–
Clause 2
: Normative Reference
–
Clause 3
: Terms and Definitions
–
Clause 4
: Info. Security Management System
–
Clause 5
: Management Responsibility
–
Clause 6
: Internal ISMS Audits
–
Clause 7
: Management Review of the ISMS
–
Clause 8
: ISMS Improvement
ISO/IEC 27001 – Annexure A Controls A.15 Compliance
A.5 Information Security Policy
A.14 Business Continuity Management
A.6 Organisation of Information Security
A.13 Information Security Incident Management
A.7 Asset Management
A.12 Information Systems Acquisition, Development and Maintenance A.11 Access Controls