1. Three aspects of information security:
2. ISO PDCA Model:
Plan - Establish the ISMS
Do - Implement and Operate the ISMS
Check - Monitor and Review ISMS
Act - Maintain and Improve ISMS
3. Risk
Assessing security risks
Treating security risks
Risk Priority Number (RPN) = Severity x Occurrence x weakness
4. The ISMS documentation:
Statement of ISMS Policy
Control of documents
Control of records
Risk assessment and treatment plan
Internal ISMS audits
Management Review of the ISMS
Corrective and Preventive actions
5. Audit findings:
Noteworthy efforts
Annex A: Control Objectives and controls:
5. Information security policy
6. Organization of information security
7. asset management
8. human resources security
9. Physical and environment security
10. communications and operations management
11. access control
12. information systems acquisition, development and maintenance
13. management of information security incidents and improvement
14. Business continuity management
15. Compliance