SlideShare une entreprise Scribd logo

How an Integrated Management system helps you comply with new Cyber Laws and Regulations

Télécharger en tant que PPTX, PDF
PECB
PECB

When implementing an information security management system (based on ISO/IEC 27001) you need to conduct a risk analysis (based on ISO/IEC 27005) and implement information security controls (based on ISO/IEC 27002). In order to better understand the IT governance framework of the organization, you can refer to service management systems (based on ISO/IEC 20000). Moreover, you have to properly consider security incident management (based on ISO/IEC 27035) and you must ensure that the organization has business continuity and recovery capabilities (based on ISO 22301). Recorded Webinar: https://youtu.be/aY_envTRGRY

Formation
1  sur  57
Key points 1. Establishing the concept of integrated management system; 2. Explain the concept to different roles associated; 3. Use the international standards as appropriate; 4. Give some examples how integrated management system helps to comply with new field regulation.
CONCEPT
Obligations for IT security, data protection, business continuity, and internal goals
Obligations for IT security, data protection, business continuity, and internal goals IT, risk, information- and cybersecurity and business continuity actions
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents
Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO CISA
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Business continuity Roles CEO CIO CTO RM CISO CISA BCM
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Business continuity Roles CEO CIO CTO RM CISO CISA BCM Owner, partner, contractor, regulator (ISO 27000)
Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Business continuity Roles CEO CIO CTO RM CISO CISA BCM Owner, partner, contractor, regulator (ISO 27000) Specialist, administrator, project manager (ISO 21500)
GDPR (EU) Some example references • risk management plays an ever-larger role in IT security and data encryption is suited, among other means, for these companies; • the regulation also recognizes these risks when processing personal data and places the responsibility on the controller and the processor to implement appropriate technical and organisational measures to secure personal data; • to answer the question of what is currently considered “state of the art” data protection officers usually rely on the definitions set out in information security standards like ISO/IEC 27001 or other national IT-security guidelines.
NIS directive (EU) Some example tips for implementation • to ensure compliance, it is possible to implement a cyber resilience programme that incorporates measures for information security, business continuity and incident response; • international standards such as ISO 27001, ISO 27035 and ISO 22301 serve as frameworks for achieving NIS Directive compliance; • the implementation of business continuity management, penetration testing and cyber incident response (CIR) management can help organisations achieve appropriate level of cyber resilience and help facilitate compliance with the NIS Directive.
NIST Cybersecurity Framework (US) Identify: develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. Protect: develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect: develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Respond: develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover: develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Monetary Authority of Singapore technology risk management guidelines Practical audit experience • OVERSIGHT OF TECHNOLOGY RISKS BY BOARD OF DIRECTORS AND SENIOR MANAGEMENT • TECHNOLOGY RISK MANAGEMENT FRAMEWORK • MANAGEMENT OF IT OUTSOURCING RISKS • ACQUISITION AND DEVELOPMENT OF INFORMATION SYSTEMS • IT SERVICE MANAGEMENT • SYSTEMS RELIABILITY, AVAILABILITY AND RECOVERABILITY • OPERATIONAL INFRASTRUCTURE SECURITY MANAGEMENT • DATA CENTRES PROTECTION AND CONTROLS • ACCESS CONTROL • ONLINE FINANCIAL SERVICES • PAYMENT CARD SECURITY (AUTOMATED TELLER MACHINES, CREDIT AND DEBIT CARDS) • IT AUDIT
ISO/IEC 9001 Training Courses • ISO/IEC 9001 Introduction 1 Day Course • ISO/IEC 9001 Foundation 2 Days Course • ISO/IEC 9001 Lead Implementer 5 Days Course • ISO/IEC 9001 Lead Auditor 5 Days Course • ISO/IEC 9001:2015 Transition 2 Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso-9001/iso-9001- 2015-transition
THANK YOU ? andro@consultit.ee http://www.consultit.ee/ linkedin.com/in/andro-kull-78735523

Recommandé

How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 

Recommandé

How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...PECB
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 

Contenu connexe

Tendances

Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...PECB
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 

Tendances (20)

Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2
 
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
Building Trust in Blockchain: How Blockchain Will Revolutionize Businesses in...
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 

Similaire à How an Integrated Management system helps you comply with new Cyber Laws and Regulations

Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...PECB
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011subramanian K
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Servicessarah kabirat
 
Item46763
Item46763Item46763
Item46763madunix
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Improve business values and efficiency by IT
Improve business values and efficiency by ITImprove business values and efficiency by IT
Improve business values and efficiency by ITLiven Varghese
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0bluekiu
 
Navigating the Digital Landscape.pdf
Navigating the Digital Landscape.pdfNavigating the Digital Landscape.pdf
Navigating the Digital Landscape.pdfsavassociates1
 
Aligning It With Small Business
Aligning It With Small BusinessAligning It With Small Business
Aligning It With Small BusinessNathan Lee
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungnorsaidatul_akmar
 

Similaire à How an Integrated Management system helps you comply with new Cyber Laws and Regulations (20)

Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...Approche intégrée de la gestion des risques, de la sécurité de l’information,...
Approche intégrée de la gestion des risques, de la sécurité de l’information,...
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Technology Risk Services
Technology Risk ServicesTechnology Risk Services
Technology Risk Services
 
Skillmine CISO as service
Skillmine CISO as serviceSkillmine CISO as service
Skillmine CISO as service
 
IT Governances
IT GovernancesIT Governances
IT Governances
 
Item46763
Item46763Item46763
Item46763
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Improve business values and efficiency by IT
Improve business values and efficiency by ITImprove business values and efficiency by IT
Improve business values and efficiency by IT
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
 
Task 2
Task 2Task 2
Task 2
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0
 
Navigating the Digital Landscape.pdf
Navigating the Digital Landscape.pdfNavigating the Digital Landscape.pdf
Navigating the Digital Landscape.pdf
 
Aligning It With Small Business
Aligning It With Small BusinessAligning It With Small Business
Aligning It With Small Business
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
 

Plus de PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

Plus de PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Dernier

Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 

Dernier (20)

Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 

How an Integrated Management system helps you comply with new Cyber Laws and Regulations

  • 1.
  • 2. Key points 1. Establishing the concept of integrated management system; 2. Explain the concept to different roles associated; 3. Use the international standards as appropriate; 4. Give some examples how integrated management system helps to comply with new field regulation.
  • 4. Obligations for IT security, data protection, business continuity, and internal goals
  • 5. Obligations for IT security, data protection, business continuity, and internal goals IT, risk, information- and cybersecurity and business continuity actions
  • 6. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions
  • 7. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business
  • 8. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling
  • 9. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT
  • 10. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance
  • 11. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks
  • 12. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols
  • 13. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance
  • 14. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents
  • 15. Obligations for IT security, data protection, business continuity, and internal goals Profiles IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity
  • 16. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity
  • 17. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling
  • 18. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA
  • 19. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI
  • 20. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF
  • 21. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI
  • 22. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI
  • 23. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit
  • 24. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO
  • 25. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles
  • 26. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO
  • 27. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO
  • 28. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO
  • 29. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM
  • 30. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO
  • 31. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO CISA
  • 32. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO CISA BCM
  • 33. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO Roles CEO CIO CTO RM CISO CISA BCM
  • 34. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 Roles CEO CIO CTO RM CISO CISA BCM
  • 35. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 Roles CEO CIO CTO RM CISO CISA BCM
  • 36. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 Roles CEO CIO CTO RM CISO CISA BCM
  • 37. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 Roles CEO CIO CTO RM CISO CISA BCM
  • 38. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 Roles CEO CIO CTO RM CISO CISA BCM
  • 39. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 Roles CEO CIO CTO RM CISO CISA BCM
  • 40. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Roles CEO CIO CTO RM CISO CISA BCM
  • 41. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Roles CEO CIO CTO RM CISO CISA BCM
  • 42. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Roles CEO CIO CTO RM CISO CISA BCM
  • 43. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management Roles CEO CIO CTO RM CISO CISA BCM
  • 44. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process Roles CEO CIO CTO RM CISO CISA BCM
  • 45. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication Roles CEO CIO CTO RM CISO CISA BCM
  • 46. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Roles CEO CIO CTO RM CISO CISA BCM
  • 47. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Roles CEO CIO CTO RM CISO CISA BCM
  • 48. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Business continuity Roles CEO CIO CTO RM CISO CISA BCM
  • 49. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Business continuity Roles CEO CIO CTO RM CISO CISA BCM Owner, partner, contractor, regulator (ISO 27000)
  • 50. Obligations for IT security, data protection, business continuity, and internal goals Profiles Methods Metrics Standards IT, risk, information- and cybersecurity and business continuity actions Business Datahandling IT ITGovernance ITrisks ITcontrols ITcompliance ITincidents Continuity Classification,labelling BIA,SLA ITIL,CMM,TCO,ROI Monitoring,KRI,SPOF Riskdecision,ROSI ISMSoperation,KPI Testing,forensics,audit BC,DRplanning,RTO,RPO ISO 9001 ISO 30301 ISO 20000 ISO 27005 ISO 27001/002/032 ISO 27035 ISO 22301 Processes Business process Information management IT process IT risk analysis and communication IS & auditing Incident management Business continuity Roles CEO CIO CTO RM CISO CISA BCM Owner, partner, contractor, regulator (ISO 27000) Specialist, administrator, project manager (ISO 21500)
  • 51. GDPR (EU) Some example references • risk management plays an ever-larger role in IT security and data encryption is suited, among other means, for these companies; • the regulation also recognizes these risks when processing personal data and places the responsibility on the controller and the processor to implement appropriate technical and organisational measures to secure personal data; • to answer the question of what is currently considered “state of the art” data protection officers usually rely on the definitions set out in information security standards like ISO/IEC 27001 or other national IT-security guidelines.
  • 52. NIS directive (EU) Some example tips for implementation • to ensure compliance, it is possible to implement a cyber resilience programme that incorporates measures for information security, business continuity and incident response; • international standards such as ISO 27001, ISO 27035 and ISO 22301 serve as frameworks for achieving NIS Directive compliance; • the implementation of business continuity management, penetration testing and cyber incident response (CIR) management can help organisations achieve appropriate level of cyber resilience and help facilitate compliance with the NIS Directive.
  • 53. NIST Cybersecurity Framework (US) Identify: develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. Protect: develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect: develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Respond: develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover: develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
  • 54. Monetary Authority of Singapore technology risk management guidelines Practical audit experience • OVERSIGHT OF TECHNOLOGY RISKS BY BOARD OF DIRECTORS AND SENIOR MANAGEMENT • TECHNOLOGY RISK MANAGEMENT FRAMEWORK • MANAGEMENT OF IT OUTSOURCING RISKS • ACQUISITION AND DEVELOPMENT OF INFORMATION SYSTEMS • IT SERVICE MANAGEMENT • SYSTEMS RELIABILITY, AVAILABILITY AND RECOVERABILITY • OPERATIONAL INFRASTRUCTURE SECURITY MANAGEMENT • DATA CENTRES PROTECTION AND CONTROLS • ACCESS CONTROL • ONLINE FINANCIAL SERVICES • PAYMENT CARD SECURITY (AUTOMATED TELLER MACHINES, CREDIT AND DEBIT CARDS) • IT AUDIT
  • 55. ISO/IEC 9001 Training Courses • ISO/IEC 9001 Introduction 1 Day Course • ISO/IEC 9001 Foundation 2 Days Course • ISO/IEC 9001 Lead Implementer 5 Days Course • ISO/IEC 9001 Lead Auditor 5 Days Course • ISO/IEC 9001:2015 Transition 2 Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso-9001/iso-9001- 2015-transition
  • 56.