Premium Essay

The Challenges in Implementing Iso 27001

In:

Submitted By shaimaalmuhairi
Words 2150
Pages 9
Abstract
Almost all of us have heard in some way of either ISO 9000 or 14000 certification which clarify the quality controls and environmental friendliness, but how many of us have heard about ISO 27001 which talk about security standards.
On this term paper we are going to first identify what is IOS 27001 from different point of view, second we will explain the challenges in implementing ISO 27001 by evaluating the framework of ISO, discussing the benefit and advantages of ISO 27001 and why it's used in UAE.
After that we will clarify the challenges of ISO 27001 after interviewing two companies and get rich information from their experience in this filed then compare the challenges in and out UAE based on (3-4) articles.
What is ISO/IEC 27001

1- ISO/IEC 27001 is a Controls-based policy o A comprehensive set of controls comprising best practices in information security and It's an Information standard that encompasses all types of information. o “Whatever form the information may take, or means by which it is shared or stored, it should always be appropriately protected” (ISO17799:2000) (FIRSTSOURCE,Undated)
2- ISO/IEC 27001:2005 : o Provides strategic and tactical direction o Recognizes that Information Security is a Management issue o Non-technical (BUREAU VERITAS)
3- ISO 27001(earlier BS 7799) is an International standard which provides a model (PDCA Model) for setting up and managing an effective ISMS. o ISMS is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. o It provides 11 Security Control Clauses under 39 Key Security Categories, 134 controls and It is not driven by Product or Technology.(IBM corporation)

Why ISO 27001 is used in UAE ?
Security becomes an essential part of business processes, so ISO

Similar Documents

Premium Essay

It Security Policy Framework

...Introduction When implementing a security policy many elements should be considered. For example, the size of the organization, the industry, classification of the data processed, and even the organization’s work load must be taken into account. As with any industry, selecting the proper security framework for an insurance organization should be done cautiously. This is because having too strict of a policy may inconvenience the employees or even their customers. Because of this, consultants must bear in mind that the information handled by insurance organizations is not as sensitive as a healthcare organization, for example. Nonetheless, establishing compliance is important to protect customer information and abide by U.S laws and regulations. Organizations must also identify and address some of the framework implementation challenges that may arise. These challenges are not exclusive to one organization, but all who develop a security policy framework. It is up to the organization to be able to overcome these issues with the proper strategies. IT Security Framework for the Insurance Company An ideal security framework the insurance company should abide by is the International Organization for Standardization (ISO) 27001. This standard explains the requirements for companies to meet their Information Security Management System (ISMS) needs. It provides companies with guidance to establish, implement, maintain, and improve their information security (“An...

Words: 1329 - Pages: 6

Premium Essay

Security Policy Framework

...organization must take appropriate security measures to make sure that no information is put in the hands of unauthorized personnel. Having a comprehensive information security framework in place along with sound standard operations procedure (SOP), and policies and regulations can help any organization keep its systems and information secure. When developing a framework for any organization you must choose what will be best for that organization, although the NIST (SP 800-53), ISO/IEC 27000, and COBIT all are frameworks that offer many different security programs, there is no wrong framework to choose, but choosing the one that works for your organization can be a tough decision for any manager to make. With the insurance organization I would choose to implement the ISO/IEC (27000) framework. That way we can concentrate on establishing and managing an IT security program. The ISO/IEC covers information security standards that are published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that develop and publish international standards. By using this framework we can provide all necessary best practices that have been recommended on information security management, risks and controls, and security concerns that may occur. This framework can be implemented to any size organization so even if the company expands our framework will allow us to maintain all HIPPA guidelines and will allow the organization to...

Words: 1310 - Pages: 6

Premium Essay

Technology Perspectives in Banking Industry

...Nearly all CIOs today are under pressure to contain costs; in fact, many are being asking to cut IT budgets by 20%. But the challenges of dealing with the recession have not gone away, even if the budget has. Banks take a long-term view of such initiatives allocate budgets accordingly and monitor these IT projects very judiciously. Priority of Strategic Initiatives in IT Most Banks are planning for IT initiatives that contribute significantly to strategic positioning of services and cost reduction. Common trends were noticed across segments with respect to prioritization of IT initiatives and implementation timelines. It had been estimated that globally, emergence of new technologies such as back office virtualization, cloud computing and Service Oriented Architecture (SOA) will reduce absolute spending on IT. Key IT Solutions As part of implementation of strategic IT initiatives, Banks are deploying IT solutions to facilitate automation in transaction management, reporting and risk management. Business Intelligence and analytics initiatives are planned in the near term by Public Banks and in a two to three year window by Private Banks. The deployment of new technologies is gaining momentum, which has the potential to bring far reaching impact in the Banking industry as a whole. Process Improvement Models ISO 27001 seems to be the most actively adopted standard across the banking sector. A large fraction of the private sector banks, are actively adopting process improvement...

Words: 445 - Pages: 2

Free Essay

Enterprise Security Services

...SECTION ONE INTRODUCTION BACKGROUND OF STUDY In years past, when enterprises were starting, it suffered data lose and information retrieval was difficult since there was no strong security service to protect already gathered information. Production, distribution and some other functions were very difficult to achieve due to weak security services but as the days passed by enterprise has struggled to secure its services and with the aid of growth in technology and programming enterprise services has reached a reasonable degree in achieving its dream by protecting its services from harm. An enterprise is an activity or a project that produces services or products. There are essentially two types of enterprise, business and social enterprises. Business enterprises are run to make profit for a private individual or group of individuals. This includes small business while social enterprise functions to provide services to individuals and groups in the community. These shows that an enterprise security service is a form of protecting the services or the product of individuals and groups in the community from harm (preventing unauthorized users from gaining access). Enterprise now uses Biometric, Encryption and some others forms of security to form the backbone of its services. The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics refers to the automatic identification of a person based on...

Words: 4428 - Pages: 18

Premium Essay

Formulating Information Systems Risk Management Strategies Through Cultural Theory

...The current issue and full text archive of this journal is available at www.emeraldinsight.com/0968-5227.htm IMCS 14,3 Formulating information systems risk management strategies through cultural theory Aggeliki Tsohou, Maria Karyda and Spyros Kokolakis Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece 198 Evangelos Kiountouzis Department of Informatics, Athens University of Economics and Business, Athens, Greece Abstract Purpose – The purpose of this paper is to examine the potential of cultural theory as a tool for identifying patterns in the stakeholders’ perception of risk and its effect on information system (IS) risk management. Design/methodology/approach – Risk management involves a number of human activities which are based on the way the various stakeholders perceive risk associated with IS assets. Cultural theory claims that risk perception within social groups and structures is predictable according to group and individual worldviews; therefore this paper examines the implications of cultural theory on IS risk management as a means for security experts to manage stakeholders perceptions. Findings – A basic theoretical element of cultural theory is the grid/group typology, where four cultural groups with differentiating worldviews are identified. This paper presents how these worldviews affect the process of IS risk management and suggests key issues to be considered in developing strategies of risk...

Words: 9716 - Pages: 39

Premium Essay

I Do Not Know

...A Framework for IT Governance in Small Businesses by Herman Koornhof A FRAMEWORK FOR IT G O V E R N A N C E by IN SMALL BUSINESSES Herman Koornhof TREATISE Submitted for the partial fulfilment of the requirements for the degree MAGISTER TECHNOLOGIAE in Business Information Systems in the FACULTY ENGINEERING, BUILT ENVIRONMENT OF THE AND INFORMATION TECHNOLOGY of the N E L S O N M A N D E L A M E T R O P O L I T A N U N I V E R SI T Y Supervisor: Prof. Rossouw von Solms January 2009 ii Declaration I, Herman Koornhof, hereby declare that: • • • The work in this treatise is my own work. All sources used or referred to have been documented and recognised. This treatise has not previously been submitted in full of partial fulfilment of the requirements for an equivalent or qualification at any other recognised educational institution. higher Herman Koornhof iii Acknowledgements I would like to express my gratitude to the following people: • My love, Jenny, for your love and understanding during the past year. Without your encouragement and inspiration this work would not have been possible. • • My family and friends for your interest and support. My supervisor, Prof. Rossouw von Solms, for your guidance and advice, and your detailed and constructive comments. • To Him who is able to do immeasurably more than all we ask or imagine, according to his power that is at work within us. iv Table...

Words: 36563 - Pages: 147

Premium Essay

Iram 2

...THREAT FRAMEWORK Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availability of a system. Currently, organizations are struggling to understand what the threats to their information assets are and how to obtain the necessary means to combat them which continues to pose a challenge. The ISF’s Information Risk Analysis Methodology (IRAM) enables organizations to access business information risk and select the right set of security controls to mitigate that risk. IRAM2 Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management by developing best practice methodologies, processes and solutions that meet the business needs of its Members. ISF aims its products at large public and private sector organizations, and produces an annually updated Standard of Good Practice for Information Security. This approach has three phases: a business impact assessment which determines the security requirements of the business, a threat and vulnerability...

Words: 2215 - Pages: 9

Premium Essay

Star Gazer

...Assignment: Improving Security through Layered Security Control Learning Objectives and Outcomes * Analyze the given case study to evaluate how information technology (IT) security can be improved through layered security control. Assignment Requirements Read the text sheet named “Global Access Control Case Study” and prepare a report capturing the following points: * Synopsis of the given case problem * Analysis of the strengths and weaknesses of the steps taken by the organization * Assessment of access control/IT domains given in the business problem for data confidentiality, integrity, and availability * Evaluation of how layered security proved to be a positive solution in the given problem, including the impacts of layered security In addition, your report must also include answers to the following questions: * What is the significance of compliance and financial reporting from an insecure system? * What influence did the risk management process have in Global fulfilling its goals? * What is the significance of remote external access into the Global network? * What are the other tools comparable to the ones used by Global to solve their internal problems? Required Resources * Text sheet: Global Access Control Case Study (ts_globalcasestudy) Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: APA * Length: 1–2 pages Self-Assessment Checklist ...

Words: 1445 - Pages: 6

Premium Essay

Cloud Computing

...Dublin Institute of Technology ARROW@DIT Dissertations School of Computing 2010-09-01 Cloud Computing:Strategies for Cloud Computing Adoption Faith Shimba Dublin Institute of Technology, faith.shimba@gmail.com Recommended Citation Shimba, F.:Cloud Computing:Strategies for Cloud Computing Adoption. Masters Dissertation. Dublin, Dublin Institute of Technology, 2010. This Dissertation is brought to you for free and open access by the School of Computing at ARROW@DIT. It has been accepted for inclusion in Dissertations by an authorized administrator of ARROW@DIT. For more information, please contact yvonne.desmond@dit.ie, arrow.admin@dit.ie. This work is licensed under a Creative Commons AttributionNoncommercial-Share Alike 3.0 License School of Computing Dissertations Dublin Institute of Technology Year  Cloud Computing:Strategies for Cloud Computing Adoption Faith Shimba Mr. Dublin Institute of Technology, faith.shimba@student.dit.ie This paper is posted at ARROW@DIT. http://arrow.dit.ie/scschcomdis/1 — Use Licence — Attribution-NonCommercial-ShareAlike 1.0 You are free: • to copy, distribute, display, and perform the work • to make derivative works Under the following conditions: • Attribution. You must give the original author credit. • Non-Commercial. You may not use this work for commercial purposes. • Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical...

Words: 35464 - Pages: 142

Premium Essay

Visual Data Security

...Visual Data Security White Paper Brian Honan, BH Consulting July 2012 1 Introduction Welcome to Secure’s White Paper on Visual Data Security. As data gets ever more versatile and mobile, we want to make sure that individuals, businesses, organisations and governments across Europe are aware of the threats posed by visual data security breaches. Simply put, visual data security is ensuring that information cannot be seen by unauthorised individuals. This is particularly important when dealing with private or sensitive information, and the threat of a breach has risen enormously with the shift in working practices towards increased mobility, flexibility and shared resources. This White Paper has been commissioned to give some background to visual data security and provide simple, easy to follow advice on how to prevent a breach and protect individuals’ personal data and organisations’ commercially sensitive information. It’s not about constraining people’s working habits or holding back the tide, but about embracing new trends and empowering employers and employees to take small steps to work in a safe and secure manner. By promoting a greater understanding of these risks and the behavioural and practical procedures that can be adopted to reduce them, we hope to enhance data security across the continent. We hope you find the Paper of interest. For any further information please don’t hesitate to contact us on info@visualdatasecurity.eu. Happy reading and stay secure...

Words: 4506 - Pages: 19

Premium Essay

Nist Cyber Security Frame Work

...©iStockphoto/Ljupco 36 June 2015 | practicallaw.com © 2015 Thomson Reuters. All rights reserved. The NIST Cybersecurity Framework Data breaches in organizations have rapidly increased in recent years. In 2014, the National Institute of Standards and Technology (NIST) issued a voluntary framework that is fast becoming the de facto standard for organizations to assess their cybersecurity programs. RICHARD RAYSMAN JOHN ROGERS PARTNER HOLLAND & KNIGHT LLP CHIEF TECHNOLOGIST BOOZ ALLEN HAMILTON INC. Richard’s practice concentrates on computer law, outsourcing, complex technology transactions and intellectual property. He has significant experience in structuring technology transactions and has represented clients in billions of dollars of outsourcing transactions in addition to litigating reported cases. Richard is a guest contributor to The Wall Street Journal on technology issues, and Chambers has selected him as a leading technology attorney. Prior to practicing law, Richard was a systems engineer for IBM Corporation. © 2015 Thomson Reuters. All rights reserved. John has extensive information security experience in a variety of industries including financial services, retail, healthcare, higher education, insurance, non-profit and technology services. He focuses on improving client cybersecurity programs, assessing these programs against industry standards, designing secure solutions and performing cost/benefit analyses. ...

Words: 4438 - Pages: 18

Premium Essay

Companies Awarded by Pqa

...are the most advanced in the Philippines as they are equipped with fully automated dust-free batch plant, an enclosed clean room, and state-of-the-art production and inspection machines from Europe, America, and Japan. In addition to this, SMYAC is equipped with an Electrostatic Precipitator (EP), an air pollution abatement system that performs the collection of combustion particles, which is recycled into minor raw materials used in glass production. For total quality and productivity management, SMYAC is one of the first companies in the Philippines to be certified in ISO 9000 by the Bureau of Product Standards (BPS) through its accreditation in December of 1992 - merely six months after its commercial operation. Its Quality Management Systems currently follows the ISO 9001:2008 Standards as certified by Bureau Veritas Certification. It was also recommended for certification by SGS Philippines, Inc. for ISO 22000:2005 Food Safety Management System and PAS 223:2011 Good Manufacturing Practice. In June 1998, SMYAC was accorded a Philippine Quality Award for...

Words: 5492 - Pages: 22

Free Essay

Vodafone Organization

...| | |Vodafone Egypt Organization | |[pic] | | | | | | | |8/18/2012 | | Vodafone Egypt Organization | Table of contents Vodafone organization profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Vodafone external environment . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Vodafone stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Vodafone...

Words: 6408 - Pages: 26

Free Essay

Motivation

...1.1 Introduction One of the leading IT services companies, L&T Infotech., is a well established company. It is an Indian company which always maintained the highest international standards of excellence through quality, technology and innovation. The company has an ISO 9001-2001 certification and has high profile clients such as like Chevron, Free scale, Hitachi, Sanyo and Lafarge, among others. L&T Infotech is a global IT services and solutions provider. It provides the winning edge to the clients by leveraging Business-to-IT Connect and deeply committed people. The clients have found in L&T Infotech a right-size partner who combines scale, stability and customer-centricity The parent company is Larsen & Toubro Ltd. (L&T), a technology, engineering, manufacturing and construction conglomerate, with global operations. This rich corporate heritage has given many inherent advantages that translate into tangible benefits for the clients. Founded in 1938, Larsen & Toubro Limited (L&T) is a technology, engineering, construction and manufacturing company. It is one of the largest and most respected companies in India's private sector. Seven decades of a strong, customer-focused approach and the continuous quest for world-class quality have enabled it to attain and sustain leadership in all its major lines of business. L&T has an international presence, with a global spread of offices. A thrust on international business has seen overseas earnings...

Words: 16168 - Pages: 65

Premium Essay

Project

...“BHARAT HEAVY ELECTRICALS LIMITED & THE STUDY OF MARKET POTENTIAL FOR CONTROL EQUIPMENTS AT BHEL” Dissertation Submitted to the ALAGAPPA UNIVERSITY in partial fulfillment of the requirements for the award of the Degree of MASTER OF BUSINESS ADMINISTRATION SUBMITTED BY CHAKRAPANI AWASTHI Enrollment No:-083173871 [pic] Project Guide Mr.-Manohar Ramesh MBA NIILM School of Business Bangalore-560025 DIRECTORATE OF DISTANCE EDUCATION ALAGAPPA UNIVERSITY KARAIKUDI – 630 003 JUNE 2010 DECLARATION I hereby declare that the dissertation market potential for control equipment’s at BHELsubmitted for the MBA (General) degree is my original work and the dissertation has not formed the basis for the award of any Degree, Associate Ship, Fellowship or any other similar titles. Place:-Bangalore Date:-30 June 2010 Signature of the Student GUIDE CERTIFICATE This is to certify that the dissertation entitled “THE STUDY OF MARKET POTENTIAL FOR CONTROL EQUIPMENTS AT BHEL” is a bonafied research work carried out by CHAKRAPANI AWASTHI & ENROLLEMENT NO. 083173871 of MBA (General) in partial fulfillment of the requirements for the award of the degree of Master of Business Administration ( General ) and that the dissertation has not found the basis for the award...

Words: 15756 - Pages: 64