100% found this document useful (2 votes)

286 views13 pages

ISO 27001 Backup and Operational Procedures

The document discusses operational procedures and controls for ISO 27001:2013 information security standards. It outlines policies for documented operating procedures, change management, capacity management, separation of development and testing environments, malware protection, backups, event logging, log protection, administrator logging, clock synchronization, control of operational software, and information system audits. The goal is to establish controls to protect information security and systems from various risks while minimizing disruption to business operations.

Uploaded by

Sasikala Mani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

100% found this document useful (2 votes)

286 views13 pages

ISO 27001 Backup and Operational Procedures

Uploaded by

Sasikala Mani

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

ISO 27001:2013

- OPERATIONS SECURITY

By DSRC Quality Assurance Group

 Documented Operating procedures – Vouch for procedures
and policies.
 Installation and configuration of systems
 Handling of information
 Backup

 Error Handling or Issue tracking

 Escalation and remedial instructions
 Log Management

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Change Management – Changes which will affect
information security with respect to CIA need to be
controlled.
 Identification

 Planning and testing

 Impact Analysis
 Review and Approval
 Communication

 Fall back process incase of failure

 Handling Emergency Changes

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Capacity Management – for Future use of Resources
 Requirement Analysis – Criticality of Business
New Business requirements
Removal of Obsolete Data
Performance Tuning of systems and process
Restriction on Band-width usages during delivery etc
Resource (human) requirement and their
Capacity/Competence

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Separation of Development, Testing and Operational
Environments– Protection of Operational environment from all
types of Risks.
Segregation of Development, Testing and Operational Systems
Maintenance of production and test data
Handling of Exceptional cases
Segregation of Users based on their activities
Protection of Business critical or highly secured data from Production,
testing and operational process

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Controls
against Malware – Protection of facilities from
Malware threat
 Detect, Prevent and Recover
 Protection from Unwanted downloads
 Periodical review
 Whitelisting and Blacklisting
 Fall back process incase of failure
 Escalation

PROTECTION FROM MALWARE

 Backup – To Protect Loss of Data, DR and BCP.
 Clearly defined Backup Policy – Contract Obligation
 Plan – Data, Systems and Tools and physical
information's
 DR/BCP – Time testing
 Periodicity – Retention Period – Media
 Storage place and tools
 DR site

BACKUP
 EventLogging– Recording operational events of information
security
Event logging – Legally viable
When, Where, Whom, What and Why
Attempts of Access, Installation, Configuration
Change
Activation and de-activation of system controls
(antivirus)

LOGGING AND MONITORING

 Protection of Log information– Backup of System Logs

Meant for Legal evidence

Protected against, tampering or deletion
Access Restriction
Part of backup schedule
Periodicalreview of Protection Controls in place with
Capacity review

LOGGING AND MONITORING

 Administrator
and Operator logs– Recording operational
events of administrator and operator of information facility
Administrator privilege
Privilege access to operators
Critical data/ system access
Intrusion detection system

 Clock Synchronization – Meant for accuracy of event logging

which makes the log evidence legally acceptable in terms of
accuracy as per the statutory and regulatory rules or under
court of law

LOGGING AND MONITORING

 Ensure Integrity of Operational systems
 Trained candidate only authorized to perform changes
 Change control need to be applied
 Roll back facility need to be done – incase of contingency
 Necessary review and approvals before change
 Audit log should be maintained
 Restricted Access management incase of outside suppliers

CONTROL OF OPERATIONAL SOFTWARE

 Information systems audit controls– Minimize the impact of audit
activities on Business operations
 Approval to carry out audit on Information systems
 Scope of technical audit – to be agreed by stakeholders
 Audit access can be given with read-only on data
 Separation files - copy for full access - based on NDA
 Any trial which affects the operation - should be done after
business hours
 Allaudit trails need to be recorded and monitored through
Event log management

INFORMATION SYSTEM AUDIT CONSIDERATIONS

THANK YOU

It Service Continuity Management Itscm
No ratings yet
It Service Continuity Management Itscm
4 pages
ISO 27001 Business Continuity Checklist
No ratings yet
ISO 27001 Business Continuity Checklist
10 pages
EDRM Security Questionnaire 1.1
100% (2)
EDRM Security Questionnaire 1.1
39 pages
SDLC - ISO 27001 Ver 2013
No ratings yet
SDLC - ISO 27001 Ver 2013
3 pages
ECC Control Implementation Tracker LIST
No ratings yet
ECC Control Implementation Tracker LIST
6 pages
Small Firm Cybersecurity Guide
No ratings yet
Small Firm Cybersecurity Guide
28 pages
ISO27k Controls Cross Check
100% (1)
ISO27k Controls Cross Check
6 pages
Qadeer Arbab (MS-IS-074) Waqas Syed Mubbashir Mahmood (MS-IS-070)
100% (2)
Qadeer Arbab (MS-IS-074) Waqas Syed Mubbashir Mahmood (MS-IS-070)
24 pages
Personal Data Protection Act (PDPA) A Quick Guide
No ratings yet
Personal Data Protection Act (PDPA) A Quick Guide
60 pages
Isms Training
No ratings yet
Isms Training
61 pages
Module 7 Assignment
No ratings yet
Module 7 Assignment
13 pages
ISO 27001 Information Security Policy Template - Secureframe
100% (1)
ISO 27001 Information Security Policy Template - Secureframe
4 pages
ISO 27002:2013 Changes Summary
No ratings yet
ISO 27002:2013 Changes Summary
8 pages
User Access Review Procedure Template
No ratings yet
User Access Review Procedure Template
4 pages
ICT380 - Workshop 8
100% (1)
ICT380 - Workshop 8
8 pages
Acceptable Encryption Policy
No ratings yet
Acceptable Encryption Policy
3 pages
Terms of Use: Termsofuse Worksheet May Not Be Modified, Removed, or Deleted
No ratings yet
Terms of Use: Termsofuse Worksheet May Not Be Modified, Removed, or Deleted
52 pages
Information Security Plan
100% (1)
Information Security Plan
28 pages
Network Security Checklist 2009
100% (2)
Network Security Checklist 2009
3 pages
Audit Program - Logical Security
100% (2)
Audit Program - Logical Security
16 pages
Securing Your Web Portal Effectively
No ratings yet
Securing Your Web Portal Effectively
12 pages
Derbyshire Council Backup Policy
100% (1)
Derbyshire Council Backup Policy
6 pages
FedRAMP Security Controls Guide
100% (1)
FedRAMP Security Controls Guide
24 pages
Vulnerabilities Management Template
No ratings yet
Vulnerabilities Management Template
10 pages
Information Security Management Guide
No ratings yet
Information Security Management Guide
27 pages
FedRAMP Security Controls Guide
No ratings yet
FedRAMP Security Controls Guide
2 pages
Traffic Light Protocol
No ratings yet
Traffic Light Protocol
1 page
2022 CA Security Assessment and Authorization Standard
No ratings yet
2022 CA Security Assessment and Authorization Standard
25 pages
ISMS Scope Document EN
0% (1)
ISMS Scope Document EN
4 pages
Isms Certification Readiness Recheck Questionnaire
No ratings yet
Isms Certification Readiness Recheck Questionnaire
19 pages
Business Continuity Plan
No ratings yet
Business Continuity Plan
14 pages
ISM Cyber Security Framework Overview
100% (1)
ISM Cyber Security Framework Overview
223 pages
CPRT CSF 2 0 0 11-13-2024
No ratings yet
CPRT CSF 2 0 0 11-13-2024
17 pages
Cybersecurity Audit Policy Template
No ratings yet
Cybersecurity Audit Policy Template
7 pages
Critical Systems Cyber Security Controls
100% (1)
Critical Systems Cyber Security Controls
36 pages
Information Security Practices Policy
No ratings yet
Information Security Practices Policy
21 pages
Database Security Best Practices Guide
No ratings yet
Database Security Best Practices Guide
49 pages
Cis 7.1 Vs Iso27001
No ratings yet
Cis 7.1 Vs Iso27001
23 pages
CAIQv4.0.2 STAR Security Questionnaire Generated at 2021-09-23
No ratings yet
CAIQv4.0.2 STAR Security Questionnaire Generated at 2021-09-23
141 pages
IT Disaster Recovery Policy: Policy Statement Reason For Policy
No ratings yet
IT Disaster Recovery Policy: Policy Statement Reason For Policy
8 pages
ISMS Scoping Statement Examples
No ratings yet
ISMS Scoping Statement Examples
1 page
AWS Audit Checklist - Sachin Hissaria
No ratings yet
AWS Audit Checklist - Sachin Hissaria
6 pages
Incident Response. Computer Forensics Toolkit All
No ratings yet
Incident Response. Computer Forensics Toolkit All
13 pages
Security Metrics for Risk Analysis
100% (1)
Security Metrics for Risk Analysis
33 pages
ISMS - 008 Backup Policy
No ratings yet
ISMS - 008 Backup Policy
10 pages
Acceptable Use Policy For Communications
No ratings yet
Acceptable Use Policy For Communications
11 pages
COEN 252 Computer Forensics: Incident Response
No ratings yet
COEN 252 Computer Forensics: Incident Response
39 pages
Wireless Security Administration Checklist
100% (5)
Wireless Security Administration Checklist
4 pages
SOW Security
100% (2)
SOW Security
3 pages
20 CIS Controls v7.0
No ratings yet
20 CIS Controls v7.0
12 pages
Critical Security Controls Master Mappings Tool PCI DSS 3.0 ISO 27002-2013 - NIST 800-53 Rev4 - NIST Core - HIPPA
No ratings yet
Critical Security Controls Master Mappings Tool PCI DSS 3.0 ISO 27002-2013 - NIST 800-53 Rev4 - NIST Core - HIPPA
1,837 pages
FedRAMP Rev 4 Baseline Workbook FINAL062014
No ratings yet
FedRAMP Rev 4 Baseline Workbook FINAL062014
58 pages
Information Security Assessment Specialist
No ratings yet
Information Security Assessment Specialist
2 pages
Cis Ram For Ig1 v21.10
No ratings yet
Cis Ram For Ig1 v21.10
41 pages
Self-Assessment Questionnaire: ISO/IEC 27001:2013 Information Security Management System
No ratings yet
Self-Assessment Questionnaire: ISO/IEC 27001:2013 Information Security Management System
4 pages
Cloud Provider Security Checklist
No ratings yet
Cloud Provider Security Checklist
2 pages
Iso27k Iso Iec 27002 Outline
No ratings yet
Iso27k Iso Iec 27002 Outline
4 pages
Gap Analysis Tool
No ratings yet
Gap Analysis Tool
43 pages
Auditing Operations System
No ratings yet
Auditing Operations System
2 pages
Perations Ecurity Olicy: Inspiring Business Innovation
No ratings yet
Perations Ecurity Olicy: Inspiring Business Innovation
20 pages
Octa-Implant Catalog: Octa Is 8. 8 Is Infinity. Octa-Implant Is Long-Lasting
No ratings yet
Octa-Implant Catalog: Octa Is 8. 8 Is Infinity. Octa-Implant Is Long-Lasting
53 pages
Determination of Forming Limit Diagram For Aisi 1008 Steel Sheet by Theoratical, Experimental and Fea Method
No ratings yet
Determination of Forming Limit Diagram For Aisi 1008 Steel Sheet by Theoratical, Experimental and Fea Method
7 pages
Afnor Standard NF X 60 010
No ratings yet
Afnor Standard NF X 60 010
2 pages
Premium EDM Machines for Precision Machining
No ratings yet
Premium EDM Machines for Precision Machining
6 pages
Atlas Honda: Leading Motorcycle Innovator
No ratings yet
Atlas Honda: Leading Motorcycle Innovator
9 pages
Waukesha Manuale Inglese Universal 1
No ratings yet
Waukesha Manuale Inglese Universal 1
128 pages
Fabless Whitepaper
No ratings yet
Fabless Whitepaper
9 pages
Heradesign Brochure 2008
No ratings yet
Heradesign Brochure 2008
72 pages
Impact Player
No ratings yet
Impact Player
8 pages
Tesla Motors (2024)
No ratings yet
Tesla Motors (2024)
33 pages
How Banks Can Better Serve Their Customers Through Artificial Techniques
No ratings yet
How Banks Can Better Serve Their Customers Through Artificial Techniques
16 pages
SAP MM Consultant Resume for Freshers
100% (2)
SAP MM Consultant Resume for Freshers
2 pages
SCA 12 - Inventory Management
No ratings yet
SCA 12 - Inventory Management
123 pages
5 Valve Manifold IV 50 51
No ratings yet
5 Valve Manifold IV 50 51
11 pages
DKC
No ratings yet
DKC
407 pages
Hotel Management Traing
No ratings yet
Hotel Management Traing
18 pages
Complex PO
100% (1)
Complex PO
18 pages
Perancangan Lean Manufacturing Dengan Menggunakan Waste Untuk Meminimumkan Waste (Studi Kasus: PT. XYZ)
No ratings yet
Perancangan Lean Manufacturing Dengan Menggunakan Waste Untuk Meminimumkan Waste (Studi Kasus: PT. XYZ)
9 pages
Simbologia Solda BR 2025
No ratings yet
Simbologia Solda BR 2025
7 pages
23-01-2025-Interview Schedule For The PG Candidates (News Item Only For Website) - Final
No ratings yet
23-01-2025-Interview Schedule For The PG Candidates (News Item Only For Website) - Final
2 pages
Piping Plan for GOSP-4 Pipeline
No ratings yet
Piping Plan for GOSP-4 Pipeline
1 page
Brief Answer Questions: (10 X 1 10)
No ratings yet
Brief Answer Questions: (10 X 1 10)
3 pages
CF5590 Carboline - Firefilm A4
No ratings yet
CF5590 Carboline - Firefilm A4
34 pages
SAP Business Analyst CV - Syed Omer
No ratings yet
SAP Business Analyst CV - Syed Omer
5 pages
Is 3502 2009
No ratings yet
Is 3502 2009
7 pages
Cal. Cert.-Sieves, Flakiness & Elongation Gauge (Alif Engg.
No ratings yet
Cal. Cert.-Sieves, Flakiness & Elongation Gauge (Alif Engg.
4 pages
AC Clamp Meter
No ratings yet
AC Clamp Meter
3 pages
Course File of Ecommerce
100% (2)
Course File of Ecommerce
30 pages
Store Keeping
100% (3)
Store Keeping
60 pages
W01 358 7561
No ratings yet
W01 358 7561
29 pages

ISO 27001 Backup and Operational Procedures

Uploaded by

ISO 27001 Backup and Operational Procedures

Uploaded by

ISO 27001:2013

By DSRC Quality Assurance Group

 Error Handling or Issue tracking

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

 Planning and testing

 Fall back process incase of failure

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

OPERATIONAL PROCEDURES AND RESPONSIBILITIES

PROTECTION FROM MALWARE

LOGGING AND MONITORING

Meant for Legal evidence

LOGGING AND MONITORING

 Clock Synchronization – Meant for accuracy of event logging

LOGGING AND MONITORING

CONTROL OF OPERATIONAL SOFTWARE

INFORMATION SYSTEM AUDIT CONSIDERATIONS

You might also like