ISMS - INFORMATION SECURITY MANAGEMENT
STANDARD - TRAINING AND CERTIFICATION
ISO/IEC 27002 -
International Standards Organization and International
Electro-technical Commitee
What is
information security?
Information is
prominent resource and more importantly an enterprise asset that,
like other important business assets, is essential to an
organization’s business and consequently needs to be suitably and
adequately protected. This is especially important in
the increasingly interconnected business environment. As a
result of this increasing interconnectivity, information is now
exposed to a growing number and a wider variety of threats and
vulnerabilities.
Information can
exist in many forms. It can be printed or written on paper, stored
electronically, transmitted by post or by using electronic means,
shown on films, or spoken in conversation. Whatever form the
information takes, or means by which it is shared or stored, it
should always be appropriately protected. Information security
is the protection of information from a wide range of threats in
order to ensure business continuity, minimize business risk, and
maximize return on investments and business
opportunities.
Information
security is achieved by implementing a suitable set of controls,
including policies, processes, procedures, organizational
structures and software and hardware functions. These controls need
to be established, implemented, monitored, reviewed and improved,
where necessary, to ensure that the specific security and business
objectives of the organization are met. This should be done
in conjunction with other business management
processes.
Why information
security is needed?
Information and
the supporting processes, systems, and networks are important
business assets. Defining, achieving, maintaining, and improving
information security may be essential to maintain competitive edge,
cash flow, profitability, legal compliance, and commercial image.
Organizations and their information systems and networks are faced
with security threats from a wide range of sources, including
computer-assisted fraud, espionage, sabotage, vandalism, fire or
flood. Causes of damage such as malicious code, computer hacking,
and denial of service attacks have become more common, more
ambitious, and increasingly sophisticated.
Information
security is important to both public and private sector businesses,
and to protect critical infrastructures. In both sectors,
information security will function as an enabler, e.g. to achieve
egovernment or e-business, and to avoid or reduce relevant risks.
The interconnection of public and private networks and the sharing
of information resources increase the difficulty of achieving
access control. The trend to distributed computing has also
weakened the effectiveness of central, specialist
control.
Many
information systems have not been designed to be secure. The
security that can be achieved through technical means is limited,
and should be supported by appropriate management and procedures.
Identifying which controls should be in place requires careful
planning and attention to detail. Information security management
requires, as a minimum, participation by all employees in
the organization. It may also require participation from
shareholders, suppliers, third parties, customers or other external
parties. Specialist advice from outside organizations may also be
needed.
Exam
content
> Knowledge about the concept, importance and the reliability of
information.
> The types of risks, threats and damages, and the available
risk strategies and the security measures you can
take.
> Insight in the security policy and organization, inclusive
code of conduct, ownership, and roles and
responsibilities.
> How to manage security incidents.
> Various security measures.
> Physical measures such as identity passes and finger
scans.
> Technical measures such as cryptography, and how to deal with
attacks such as phishing, spam and malware.
> Organizational measures to take such as access management and
Business Continuity Management.
> Awareness of the most important legislation and regulations
around the world.
Exam
Details
* Number of
multiple-choice questions: 40
* Pass mark:
65% (26 out of 40)
* Open book:
not allowed
* Invigilator / proctor: yes
© Copyright 2016 A2A
- IMTCS. All rights reserved.
The Swirl logo is a trade mark of AXELOS Limited.
ITIL® is a Registered trade mark of AXELOS Limited.
PRINCE2® is a Registered Trade Mark of AXELOS Limited.
PRINCE2 Agile™ is a Trade Mark of AXELOS Limited.
MSP® is a Registered Trade Mark of AXELOS Limited.
M_o_R® is a Registered Trade Mark of AXELOS Limited.
P2MM® is a Registered Trade Mark of AXELOS Limited.
P3M3® is a Registered Trade Mark of AXELOS Limited.
P3O® is a Registered Trade Mark of AXELOS Limited.
PMP®, PMI, PMBoK are Registered Trade Marks of the Project
Management Institute.
APMP® is a Registered Trade Mark of APM (Association of Project
Management) part of IPMA.
IPMA: International Project Management Association
© COBIT®5. 2012 ISACA. All rights reserved.