null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
67766
Security Mgt, ISO 27001, PDCA
Description
IYM001 Mind Map on Security Mgt, ISO 27001, PDCA, created by jjanesko on 02/05/2013.
No tags specified
iym001
iym001
Mind Map by
jjanesko
, updated more than 1 year ago
More
Less
Created by
jjanesko
over 11 years ago
274
22
0
Resource summary
Security Mgt, ISO 27001, PDCA
plan
establish ISMS
define policy
includes framework for setting objectives
takes into account requirements
business
regulatory
contractual
legal
aligns with strategic risk mgt context
establishes risk evaluation criteria
approved by management
define scope and boundaries based on
business characteristics
location
assets and technology
define risk assessment approach
define suitable methodology
define criteria for accepting risks
define acceptable risk levels
identify risks
1. identify assets & owners
2. identify threats
3. identify vulnerabilities
4. identify impacts of loss of confidentiality, integrity, availability on asses
analyze & evaluate risks
asess business impacts on organization from security failures
assess likelihood with respect to currently implemented controls
estimate the levels of risks
determine if risks are acceptable using criteria for accepting risk
identify options for risk treatment
controls
accept
avoid
transfer
select controls
obtain management approval of residual risk
prepare statement of applicability
documents control objectives, selected controls and reasoning
currently implemented control objectives and controls
any excluded ccontrol objectives and justification
do
implement and operate the ISMS
implement
policy
controls
processes
procedures
formulate risk treatment plan which identifies for risk management
management action
resources
responsibilities
priorities
implement selected controls
define how to measure and assess effectiveness
implement training and awareness programmes
manage ISMS operation
manage ISMS resources
implment procedures and controls capable of prompt detection of & response to security events
check
monitor and review the ISMS
execute monitoring & reviewing procedures to
detect erros in processing results
promptly identify security breaches
enable management security activites are performing as expected
activities assigned to people
activities implemented in IT
help detect and prevent security incidents by use of indicators
determine whether actions to resolve a breach were effective
undertake regular reviews of effectiveness
see results of security audits
incident logs
results from effectiveness measurements
suggestions and feedback from stakeholders
measure effectivness of controls that verify security requirements have been met
Review risk assessment at regular intervals, taking in account changes to
the organization
technology
business objectives and processes
identified threats
effectiveness of implemented controls
external evants such as regulatory changes
conduct internal audit
undertake regular management review of ISMS
update security plans based on monitoring and review
record actions and events that could have an impact on the effectiveness of the ISMS
act
maintain and improve the ISMS
implement identified improvements
take appropriate corrective and preventative actions
apply lessons learned from internal and external organizations
communicate actions and improvements to all interested parties
ensure improvements achieve their intended objectives
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
Exemplary Assignment Answers
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt U8, Information Assurance
jjanesko
Security Mgt U3, BS7799 (Part 2)
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt U5, risk analysis & mgt (part 2)
jjanesko
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt U5, Risk Analysis Methods and Tools (image)
jjanesko
Security Mgt U10, Scope of Incident Response (chart)
jjanesko
Browse Library