Information Security Management
The management of Information Security principles in accordance with ISO27001
Software walkthrough version 2.1 (April 2009)
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
�Introduction
ISO27001 compliance tool
ISMS forum
Asset management
Riesgo Risk Management tool is a framework that enables Information Security Departments to manage their day to day commitment to Information Security principles. A web based tool that creates a digital representation of your organisation online and enforces Security principles with ease. Based on IS27001, the framework also allows for Internal and External Auditors to carry out Audits against ISO27001 standards. This presentation aims to provide a walkthrough of the tool’s functions .
ISO27001 policy management
Risk Management
Incident management Information Security Audits
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
2
�Solution modules
Incident register Risk register ISO27001 Policy manager
Asset register
Information Security Department
ISMS forum management
www.riesgoriskmanagement.com
||| info@riesgoriskmanagement.com
3
�Key Accounts
Policy Manager in charge of Policy release and approvals from the HQ or Board IS manager to manage the operation of all Information Security related matters
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
4
�Organisational chart
A digital representation of all your Business Units and external partners makes creates an Effective outreach to the Heads of the Departments and the Information Security points of contact.
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com 5
�ISMS FORUM
The tool handles the following:
ISMS Members
ISMS Meeting dates
ISMS Agendas
ISMS Minutes
ISMS documents Click to see details
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
6
�IS policy management
IS Manager & Policy Manager
Select standard Create policy Upload Policy IS Manager is alerted IS Manager allocates Policy to a responsibility Policy owner uploads commensurate
Assignment of responsibility window
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
7
�Incident management
Incident can be registered from any business Unit and listed on the Incident register. The Information Security Department is immediately notified for assessment.
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
8
�Incident escalation
The incident can Be escalated to key organisations Forums and Departments
New incidents are in bold
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
9
�Asset management
Asset register for all Departments visible to the IS Department
Individual asset lists with details with risks and Audit entries against each asset
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
10
�Asset register form
General details The asset form where details can be registered Including the name of the asset, the asset owner, Classification, data input, data output. This general Description provides an overview of the asset.
Impact assessment Each asset requires a business impact Assessment, The second part of the form will allow CIA assessment Including Business impact and Likelihood of occurrence. A risk matrix is then automatically
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com
11
�Asset register
Link to the Audit non compliance
Link to the Audit non compliance
Link to the risk register
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com 12
�Getting started
• • • • • • • Account manager – Mateo Isabella www.riesgoriskmanagement.com info@riesgoriskmanagement.com London Knowledge Innovation Centre South Bank Technopark 90 London Road SE1 6LN
www.riesgoriskmanagement.com ||| info@riesgoriskmanagement.com 13
�