EXIN Information Security Management Advanced

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EXIN Information Security Management Advanced"

Transcription

1 Preparation Guide EXIN Information Security Management Advanced based on ISO/IEC Edition

2 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing system or circulated in any form by print, photo print, microfilm or any other means without written permission by EXIN. 2

3 Content 1. Overview 4 2. Exam requirements 8 3. Literature 11 3

4 1. Overview EXIN Information Security Management Advanced based on ISO/IEC (ISMAS.EN) Summary Preparation Guides are designed to help training providers develop courses and course material that meet with EXIN requirements. The main objective of the Preparation Guide is to identify the exam subjects, the exam requirements and specifications, and the target audience to support the development of new, high quality courses. Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their employees, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies now completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service. There are other important trends that are increasing the importance of the Information Security discipline: Compliance requirements are increasing: Most countries have multiple laws or regulations governing the use and requiring protection of various types of data. These laws are increasing in number and their requirements are growing. Many industries, particularly the financial world, have regulations in addition to those imposed by a government. These, too are growing in number and complexity. Security standards are being developed and refined at industrial, national and international levels. 4

5 Security certifications and auditable proof that an organization is complying to security standards and/or best practices are sometimes being demanded as a condition of doing business. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2013 is a widely respected and referenced standard and provides a framework for the organization and management of an information security program. Implementing a program based on this standard will serve an organization well in its goal of meeting many of the requirements faced in today s complex operating environment. A strong understanding of this standard is important to the personal development of every information security professional. In EXIN s Information Security modules the following definition is used: Information Security deals with the definition, implementation, maintenance, compliance and evaluation of a coherent set of controls which safeguard the availability, integrity and confidentiality of the (manual and automated) information supply. The module Information Security Management Advanced based on ISO/IEC (ISMAS.EN) tests your understanding of the organizational and managerial aspects of information security. The subjects of this module are:: Information security perspectives: Business, Customer, Service provider/supplier Risk Management: Analysis, Controls, Remaining risks Information security controls: Organizational, Technical, Other. 5

6 Context Qualification program The Information Security Management Advanced Certificate builds on the Information Security Foundation Certificate in which the basic concepts of information security are tested. The Information Security Management Advanced Certificate is one of the prerequisites for the next step in the program: Information Security Management Expert. Target group Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Prerequisites The Information Security Foundation based on ISO/IEC Certificate or an equivalent. Requirements for the certificate The Information Security Management Advanced training course with an EXIN accredited training provider (ATP), including having successfully fulfilled the two (2) practical assignments as part of the course. Successful completion of the exam Information Security Management Advanced based on ISO/IEC

7 Examination type Multiple choice exam Indication study load 120 hours Practical assignments Practical assignments are part of the examination and will be assessed by an EXIN accredited training provider during the training course. In order to obtain the EXIN Information Security Management Advanced Certificate, the candidate will need to have successfully completed the practical assignments. Time allotted for examination 90 minutes Examination details Number of questions: 30 Pass mark: 65% (20 of 30) Open book/notes: No Electronic equipment permitted: No Sample questions A sample exam is available through your Accredited Training Provider. Training Group size The maximum number of course participants is 16. (This is not applicable for online- or computer based training.) Contact hours The minimum number of contact hours for the course is 20. This number includes (group) assignments, exam preparation and short coffee breaks. Not included are: homework, the logistics related to the exam session, the exam session and lunch breaks. Training provider A list of Accredited Training Providers may be found on EXIN s website 7

8 2. Exam requirements The exam requirements are specified in the exam specifications. The following table lists the topics of the module (exam requirements). The weight of the different topics in the exam is expressed as a percentage of the total. Exam requirement Exam specification Weight (%) 1 Information security perspectives The candidate understands the business interest of information security. 3,3 1.2 The candidate understands the customer perspective on information 3,3 governance. 1.3 The candidate understands the supplier's responsibilities in security assurance. 3,3 2 Risk Management The candidate understands the principles of risk management The candidate knows how to control risks The candidate knows how to deal with remaining risks Information security controls The candidate has knowledge of organizational controls The candidate has knowledge of technical controls The candidate has knowledge of physical, employment-related and continuity controls. 20 Total 100 8

9 Exam specifications 1. Information security perspective (10%) 1.1 Business (3.3%) The candidate understands the business interest of information security. The candidate is able to: Distinguish types of information based on their business value Explain the characteristics of a management system for information security 1.2 Customer (3.3%) The candidate understands the customer perspective on information governance. The candidate is able to: Explain the importance of information governance when outsourcing Recommend a supplier based on assurance controls 1.3 Service provider / supplier (3.3%) The candidate understands the supplier's responsibilities in security assurance. The candidate is able to: Distinguish security aspects in service management processes Support compliance activities 2. Risk management (30%) 2.1 Analysis (10%) The candidate understands the principles of risk management. The candidate is able to: Explain principles of analyzing risks Identify risks for classified assets Calculate risks for classified assets 2.2 Controls (10%) The candidate knows how to control risks. The candidate can: Categorize controls based on Confidentiality, Integrity and Availability (CIA) Choose controls based on incident cycle stages Choose relevant guidelines for applying controls 9

10 2.3 Remaining risks (10%) The candidate knows how to deal with remaining risks. The candidate can: Distinguish risk strategies Produce business cases for controls Produce reports on risk analyses 3. Information security controls (60%) 3.1 Organizational (20%) The candidate has knowledge of organizational controls. The candidate is able to: Write policies and procedures for information security Implement information security incident handling Perform an awareness campaign in the organization Implement roles and responsibilities for information security 3.2 Technical (20%) The candidate has knowledge of technical controls. The candidate is able to: Explain the purpose of security architectures Explain the purpose of security services Explain the importance of security elements in the IT infrastructure 3.3 Other controls (20%) The candidate has knowledge of physical, employment-related and continuity controls. The candidate is able to: Recommend controls for physical access Recommend security controls for employment life cycle Support the development and testing of a business continuity plan Comment For most staff members, security controls are the first aspects of information security they encounter. Therefore, information security controls are central to the module and have the highest weight. 10

11 3. Literature Exam literature A Cazemier, J.A., Overbeek, P., and Peters, L. Information Security Management with ITIL V3 Van Haren Publishing, 2010 ISBN B C Whitman, M.E., Mattord, H.J. Management of Information Security Cengage learning, 2010 Third Edition ISBN or International version: ISBN ISO/IEC 27002:2013 (EN) Information technology - Security techniques - Code of practice for information security controls Switzerland, ISO/IEC, Additional literature D BSI-standard IT-Grundschutz Methodology Bundesamt für Sicherheit in der Informationstechnik English version available for download on Partnernet E F ISO/IEC 27005:2011 (EN) Information technology -- Security techniques -- Information security risk management Switzerland, ISO/IEC, Pfleeger, Charles P. and Pfleeger, Shari Lawrence Security in Computing, 4 th edition Upper Saddle River NJ, Prentice Hall, 2006 ISBN

12 G ISO/IEC 27000:2014 (EN) Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary Switzerland, ISO/IEC, Comment: U.S. trainers and candidates can use the international version of literature item B. The book is exactly the same, apart from ISBN and book cover. Literature B provides a Glossary of terms which, if related to the Chapters mentioned in the overview of the literature below, are basic concepts for the exams. Literature B Chapter 6, Models on page 222 will not be tested. Literature B Chapter 6, Figure 6-3 on page 230; the arrow should turn right instead of left (Plan Do Check Act). Although since 2013 risk management is represented in ISO/IEC 27005, instead of ISO/IEC 27002, ISO/IEC is not primary exam literature because in the current exam literature enough content is found about this subject. Additional literature is for reference and depth of knowledge only. The exam is based on the exam literature. 12

13 Overview of the literature Exam specification Literature 1.1 A: 2.1; Chapter 3; 5.6 B: Chapter 4; Chapter A: 2.1; 5.3.4; 5.7; Annex A B: Chapter 2 C: 15.1; A: 2.1; Chapter 4; Annex A B: Chapter 12 C: 15.1; 15.2; Chapter 18, A: B: Chapter 8 C: Chapter 0 Introduction; Chapter B C Chapter 8, chapter 9 Chapter 0 Introduction 2.3 B: Chapter 8; Chapter 9 C: Chapter A: 4.5; 5.2; 5.3.1; 5.4 B: Chapter 3; Chapter 4; Chapter 5; Chapter 11 C: Chapter 5; 6.1; Chapter 7; Chapter A: Chapter 2 B: Chapter 5; Chapter 6; Chapter 10 C: 8.3; 12.1; 12.2; 12.3; 12.4; 13.1; 13.2; 15.2; Chapter B: Chapter 3; Chapter 11 C: Chapter 7; Chapter 11; Chapter 17 13

14 Contact EXIN

Information Security Management Expert based on ISO/IEC 27002

Information Security Management Expert based on ISO/IEC 27002 Preparation Guide Information Security Management Expert based on ISO/IEC 27002 Edition April 2014 Content 1. Overview 3 2. Exam requirements 7 3. List of basic concepts 15 4. Literature 16 Copyright 2014

More information

EXIN Foundation in IT Service Management based on ISO/IEC 20000

EXIN Foundation in IT Service Management based on ISO/IEC 20000 Preparation Guide EXIN Foundation in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published, reproduced, copied

More information

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000 Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied

More information

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,

More information

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published,

More information

List of courses offered by Marc Taillefer

List of courses offered by Marc Taillefer ISO/IEC 20000 Foundation (IS20F.EN) List of courses offered by Marc Taillefer Designed to provide knowledge of what an IT service management system is and the minimum requirements that service providers

More information

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000 Preparation Guide IT Service Management Foundation Bridge based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied

More information

Preparation Guide. EXIN IT Service Management Executive Consultant/Manager based on ISO/IEC 20000

Preparation Guide. EXIN IT Service Management Executive Consultant/Manager based on ISO/IEC 20000 Preparation Guide EXIN IT Service Management Executive Consultant/Manager based on ISO/IEC 20000 Edition March 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published,

More information

Preparation Guide. Microsoft Operations Framework Foundation

Preparation Guide. Microsoft Operations Framework Foundation Preparation Guide Microsoft Operations Framework Foundation Edition February 2015 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in

More information

Preparation Guide. EXIN Cloud Computing Foundation

Preparation Guide. EXIN Cloud Computing Foundation Preparation Guide EXIN Cloud Computing Foundation Edition June 2012 Copyright 2012 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC 20000. Specification Sheet. ISO/IEC 20000 Foundation Bridge TÜV SÜD Akademie

Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC 20000. Specification Sheet. ISO/IEC 20000 Foundation Bridge TÜV SÜD Akademie Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC 20000 Specification Sheet TÜV SÜD Akademie Issue: 2.0 Date: 25 October 2012 Table of Contents 1 Reading aid... 4 2 ISO/IEC 20000 -

More information

Preparation Guide Content. EXIN Cloud. 1. Overview 4 2. Exam Requirements 6 3. List of Basic Concepts 9 4. Exam Literature 13. Computing Foundation

Preparation Guide Content. EXIN Cloud. 1. Overview 4 2. Exam Requirements 6 3. List of Basic Concepts 9 4. Exam Literature 13. Computing Foundation Preparation Guide Content EXIN Cloud 1. Overview 4 2. Exam Requirements 6 3. List of Basic Concepts 9 4. Exam Literature 13 Computing Foundation Edition December 2015 Copyright 2015 EXIN All rights reserved.

More information

Preparation Guide. EXIN Agile Scrum Foundation

Preparation Guide. EXIN Agile Scrum Foundation Preparation Guide EXIN Agile Scrum Foundation Edition March 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

November Version 01.3

November Version 01.3 November 2012 Version 01.3 The Experts in certifying Professionals e-mail: info@peoplecert.org, www.peoplecert.org Copyright 2012 PEOPLECERT International Ltd. All rights reserved. No part of this publication

More information

White paper. Secure Cloud Services: An Integrated Approach

White paper. Secure Cloud Services: An Integrated Approach White paper Secure Cloud Services: An Integrated Approach Edition October 2013 Whitepaper Information Management Secure Cloud Services: An Integrated Approach Edition October 2013 Copyright 2013 EXIN All

More information

ITIL V3 Service Design Certification Program 3 Days

ITIL V3 Service Design Certification Program 3 Days ITIL V3 Service Design Certification Program 3 Days Program Overview The ITIL Intermediate Qualification: Service Design Certificate is a free-standing qualification, but is also part of the ITIL Intermediate

More information

IT Service Management Practitioner: Plan & Improve (based on ITIL ) (IPPI.EN)

IT Service Management Practitioner: Plan & Improve (based on ITIL ) (IPPI.EN) Exam requirements IT Service Management Practitioner: Plan & Improve (based on ITIL ) (IPPI.EN) Publication date 01-12-2009 Start date 01-03-2007 Summary Target group Context Prerequisites Practical assignment

More information

IT Service Management Practitioner: Support & Restore (based on ITIL ) (IPSR.EN)

IT Service Management Practitioner: Support & Restore (based on ITIL ) (IPSR.EN) Exam requirements IT Service Management Practitioner: Support & Restore (based on ITIL ) (IPSR.EN) Publication date 01-12-2009 Start date 01-01-2006 Summary Target group Context Prerequisites Practical

More information

-Blue Print- The Quality Approach towards IT Service Management

-Blue Print- The Quality Approach towards IT Service Management -Blue Print- The Quality Approach towards IT Service Management The Qualification and Certification Program in IT Service Management according to ISO/IEC 20000 TÜV SÜD Akademie GmbH Certification Body

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. March 19, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan March 19, 2015 Network Security Reference Books Corporate Computer Security (3rd Edition)

More information

ITIL V3 Service Operation Certification Program

ITIL V3 Service Operation Certification Program ITIL V3 Service Operation Certification Program 3 Days Program Overview The ITIL Intermediate Qualification: Service Operation (SO) Certificate, although a stand alone qualification, yet is also part of

More information

Frameworks for IT Management

Frameworks for IT Management Frameworks for IT Management Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net 18 ITIL - the IT Infrastructure

More information

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49.

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49. Safeguards Frameworks and Controls Theory of Secure Information Systems Features: Safeguards and Controls Richard Baskerville T 1 F 1 O 1 T 2 F 2 O 2 T 3 F 3 O 3 T 4... T n...... F l O m T F O Security

More information

ITIL V3 Operational Support and Analysis (OSA) Certification Program - 5 Days

ITIL V3 Operational Support and Analysis (OSA) Certification Program - 5 Days ITIL V3 Operational Support and Analysis (OSA) Certification Program - 5 Days Program Overview The ITIL Intermediate Qualification: Operational Support and Analysis (OSA) Certificate, although a stand

More information

ITIL 2011 Service Design Certification Program - 3 Days

ITIL 2011 Service Design Certification Program - 3 Days ITIL 2011 Service Design Certification Program - 3 Days Program Overview ITIL is a set of best practices guidance that has become a worldwide-adopted framework for Information Technology Services Management

More information

ITIL Operations Support Analysis (OSA) Certification Program - 5 Days

ITIL Operations Support Analysis (OSA) Certification Program - 5 Days ITIL Operations Support Analysis (OSA) Certification Program - 5 Days Program Overview ITIL is a set of best practices guidance that has become a worldwide-adopted framework for Information Technology

More information

ITIL Service Design Lifecycle

ITIL Service Design Lifecycle ITIL Service Design Lifecycle Certificate: ITIL Service Design Lifecycle Duration: 3 days Course Delivery: (Virtual) Classroom, Exam, ebook Course ID: ITL9336 Language: English Credits: 3 Credits to ITIL

More information

ISMS Implementation Guide

ISMS Implementation Guide atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-615-7300 Fax: 512-615-7301 www.atsec.com ISMS Implementation Guide atsec information security ISMS Implementation

More information

EXIN Cloud Computing Foundation

EXIN Cloud Computing Foundation Sample Questions EXIN Cloud Computing Foundation Edition April 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

ITIL Intermediate: Service Design. Lesson Plan. Mock Exam: Duration: Language:

ITIL Intermediate: Service Design. Lesson Plan. Mock Exam: Duration: Language: ITIL Intermediate: Service Design Lesson Plan Delivery: e-learning Certificate: Examination (included) Accredited By: EXIN Mock Exam: Duration: Language: Included in Course (x2) 20 hours, self-paced English

More information

EXIN WORKFORCE READINESS professional

EXIN WORKFORCE READINESS professional EXIN WORKFORCE READINESS professional IT ALL COMES DOWN TO EXPERIENCE ICT is everywhere. It has become an integral part of our lives. In a world How can professionals continue to grow in order to be ready

More information

EXIN IT Service Management Foundation based on ISO/IEC 20000

EXIN IT Service Management Foundation based on ISO/IEC 20000 Sample Exam EXIN IT Service Management Foundation Edition October 2013 Copyright 2013 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored in a data processing

More information

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...

More information

Information technology Security techniques Information security management systems Overview and vocabulary

Information technology Security techniques Information security management systems Overview and vocabulary INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques

More information

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC 20000 to fit the future of service management

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC 20000 to fit the future of service management Name: Lynda Cooper Date: November 24th Revising ISO/IEC 20000 to fit the future of service management Agenda Brief overview of ISO20000 Changes Why and How What Your views and how you can influence the

More information

ITIL V3 Release, Control and Validation (RCV) Certification Program - 5 Days

ITIL V3 Release, Control and Validation (RCV) Certification Program - 5 Days ITIL V3 Release, Control and Validation (RCV) Certification Program - 5 Days Program Overview The ITIL Intermediate Qualification: Release, Control and Validation (RCV) Certificate, although a stand alone

More information

GUIDE 62. General requirements for bodies operating assessment and certification/registration of quality systems

GUIDE 62. General requirements for bodies operating assessment and certification/registration of quality systems GUIDE 62 General requirements for bodies operating assessment and certification/registration of quality systems First edition 1996 ISO/IEC GUIDE 62:1996(E) Contents Pag e Section 1: General 1 1.1 Scope

More information

ITIL 2011 Service Offerings & Agreement (SOA) Certification Program - 5 Days

ITIL 2011 Service Offerings & Agreement (SOA) Certification Program - 5 Days ITIL 2011 Service Offerings & Agreement (SOA) Certification Program - 5 Days Program Overview ITIL is a set of best practices guidance that has become a worldwide-adopted framework for Information Technology

More information

BCS Specialist Certificate in Service Desk & Incident Management Syllabus

BCS Specialist Certificate in Service Desk & Incident Management Syllabus BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...

More information

ISO 27000 Information Security Management Systems Foundation

ISO 27000 Information Security Management Systems Foundation ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality

More information

A Structured Comparison of Security Standards

A Structured Comparison of Security Standards A Structured Comparison of Security Standards Kristian Beckers 1, Isabelle Côté 3, Stefan Fenz 2, Denis Hatebur 1,3, and Maritta Heisel 1 1 paluno - The Ruhr Institute for Software Technology - University

More information

(A 5-Day course including examination)

(A 5-Day course including examination) Course Description ITIL v3 Managing Across the Lifecycle (MALC) (A 5-Day course including examination) The Managing Across the Lifecycle Certificate is the final module of the Service Lifecycle and/or

More information

BCS Specialist Certificate in Change Management Syllabus

BCS Specialist Certificate in Change Management Syllabus BCS Specialist Certificate in Change Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Change Management Syllabus Contents Change History... 2 Rationale... 3 Aims and Objectives...

More information

2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn

2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn 2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn Contents Contents 1 Introduction 1.1 Version History 1.2 Objective 1.3 Target group 1.4 Application

More information

Chapter 4 Information Security Program Development

Chapter 4 Information Security Program Development Chapter 4 Information Security Program Development Introduction Formal adherence to detailed security standards for electronic information processing systems is necessary for industry and government survival.

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Recent Advances in Automatic Control, Information and Communications

Recent Advances in Automatic Control, Information and Communications Proposal of the improvement of actual ITIL version based on comparative IT Service Management methodologies and standards The implementation of IT Service Management frameworks and standards Anel Tanovic*,

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO 22000 First edition 2005-09-01 Food safety management systems Requirements for any organization in the food chain Systèmes de management de la sécurité des denrées alimentaires

More information

Sample Exam. IT Service Management Foundation based on ISO/IEC 20000

Sample Exam. IT Service Management Foundation based on ISO/IEC 20000 Sample Exam IT Service Management Foundation based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

White Paper. Comparison of ISO/IEC 20000 with ASL and BiSL

White Paper. Comparison of ISO/IEC 20000 with ASL and BiSL White Paper Comparison of ISO/IEC 20000 with ASL and BiSL Both ISO/IEC 20000 and ASL offer guidance for IT Service Providers, ISO/IEC 20000 giving broad guidance for IT Service Management and ASL focusing

More information

Frameworks for IT Management

Frameworks for IT Management Frameworks for IT ment 14 BiSL Business Information Services Library The Business Information Services Library (BiSL) has a focus on how business organizations can improve control over their information

More information

Weighted Total Mark. Weighted Exam Mark

Weighted Total Mark. Weighted Exam Mark CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU

More information

Agile Service Projects

Agile Service Projects Agile Service Projects An Integrated Approach by Maarten Bordewijk and Rik Teuben Agile Service Projects An Integrated Approach Introduction 3 Agile approach is succesful 4 Scrum, PRINCE2 & IT Service

More information

CS 450/650 Fundamentals of Integrated Computer Security

CS 450/650 Fundamentals of Integrated Computer Security CS 450/650 Fundamentals of Integrated Computer Security Course Information Department of Computer Science & Engineering UNR, Fall 2014 Class hours Tuesday & Thursday, 1:00 2:15am @ PE 101 Instructor E

More information

An Overview of ISO/IEC 27000 family of Information Security Management System Standards

An Overview of ISO/IEC 27000 family of Information Security Management System Standards What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information

More information

DRAFT ÖNORM ISO/IEC 27005

DRAFT ÖNORM ISO/IEC 27005 DRAFT ÖNORM ISO/IEC 27005 Edition: 2013-07-01 Information technology Security techniques Information security risk management (ISO/IEC 27005:2011) Informationstechnologie Sicherheitstechnik Informationssicherheits-

More information

Cloud Computing - Starting Points for Privacy and Transparency

Cloud Computing - Starting Points for Privacy and Transparency Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbüttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg,

More information

ITIL v3 Service Manager Bridge

ITIL v3 Service Manager Bridge ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn

2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn 2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn Contents Contents 1 Introduction 5 1.1 Version history 5 1.2 Aims 5 1.3 Target group 6 1.4 Application

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27001 Lead Auditor The objective of the Certified ISO/IEC 27001 Lead Auditor examination is to ensure that the candidate has the knowledge and the skills to

More information

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen. Metrics for Service Management Governance Strategy Risk Architecture + Infrastructure Design CSF KPI Metrics Transition SDP Requirements CSI Tools Services Operation Processes + ITSM Processes Value Other

More information

Tasmanian Government Information Security Framework

Tasmanian Government Information Security Framework Tasmanian Government Information Security Framework Tasmanian Government Information Security Charter Version 1.0 May 2003 Department of Premier and Cabinet Inter Agency Policy And Projects Unit 1 Purpose

More information

BCS Practitioner Certificate in Business Continuity Management Syllabus

BCS Practitioner Certificate in Business Continuity Management Syllabus BCS Practitioner Certificate in Business Continuity Management Syllabus Version 4.3 March 2015 Contents Change History... 4 Introduction... 5 Objectives... 5 Entry Criteria... 5 Examination Format and

More information

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9

More information

Information technology Security techniques Code of practice for information security controls

Information technology Security techniques Code of practice for information security controls INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de

More information

IRCA Briefing note ISO/IEC 20000-1: 2011

IRCA Briefing note ISO/IEC 20000-1: 2011 IRCA Briefing note ISO/IEC 20000-1: 2011 How to apply for and maintain Training Organization Approval and Training Course Certification IRCA 3000 Contents Introduction 3 Summary of the changes within ISO/IEC

More information

Guideline for Roles & Responsibilities in Information Asset Management

Guideline for Roles & Responsibilities in Information Asset Management ISO 27001 Implementer s Forum Guideline for Roles & Responsibilities in Information Asset Management Document ID ISMS/GL/ 003 Classification Internal Use Only Version Number Initial Owner Issue Date 07-08-2009

More information

ISO 9001. What to do. for Small Businesses. Advice from ISO/TC 176

ISO 9001. What to do. for Small Businesses. Advice from ISO/TC 176 ISO 9001 for Small Businesses What to do Advice from ISO/TC 176 ISO 9001 for Small Businesses What to do Advice from ISO/TC 176 ISO Central Secretariat 1, chemin de la Voie-Creuse Case postale 56 CH -

More information

Need for Information Security, Understanding Information security trends and Improving Security

Need for Information Security, Understanding Information security trends and Improving Security Need for Information Security, Understanding Information security trends and Improving Security 10 th December, 2014 - Er. Sansar Jung Dewan At First: InfoSec Basics with the Five W s What is Information

More information

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen. ITIL V3 Foundation Exam - The Study Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT

More information

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen. Implementing Information Security based on ISO 27001/ISO 27002 - A Management Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods

More information

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE

More information

ITIL v3 Qualification Scheme

ITIL v3 Qualification Scheme ITIL v3 Qualification Scheme ITIL Version 3 Qualification Scheme diagram Key for the Intermediate modules: Lifecycle modules SS Service Strategy SD Service Delivery ST Service Transition SO Service Operation

More information

ISO 27001: Information Security and the Road to Certification

ISO 27001: Information Security and the Road to Certification ISO 27001: Information Security and the Road to Certification White paper Abstract An information security management system (ISMS) is an essential part of an organization s defense against cyberattacks

More information

ITIL QUALIFICATION SCHEME & ROLE-BASED TRAINING MATRIX WHITE PAPER

ITIL QUALIFICATION SCHEME & ROLE-BASED TRAINING MATRIX WHITE PAPER & ROLE-BASED TRAINING MATRIX WHITE PAPER PRESENTED BY: PUBLISHED: MAY 1, 2014 VERSION: 4 LISA SCHWARTZ AND DONNA KNAPP, ITSM ACADEMY SECTION PAGE Overview 2 Path to ITIL Expert Certification 3-5 Complementary

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and

Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and Copyright is owned by the Author of the thesis. Permission is given for a copy to be downloaded by an individual for the purpose of research and private study only. The thesis may not be reproduced elsewhere

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

ISO/IEC 20000 Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

ISO/IEC 20000 Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1 ISO/IEC 20000 Part 1 the next edition Lynda Cooper project editor for ISO20000 part 1 Agenda The ISO20000 series Why has it changed Changes ITIL3 impact New requirements Changed requirements How to prepare

More information

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 The following are a set of frequently asked questions that relate to new developments regarding ISO/IEC

More information

Accredited ITIL elearning courses

Accredited ITIL elearning courses Accredited ITIL elearning courses Contents Introducing ITIL. 3 Available now!. 4 ITIL 2011 Foundation elearning. 5 ITIL Intermediate level. 7 ITIL 2011 Intermediate: Service Strategy Premium elearning.

More information

INTERMEDIATE QUALIFICATION

INTERMEDIATE QUALIFICATION PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE CAPABILITY PLANNING, PROTECTION AND OPTIMIZATION CERTIFICATE SYLLABUS The Swirl logo is a trade mark of the Cabinet Office ITIL is a

More information