ISO/IEC 27001:2005

12 10 2006

Overview

ISO/IEC 27001:2005 is a standard specification for an Information Security Management Systems (ISMS). An ISMS is the means by which Senior Management monitor and control their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. It forms part of an organization’s internal control system.

ISO/IEC 17799:2005 is a standard code of practice and can be regarded as a comprehensive catalogue of good security things to do. 

Benefits

ü Improved security throughout the organization

ü Improved security planning

ü Demonstrates company’s commitment in protecting information

ü Security management effectiveness

ü Ongoing protection over Information

ü Less risk when dealing with partners

ü Improved customer, employee and partner confidence

ü More realistic and manageable auditing

ü Reduced liability over information 

The major components of an ISMS are summarized in figure below.  The activities continually cycle around the PLANDOCHECKACT cycle.

 pdac-isma.gifCoverage 

BS 7799 (ISO 27001) consists of 134 best security practices (covering 11 Domains which was discussed above) which organizations can adopt to build their Security Infrastructure. 

Security Policy

Organizing Information Security

Asset Management

Human Resource Security

Physical & Environmental

Communications and Operations Management

Access Control

Information Systems Acquisition, Development and Maintenance

Information Security Incident Management

Business Continuity Management

Compliance 


Actions

Information

4 responses

13 10 2006
nico

kerjaan lu chay?buseeeet…kaga ngarti😛

13 10 2006
chaidir

yups… sama, gw jg ga ngerti.
makanya gw publish disini, sapa tau bisa gw baca drmn aja….

kerjaan gw malah ga ada teknis2nya gini….

ABCD
Aduuuhhh Booo… Capee Deeehhh!!

7 04 2009
Zha

salam kenal semuanya..
numpang posting informasi yah, mengenai :

Seminar Sehari Roadmap to ISO 27001 Certification and Comply with Peraturan Bank Indonesia No.9/15/PBI/2007, “Penerapan Manajemen Risiko dalam Penggunaan Teknologi Informasi pada Bank Umum”.
yang akan diselenggarakan pada tanggal 16 April 2009 di Ritz Carlton Hotel, Pacific Place – Sudirman

Materi :
• Overview tata kelola pengamanan informasi pada perusahaan
• Roadmap implementasi ISMS dan sertifikasi ISO 27001
• Peran Peraturan Bank Indonesia (PBI) No. 9/15/PBI/2007 dalam peningkatan pengamanan informasi di dunia perbankan
• Keterkaitan implementasi standar keamanan informasi terhadap kepatuhan pada Peraturan Bank Indonesia (PBI) No. 9/15/PBI/2007
• Perspektif Badan Sertifikasi terhadap audit ISO 27001 di Indonesia

Speakers:
-Deputi Direktur Direktorat Teknologi Informasi Bank Indonesia
-Tim Perumus Peraturan Bank Indonesia
-Lead Auditor Bureau Veritas Taiwan
-dll.

Info lebih lengkap silahkan klik : http://www.lemtiui.com/
atau hubungi CP berikut : Mia (0856 – 855 9590) / Anggi (0813 – 10193025)

terima kasih atas perhatiannya dan semoga bermanfaat

22 05 2009
Hassan

Great read, thanks

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: