Digit Oktavianto Web Log

Catatan Sampah si Digit

Free ISO 27001 Course

| Comments

Halo teman, saya kembali menemukan resource menarik dari Linkedin Newsletter. Ada link menarik yaitu mengenai ISO 27001 free course. ISO 27001 itu apa sih? Menurut Wikipedia, ISO 27001 adalah : suatu standar sistem manajemen keamanan informasi (ISMS, information security management system) yang diterbitkan oleh ISO dan IEC pada Oktober 2005. Standar yang berasal dari BS 7799-2 ini ditujukan untuk digunakan bersama dengan ISO/IEC 27002, yang memberikan daftar tujuan pengendalian keamanan dan merekomendasikan suatu rangkaian pengendalian keamanan spesifik. Organisasi yang mengimplementasikan ISMS sesuai dengan pedoman praktik terbaik pada ISO/IEC 27002 kemungkinan juga akan memenuhi persyaratan pada ISO/IEC 27001 walaupun sertifikasinya tetap opsional dan terlepas satu sama lain, kecuali jika diminta oleh para pemangku kepentingan organisasi.

Menurut www.27000.org ISO 27001 terdiri dari :

Management Responsibility
Internal Audits
ISMS Improvement
Annex A - Control objectives and controls
Annex B - OECD principles and this international standard
Annex C - Correspondence between ISO 9001, ISO 14001 and this standard

Untuk penjelasan mengenai pembahasan apa saja yang terdapat pada ISO 27001 silakan klik link ini. Content yang terdapat di antaranya adlah :

  1. Introduction - the standard uses a process approach.

  2. Scope - it specifies generic ISMS requirements suitable for organizations of any type, size or nature.

  3. Normative references - only ISO/IEC 27002:2005 is considered absolutely essential to the use of 27001.

  4. Terms and definitions - a brief, formalized glossary, soon to be superseded by ISO/IEC 27000.

  5. Information security management system - the ‘guts’ of the standard, based on the Plan-Do-Check-Act cycle where Plan = define requirements, assess risks, decide which controls are applicable; Do = implement and operate the ISMS; Check = monitor and review the ISMS; Act = maintain and continuously improve the ISMS. Also specifies certain specific documents that are required and must be controlled, and states that records must be generated and controlled to prove the operation of the ISMS (e.g. certification audit purposes).

  6. Management responsibility - management must demonstrate their commitment to the ISMS, principally by allocating adequate resources to implement and operate it.

  7. Internal ISMS audits - the organization must conduct periodic internal audits to ensure the ISMS incorporates adequate controls which operate effectively.

  8. Management review of the ISMS - management must review the suitability, adequacy and effectiveness of the ISMS at least once a year, assessing opportunities for improvement and the need for changes.

  9. ISMS improvements - the organization must continually improve the ISMS by assessing and where necessary making changes to ensure its suitability and effectiveness, addressing nonconformance (noncompliance) and where possible preventing recurrent issues.

Annex A - Control objectives and controls - little more in fact than a list of titles of the control sections in ISO/IEC 27002, down to the second level of numbering (e.g. 9.1, 9.2).

Annex B - OECD principles and this International Standard - a table briefly showing which parts of this standard satisfy 7 key principles laid out in the OECD Guidelines for the Security of Information Systems and Networks.

Annex C - Correspondence between ISO 9001:2000, ISO 14001:2004 and this International Standard - the standard shares the same basic structure of other management systems standards, meaning that an organization which implements any one should be familiar with concepts such as PDCA, records and audits.

Untuk mengetahui proses sertifikasi dari ISMS (Information Security Management Service) ini silakan anda menuju link ini

Untuk mendapatkan Free ISO 27001 course silakan anda klik link berikut ini

**Untuk mempersiapkan Ujian sertifikasi ISO 27001 anda bisa membaca sedikit wejangan mengenai : How to prepare ISO 27001 certification di link berikut ini

Dan untuk mengetahui basic-basic dari ISO 27001 , silakan klik link ini

Ada juga tulisan dari blog ISO 2700 yang di tulis oleh Dejan Kosutic mengenai ISO 27001 implementation checklist silakan membaca tautan berikut ini

Dejan Kosutic juga menawarkan Free Download Materials yang berkaitan dengan ISO 27001. Silakan download di link ini

Untuk menyelam lebih jauh ke dalam ISO 27001 silakan membaca artikel-artikel di Blog ISO 27001 standard**

Semoga bermanfaat :)

Comments