Information Technology Service Management (ITSM) Processes. 1) Service Request Management Focuses on requests and responses for the IT help-desk items. The processes should be established and uniform. To reduce the workload on agents, organization may consider implementing self service options or chat-bots. 2) Service Catalogs Generally Service Catalogs is a central location/webpage with all the details for contacting the help-desk. It may also contain the self service options and solutions for common problems/issues. 3) Knowledge,Policy and Procedures. This is the knowledge base which controls the collection, maintenance and distribution of information sharing throughout the organization. It shall include the policies, standards, guidelines and the operating procedures for each process or tasks. 4) Incident Management. Defines process on how to handle a situation when an incident happens and how to fix the situation in an accelerated and organized manner. The objective is to reduce t
:: InfoSec Study Notes : Scribbling on ISO/IEC 27001:2013 Standard Part-1::
ISO/IEC 27001:2013 is an information security management standard. Organizations use it to manage and control the information security risks, to protect and preserve the confidentiality,integrity, and availability of information, and to establish your information security management system (ISMS).
-Is a systematic framework to manage information security related risks and protect important information.
-Also consists of requirements for an ISMS Annex A- a list of control objectives and controls for information security.
ISO/IEC 27001:2013 is an information security management standard. Organizations use it to manage and control the information security risks, to protect and preserve the confidentiality,integrity, and availability of information, and to establish your information security management system (ISMS).
-Is a systematic framework to manage information security related risks and protect important information.
-Also consists of requirements for an ISMS Annex A- a list of control objectives and controls for information security.
-Annex A provides an essential tool for managing security. A list of security controls (or safeguards) that are to be used to improve security of information.
-In brief, the Annex A lists the following control objective. This is a very large list which have more sub-topics/controls.
-Security Policy Management
-Corporate Security Management
-Personnel Security Management
-Organizational Asset Management
-Information Access Management
-Cryptography Policy Management
-Physical Security Management
-Operational Security Management
-Network Security Management
-System Security Management
-Supplier Relationship Management
-Security Incident Management
-Security Continuity Management
-Security Compliance Management
-In brief, the Annex A lists the following control objective. This is a very large list which have more sub-topics/controls.
-Security Policy Management
-Corporate Security Management
-Personnel Security Management
-Organizational Asset Management
-Information Access Management
-Cryptography Policy Management
-Physical Security Management
-Operational Security Management
-Network Security Management
-System Security Management
-Supplier Relationship Management
-Security Incident Management
-Security Continuity Management
-Security Compliance Management
ISO 27000 family of standards:
ISO/IEC 27001 –specifies the requirements for an ISMS
ISO/IEC 27002 –guideline for the implementation of the controls in Annex A
ISO/IEC 27000 – a general overview of information security and terms and definitions
ISO/IEC 27003 –general guidance for the implementation of an ISMS
ISO/IEC 27004 –advice on how organizations can monitor and measure the performance of their ISMS
ISO/IEC 27005 –guidance on risk management and
ISO/IEC 27006 –for audit and certification of ISMS
ISO/IEC 27007 - guideline on how to audit an ISMS
-sector specific -
ISO/IEC 27011 –application of security controls in telecommunication
ISO/IEC TR 27015 –information security management in financial services
ISO/IEC 27002 –guideline for the implementation of the controls in Annex A
ISO/IEC 27000 – a general overview of information security and terms and definitions
ISO/IEC 27003 –general guidance for the implementation of an ISMS
ISO/IEC 27004 –advice on how organizations can monitor and measure the performance of their ISMS
ISO/IEC 27005 –guidance on risk management and
ISO/IEC 27006 –for audit and certification of ISMS
ISO/IEC 27007 - guideline on how to audit an ISMS
-sector specific -
ISO/IEC 27011 –application of security controls in telecommunication
ISO/IEC TR 27015 –information security management in financial services