When implementing an information security management system (based on ISO/IEC 27001) you need to conduct a risk analysis (based on ISO/IEC 27005) and implement information security controls (based on ISO/IEC 27002). In order to better understand the IT governance framework of the organization, you can refer to service management systems (based on ISO/IEC 20000). Moreover, you have to properly consider security incident management (based on ISO/IEC 27035) and you must ensure that the organization has business continuity and recovery capabilities (based on ISO 22301).
Recorded Webinar: https://youtu.be/aY_envTRGRY
How an Integrated Management system helps you comply with new Cyber Laws and Regulations
1.
2. Key points
1. Establishing the concept of integrated management
system;
2. Explain the concept to different roles associated;
3. Use the international standards as appropriate;
4. Give some examples how integrated management system
helps to comply with new field regulation.
4. Obligations for IT security, data protection, business continuity, and internal goals
5. Obligations for IT security, data protection, business continuity, and internal goals
IT, risk, information- and cybersecurity and business continuity actions
6. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
7. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
8. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
9. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
10. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
11. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
12. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
13. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
14. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
15. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
16. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
17. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
18. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
19. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
20. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
21. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
22. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
23. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
24. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
25. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles
26. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO
27. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO
28. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO CTO
29. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO CTO RM
30. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO CTO RM CISO
31. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO CTO RM CISO CISA
32. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO CTO RM CISO CISA BCM
33. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
Roles CEO CIO CTO RM CISO CISA BCM
34. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001
Roles CEO CIO CTO RM CISO CISA BCM
35. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301
Roles CEO CIO CTO RM CISO CISA BCM
36. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000
Roles CEO CIO CTO RM CISO CISA BCM
37. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005
Roles CEO CIO CTO RM CISO CISA BCM
38. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032
Roles CEO CIO CTO RM CISO CISA BCM
39. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035
Roles CEO CIO CTO RM CISO CISA BCM
40. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Roles CEO CIO CTO RM CISO CISA BCM
41. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes
Roles CEO CIO CTO RM CISO CISA BCM
42. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Roles CEO CIO CTO RM CISO CISA BCM
43. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
Roles CEO CIO CTO RM CISO CISA BCM
44. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
Roles CEO CIO CTO RM CISO CISA BCM
45. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
IT risk analysis and
communication
Roles CEO CIO CTO RM CISO CISA BCM
46. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
IT risk analysis and
communication
IS &
auditing
Roles CEO CIO CTO RM CISO CISA BCM
47. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
IT risk analysis and
communication
IS &
auditing Incident management
Roles CEO CIO CTO RM CISO CISA BCM
48. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
IT risk analysis and
communication
IS &
auditing Incident management Business continuity
Roles CEO CIO CTO RM CISO CISA BCM
49. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
IT risk analysis and
communication
IS &
auditing Incident management Business continuity
Roles CEO CIO CTO RM CISO CISA BCM
Owner, partner, contractor, regulator (ISO 27000)
50. Obligations for IT security, data protection, business continuity, and internal goals
Profiles
Methods
Metrics
Standards
IT, risk, information- and cybersecurity and business continuity actions
Business
Datahandling
IT
ITGovernance
ITrisks
ITcontrols
ITcompliance
ITincidents
Continuity
Classification,labelling
BIA,SLA
ITIL,CMM,TCO,ROI
Monitoring,KRI,SPOF
Riskdecision,ROSI
ISMSoperation,KPI
Testing,forensics,audit
BC,DRplanning,RTO,RPO
ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301
Processes Business process
Information
management
IT process
IT risk analysis and
communication
IS &
auditing Incident management Business continuity
Roles CEO CIO CTO RM CISO CISA BCM
Owner, partner, contractor, regulator (ISO 27000)
Specialist, administrator, project manager (ISO 21500)
51. GDPR (EU)
Some example references
• risk management plays an ever-larger role in IT security and data
encryption is suited, among other means, for these companies;
• the regulation also recognizes these risks when processing
personal data and places the responsibility on the controller and
the processor to implement appropriate technical and
organisational measures to secure personal data;
• to answer the question of what is currently considered “state of
the art” data protection officers usually rely on the definitions set
out in information security standards like ISO/IEC 27001 or other
national IT-security guidelines.
52. NIS directive (EU)
Some example tips for implementation
• to ensure compliance, it is possible to implement a cyber
resilience programme that incorporates measures for information
security, business continuity and incident response;
• international standards such as ISO 27001, ISO 27035 and ISO
22301 serve as frameworks for achieving NIS Directive
compliance;
• the implementation of business continuity
management, penetration testing and cyber incident response
(CIR) management can help organisations achieve appropriate
level of cyber resilience and help facilitate compliance with the
NIS Directive.
53. NIST Cybersecurity Framework (US)
Identify: develop the organizational understanding to manage
cybersecurity risk to systems, assets, data, and capabilities.
Protect: develop and implement the appropriate safeguards to
ensure delivery of critical infrastructure services.
Detect: develop and implement the appropriate activities to
identify the occurrence of a cybersecurity event.
Respond: develop and implement the appropriate activities to take
action regarding a detected cybersecurity event.
Recover: develop and implement the appropriate activities to
maintain plans for resilience and to restore any capabilities or
services that were impaired due to a cybersecurity event.
54. Monetary Authority of Singapore technology risk management guidelines
Practical audit experience
• OVERSIGHT OF TECHNOLOGY RISKS BY BOARD OF DIRECTORS AND SENIOR MANAGEMENT
• TECHNOLOGY RISK MANAGEMENT FRAMEWORK
• MANAGEMENT OF IT OUTSOURCING RISKS
• ACQUISITION AND DEVELOPMENT OF INFORMATION SYSTEMS
• IT SERVICE MANAGEMENT
• SYSTEMS RELIABILITY, AVAILABILITY AND RECOVERABILITY
• OPERATIONAL INFRASTRUCTURE SECURITY MANAGEMENT
• DATA CENTRES PROTECTION AND CONTROLS
• ACCESS CONTROL
• ONLINE FINANCIAL SERVICES
• PAYMENT CARD SECURITY (AUTOMATED TELLER MACHINES, CREDIT AND DEBIT CARDS)
• IT AUDIT
55. ISO/IEC 9001
Training Courses
• ISO/IEC 9001 Introduction
1 Day Course
• ISO/IEC 9001 Foundation
2 Days Course
• ISO/IEC 9001 Lead Implementer
5 Days Course
• ISO/IEC 9001 Lead Auditor
5 Days Course
• ISO/IEC 9001:2015 Transition
2 Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-9001/iso-9001-
2015-transition