Consultant - Training - Workshop ISO 27000 Standard - Certification Jakarta

Sejak penerbitan pertama ISO/IEC 17799 pada Desember 2000, ISO/IEC selalu sibuk dalam melakukan standarisasi information security management practices and requirements. Selanjutnya, penerbitan ISO/IEC 27001 tentang "Information Security Management System (ISMS) requirements” dan revisi ISO/IEC 17799 pada tahun 2005 adalah merupakan tonggak utama dalam perjalanan perkembangan standarisasi information security management.

ISO/IEC 27000 Series juga dikenal sebagai "ISMS Family of Standards” atau istilah pendeknya "ISO27K”. Standard ISO 27000 Series secara spesifik telah ditetapkan oleh ISO untuk urusan yang terkait dengan information security. ISO 27000 Series memberikan rekomendasi tentang information security management, risks dan controls di dalam konteks Information Security Management System (ISMS) secara keseluruhan, dimana dari segi design ISO 27000 Series mirip dengan management systems for quality assurance (ISO 9000 Series) dan environmental protection (ISO 14000 Series).

Untuk melihat perkembangan keluarga ISO 27000 lebih lanjut, silakan simak Rangkuman tentang ISO 27000 Series.

ISO 27000: Information security management systems — Overview and vocabulary, contains definitions of information security used as basic terminology in the ISO 27000 series.

ISO 27001: Information security management systems — Requirements, contains supporting aspects in implementing ISMS of an organization.

ISO 27002: Code of practice for information security management, related to ISO 27001 document, this document contains practical guide for implementing ISMS of an organization.

ISO 27003: Information security management system implementation guidance.

ISO 27004: Information security management — Measurement.

ISO 27005: Information security risk management.

ISO 27006: Requirements for bodies providing audit and certification of information security management systems.

ISO 27007: Guidelines for information security management systems auditing (focused on the management system)

ISO 27008: Guidance for auditors on ISMS controls (focused on the information security controls) – In preparation.

ISO 27010: Information technology — Security techniques — Information security management for intersector and inter-organisational communications – In preparation.

ISO 27011: Information security management guidelines for telecommunications organizations based on ISO 27002.

ISO 27013: Information technology — Security techniques — Guidelines on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1.

ISO 27014: Information security governance framework.

ISO 27015: Information security management guidelines for the finance and insurance sectors.

ISO 27016: Information technology — Security techniques — Information security management — Organizational economics.

ISO 27017: The suggestion was that ISO 27010 through ISO 27019 will all cover information security within specific fields and industries – subject to change.

ISO 27018: The suggestion was that ISO 27010 through ISO 27019 will all cover information security within specific fields and industries - subject to change.

ISO 27019: The suggestion was that ISO 27010 through ISO 27019 will all cover information security within specific fields and industries - subject to change.

ISO 27020:2010-12 : Standard Dentistry – Brackets and tubes for use in orthodontics…it is not ISO 27000 series family.

ISO 27025:2010 : Space systems — Programme management — Quality assurance requirements…it is not ISO 27000 series family.

ISO 27026:2011 : Space systems — Programme management — Breakdown of project management structures…it is not ISO 27000 series family.

ISO 27027:2008 : Aerospace — Solid-state remote power controllers — General performance requirements …it is not ISO 27000 series family.

ISO 27031: Guidelines for information and communications technology readiness for business continuity – In preparation.

ISO 27032: Information technology — Security techniques — Guidelines for cybersecurity.

ISO 27033-1: Information technology — Security techniques —Network security. Part 1: Overview and Concepts.

ISO 27033-2.2 : Information technology — Security techniques —Network security. Part 2: Guidelines for the design and implementation of network security.

ISO 27033-3 : Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues.

ISO 27033-4 : Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways.

ISO 27033-5 : Information technology — Security techniques — Network security — Part 5: Securing communications across networks using Virtual Private Network (VPNs).

ISO 27033-6 : Information technology — Security techniques — Network security — Part 6: Securing IP network access using wireless.

ISO 27033-7 : Information technology — Security techniques — Network security — Part 7: Wireless

ISO 27034-1 : Information technology — Security techniques — Application security — Part 1: Overview and concepts.

ISO 27034-2 : Application security — Part 2: Organization normative framework.

ISO 27034-3 : Application security — Part 3: Application security management process.

ISO 27034-4 : Application security — Part 4: Application security validation.

ISO 27034-5 : Application security — Part 5: Protocols and application security controls data structure.

ISO 27035 : Information technology — Security techniques — Information security incident management.

ISO 27036-1 : Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts

ISO 27036-2 : Information technology — Security techniques — Information security for supplier relationships — Part 2: Common requirements

ISO 27036-3 : Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for ICT supply chain security

ISO 27037 : Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence – in preparation.

ISO 27038 : Information technology — Security techniques — Specification for Digital Redaction – in preparation.

ISO 27040 : Information technology — Security techniques — Storage security – in preparation.

ISO 27799: Health Informatics: Information security management in health using ISO/IEC 17799

Tujuan Manajemen sistem 27000 adalah untuk menunjukan secara jelas/nyata bagaimana kontrol manajemen terhadap keamanan informasi . ISO 27000 didesign untuk memastikan adanya kontrol keamanan yang memadai dan proposional untuk melindungi asset informasi & meyakinkan pihak-pihak yang berkepentingan.

Manfaat ISO 27000 adalah :

1. Meningkatkan efektivitas keamanan informasi 

2. Diferensiasi pasar

3. Menambah keyakinan mitra bisnis, stakeholders & pelanggan.

4. Satu-satunya standart yang diterima secara global.

5. Menunjukan kepatuhan pada peraturan & hukum yang berlaku

6. Pemantauan yang independen terhadap manajemen keamanan informasi.

Persyaratan ISO 27001:2005 

1. Ruang lingkup

2. Acuan normatif

3. Istilah dan Defenisi

4. Sistem Manajemen Keamanan Informasi (SMKI)

5. Tanggung Jawab Manajemen

6. Audit Internal SMKI

7. Tinjauan Manajemen SMKI

8. Peningkatan SMKI

Lampiran A : Sasaran Pengendalian 

Lampiran B : Prinsip OECD & ISO 27001

Lampiran C : Kesesuaian dengan ISO 9001 & ISO 14001

Silahkan kunjungi blog kami : http://www.sien-consultant.blogspot.com

and this link : http://digg.com/d38MASV

Hubungi kami ISO Consultants, yang menyediakan Konsultasi, Training dan Workshop : ISO9001, ISO14001, ISO22000, OHSAS18001, ISO17025, HACCP, GMP, Risk Management, dll

or
Call us : 021-33000177 / 0818-0632 3270 or mail to : anti@sienconsultant.com