1 / 61

British Standards Institution Over One Hundred Years of Achievements

British Standards Institution Over One Hundred Years of Achievements. Who are WE…. 1901 - World’s first National Standards Body 1903 - World’s First Standard BS 1 1926 - World’s first Product Certification mark- the Kite mark.

holly-duffy
Télécharger la présentation

British Standards Institution Over One Hundred Years of Achievements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. British Standards Institution Over One Hundred Years of Achievements

  2. Who are WE…. • 1901 - World’s first National Standards Body • 1903 - World’s First Standard BS 1 • 1926 - World’s first Product Certification mark- the Kite mark. • 1948 - Founder member of the International Organisation for Standardization (ISO) • 1979 - Published BS 5750 (now ISO 9000) • 1992 - Published BS 7750 (now ISO 14001) • 1999 - Published BS 7799 (now ISO 17799)

  3. BSI today …A Global Company • 1901- A Committee of Six EMEA Hub America Hub Asia Hub BSI India • 2004- Operates in 100 + countries • Over 5500 Employees

  4. BSI History • H.Q. Based at BSI House, Chiswick, London, UK • BSI represents UK interests internationally • 95% of BSI standards are now international standards (ISO) • Published 2,000 standards last year • 19,000 standards in total • Developed BS 5750 and adopted by ISO as ISO 9001. • Developed BS 7799 and adopted by ISO as ISO 17799 • Certification Body for ITSM/ITIL based scheme (BS 15000)

  5. BSI HQ in LONDON

  6. BSI Group Corporate Centre - Legal - Personnel - Finance - Marketing... British Standards Standards - Facilitation - Production - Distribution Inspectorate -Commodity Inspection Management Systems -Systems Assessment -Training Public & Bespoke - Business Solutions Product Services -Testing -Product Certification

  7. BSI Management Systems Vision To lead in a world of organisations striving to continually improve their business management systems.

  8. BSI Management Systems today • World leader in ISO 9000 registration • Market leader in BS 7799 registration • BSI has Certified 75000 +companies worldwide • BSI acquired KPMG (QR) in USA and North America

  9. Training • Customers in 110+ countries • Run training programs covering quality, IS Security, environmental and project management

  10. Services Provided • BSI Training Services • Systems assessment: Awareness and understanding • Systems Implementation • Internal Auditing / Lead assessor • Business Process Improvement • In-house training courses • Customer defined “Specialist Courses”

  11. 13% of Fortune 500 BSI Management Systems Clients

  12. “… businesses… must be, or become, number-one or number-two in their marketplaces…” Jack Welch, Chairman & CEO, General Electric “A Boundary less Company in a Decade of Change” Key Annual Meeting Speech 1990

  13. Thank You ! Questions/Discussion ? Neeraj Gupta (Head- Business Development) Mobile: +91-98-104 11159 Neeraj.gupta@bsi-india.com

  14. Overview of ISO 17799

  15. STANDARDIZATION ACTIVITY ISO (Switzerland) ISO 9001 Industry Initiatives IAF (Australia) International Accreditation Forum www.iaf.nu Institutions GM/FORD/DC (TS 16949) SEI – CMMi ITSMf ( BS 15000) National Standards e.g.,BSI/SIRIM QAS Sdn Bhd 120+ countries e.g., BS 15000 Accreditation Bodies UKAS (UK) DSM (Malaysia) Certification Bodies BSI, BVQI, DNV Private Vendors Check Point Sun Tone, International Standards ISO 9001, ISO 17799 ISO 15504 (SPICE) Companies e.g., HP

  16. Interest in ISMS Standards Growing Source: Giga Information Group "Giga Survey Shows Interest in Information Security Standards Growing" January 18, 2002

  17. Industry DISC DTI BS 7799:1995 BS PD0003 (1990) BSI + BS 7799-1:1999 BS 7799-2:1998 Nov 97- April 99 BS 7799-2:1999 ISO 17799 December 2000 BS 7799-2:2002 5th September 2002 ISO 17799 Standard :Pioneered By BSI

  18. Overview of ISO 17799 Information Security Management The ISO 17799 Way Safeguarding the confidentiality, integrity ,and availability of written, spoken, and computer information

  19. BS 7799: Part 2: 2002 Act • Measure Performance of the ISMS • Identify Improvements in the ISMS and effectively implement them. • Take appropriate corrective & preventive action • Communicate the results and actions and consult with all parties involved. • Revise the ISMS where necessary • Ensure that the revision achieve their intended objectives. • Define ISMS Scope and Policy • Define a systematic approach to risk assessment • Identify the risk • Apply the systematic approach for assessing the risk • Identify and Evaluate options for the treatment of risk. • Select Control Objectives and Controls for the treatment of risks. • Execute Procedures to and Other Controls • Undertake regular reviews of the effectiveness of the ISMS • Review the level of residual risk and acceptable risk • Execute the management procedure • Undertake a formal review of its ISMS on a regular basis • Record and report all actions and events Check Plan • Implement a specific management program • Implement controls that have been selected • Manage Operations • Manage Resources • Implement Procedures and Other Control Processes Do

  20. Benefits of implementing and certifying to the BS 7799 standard • Ensures business continuity and minimizes business losses by protecting information from a wide range of threats • Demonstrates compliance with the standard for information security in addition to helping companies safeguard vital information • Reputable means for companies to benchmark their Information Security Management System (ISMS) through Third Party Certification • Brings confidence to business partners who entrust information into the custody of the certified organizations • Strengthens the competitive edge of the company by creating trust in the firm, externally as well as internally • Motivates management to demonstrate adherence to good security practice

  21. Getting Started;Getting Registered • As BS 7799 2:2002

  22. Why Information Security? ‘Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 17799:2000

  23. Information Lifecycle Information can be: Created Stored Destroyed? Processed Transmitted Used - (for proper and improper purposes) Lost! Corrupted!

  24. What is Information Security BS ISO 17799:2000 defines this as: • Confidentiality: ensuring that information is accessible only to those authorised to have access • Integrity: safeguarding the accuracy and completeness of information and processing methods • Availability: ensuring that authorised users have access to information and associated assets when required

  25. Purchase the Standard BS 7799 Training Assemble a Team and Agree to Your Strategy Define Scope Determination of Value of Information Assets Review Consultancy Options Identification of Information Assets Determination of Risk Determination of Policy(ies) and the Degree of Assurance Required from the Controls Identification of Control Objectives and Controls See Next Typical Implementation Process

  26. Typical Implementation Process Definition of Policies, Standards, and Procedures to Implement the Controls Production and Implementation of Policies, Standards, and Procedures From Previous Completion of ISMS Documentation Requirements See Next Statement of Applicability

  27. Typical Registration Process Audit and Review of Information Security Management System From Previous Choose a Registrar Initial Inquiry Optional Quotation Provided Application Submitted Client Manager Appointed Pre-Assessment Phase 1 Undertake a Desktop Review Phase 2 Undertake a Full Audit Registration Confirmed Continual Assessment Upon Successful Completion Re-Assessment (every 3 years)

  28. The following steps are required for Registration: • 1. Developing an Information Security Policy • 2. Defining a Scope Statement • 3. Performing a Risk Analysis • 4. Defining a Statement of Applicability • 5. Developing a Business Continuity Plan • 6. Developing and implementing the Management System • 7. Successfully completing a Certification Audit

  29. Management framework policies relating to BS 7799-2 Clause 4 • Security Manual Level 1 Policy, scope risk assessment, statement of applicability Describes processes – who, what, when, where (4.1- 4.10) Level 2 Procedures Work Instructions, checklists, forms, etc. Level 3 Describes how tasks and specific activities are done Level 4 Provides objective evidence of compliance to ISMS requirements clause 3.6 Records

  30. Security Policy Statement Scope of the Information Security Mgt.System ISMS Documentation Security Policy Manual Risk Assessment /Risk Mgt. Information Key Elements of BS7799 documentation that must be completed before Certification Audits

  31. Information Security Policy Compliance Security Organisation Continuity Planning Asset Classification Controls INFORMATION Staff Records System Development Personnel Security Client Records Financial Records Access Controls Physical Security 10 Domains of ISMS Communications Management

  32. BSI - Focussed on BS 7799 Helping You Build a Secure Business Business Improvement Compliance Processes Performance Improvement Procedures Documentation Competence

  33. BSI ISO 17799 Market Share • BSI currently has major share of international registration market • Areas where ISMS program is established • Asia (India,China, Japan, Korea, Hong Kong) • Europe and Middle East (UK, Germany, Greece, Dubai) • Americas (USA, Canada, Brazil)

  34. Associate Consultants of BSI

  35. Associate Network Partnership Success Client Consultant BSI

  36. Associate Consultancy Partnership Measure/Analyse Progress Develop INPUT Client Business Awareness OUTPUT BSI Certification Business Improvement Management System Build Process Client Consultant BSI

  37. BS 7799 Training and Certification- LA and LI • The best method to validate ones attempt to provide an Effective Information Security Management is to first benchmark the same with BS 7799 Standard and then certify the same through an external vendor

  38. ISO/IEC 17799:2000 (Part 1) is the standard code of practice , which can be regarded as a comprehensive catalogue of "the best things to do in Information Security“ • BS7799-2: 1999 (Part 2) is a standard specification for Information Security Management Systems (ISMS). ISMS is the means by which Senior Management monitor can control their security, minimising the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. • Please note that certification is against BS7799-2:1999.

  39. ISMS Implementation Process BSI P.A P.D.C.A (PH-I) (PH-II) CERT. 0 1 2 3 4 0 6 7 8 9 10 5 ISMS Lead Auditor (Certification Body) Implementation & Assessment (Consultants)

  40. BS 7799- Implementation Course • Determination of scope • Identification of information assets • Determination of the value of information assets • Determination of risk • Determination of policy (ies) and the degree of assurance required from controls • How to build an information Security Management System (ISMS) • Identification of control objective and controls • Definition of polices, standards and procedures to implement the controls • Production and implementation of policies, standards and procedures • Completion of ISMS documentation requirements • Audit and review of ISMS • Formal Examination on the last day and BSI Certificate

  41. The Objective of BS 7799 Imp. • The objective of this course is to provide delegates with the necessary skills to implement an ISMS that is compliant with the requirements of ISO 17799 and meets the certification requirements of BS 7799 part 2. The course utilizes a dynamic methodology developed by BSI that will provide delegates with a framework for an effective implementation of ISMS.

  42. BS 7799 Lead Auditor Course • BS 7799: 2002 • Information Security • The importance of Information Security • Assessing security threats and vulnerabilities • Management of security risks • Selecting security controls • Auditing to BS 7799 • BS 7799 auditing techniques • Managing and leading a BS 7799 audit team • Interview techniques • Audit reporting • Comprehensive course manual including a copy of Standards for training purpose. • Formal Examination on the last day and BSI Certificate

  43. Why BS 7799 Lead Auditor Course? • Effective auditing is the only way to ensure that the measures you put in place to protect your organization and your customers are properly managed and achieve the desired results.

  44. 359,000 SERVERS INFECTED IN 14 HOURS $2.6 BILLION IN DOWNTIME AND CLEANUP 800,000+ SERVERS INFECTED WORLDWIDE Why to Protect the Critical Business Information?

  45. Business Government Public Businesses Have Moved On-Line… 98%of respondents have WWW sites… 68%conduct electronic commerce on their sites --- FBI / CSI, 2003 27%of B2B commerce isnow done on the Web --- Forrester, 2003

  46. $4.5B will be spent this year on defensive protection (Firewalls, Viruses, Intrusion Detection, E-mail Scanning) Perimeter Security $6.6Mavg. theft – up 355%since ‘97 90%attacked 82%attacked byexternal Hackers 66%did not disclose ….And are facing the consequences of inadequate protection Sources: IDC, 2002 FBI/CSI Computer Crime Survey

  47. Security must Protect and Enable “The greatest security threatto businesses over the next 12 months will not be from viruses, outside hackers penetrating defenses, denial of service, or inside jobs. It will be theloss of trust and brand equity.” — Hurwitz Group

  48. It’s going to get worse • Explosive growth of the Internet continues • continues to double in size every 10-12 months • where will all the capable system administrators come from? • Market growth will drive vendors • time to market, features, performance, cost are primary • “invisible” quality features such as security are secondary

  49. Today’s Security Landscape • 2002 Security Snapshot • Over 90% of world wide companies experience breaches • Overall, security attacks cost $266B • 2002-3 Security Trends • Security attacks are increasing • Threats are more complex (e.g.) Salami Techniques, Code Red and Nimda Information Security is an Essential Part of Business Operations Global Information Security Survey, InformationWeek, 9/01

  50. Pressure for Effective Security Operations Security Information Management Mandates Across Industry Vertical. Freedom of Information Act The EU Data Privacy Directive Homeland Security (US) SAS70 IT Act of India- 2000 RBI Security Guidelines Gramm Leach Bliley Act HIPAA (Health Insurance Portability Accountability Act.) Government Information Security Reform Children's Internet Protection Act Data Protection Act- UK Computer misuse Act- US

More Related