ISO 27001

Summary & Outlook (Compliance)

Content Related ISO
Organization
People Control
Management
9001 Physical Objectives
Technologies

Term &
Conditions
Potential
Information Effects
Drafting Document
Security ISO 27001 ISMS Document
Control Information

Effectiveness
Techniques
GAP Analysis
Internal Implementation
Audit Risk Research
Risk
Management
Policy
1. The Purposes of Organization Management Commitment
2. Information security objectives 1. Approve the ISMS Policy
3. Setting information Security 2. Ensure security goals and objectives (Included
4. Commitment to satisfy applicable Planning)
requirements & continual 3. Setup IS position and Assign Roles,
improvement ISMS Responsibilities and Authorities
5. Communicate within Organization 4. Define level of Risk Acceptance Potential
5. Trigger / Execute ISMS Reviews Effects
Risk Analysis & Measures
a. Potential of Risk
Access b. Impact of Risk (Scale 1-10)
Disruption c. Mitigating Control and Measures
Security Incidents d. Post Control (%)
People & Staff e. Residual Risk
f. Effectiveness
Risk Treatment Decision

Information Security & Control

Firewall a. Threat Intelligence (CIA)
User account b. Information Security
Prevention c. ICT business continuity
SSL (Secure Socket Layers) d. Physical security monitoring
Single Sign-On (SSO) e. Configuration management
Privacy Compliance, etc. f. Monitoring Activities