HSC - Presentations - ISO27001 / ISO27002 Norms - Principles and technical aspects

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet

Hervé Schauer Consultants

You are here: Home > Resources > Lectures > ISO27001 / ISO27002 Norms - Principles and technical aspects

Go to: HSC Trainings

			Skills & Expertise
			Consulting
			ISO 27001 services
			Vulnerabilities monitoring
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Forensics
			ARJEL
			Training courses
			E-learning

			Agenda
			Past events
			Tutorials

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

			Hervé Schauer
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		ISO27001 / ISO27002 Norms - Principles and technical aspects

Access to the content

Beginning of the presentation

PDF version [320 KB]

Adobe Flash version

Description

Technical and organizational security are often considered as separate domains. However, the success of ISO 27001 and ISO 27002 can be explained by their ability to create a link between both domains. This session will describe the main aspects of ISO 27001 and ISO 27002 norms. Technical aspects of their application will be discussed using real life case studies.

Context & Dates

Talk presented during Microsoft Techdays 2009, on 11 February 2009.

Author

Benjamin Arnault (Benjamin.Arnault@hsc.fr)

Type

[

-

]

Abstract &
Table of content

Flyleaf
Plan
ISO 27001
Système de management
Sécurité de l'information
Les normes de la famille ISO27
ISO 27002
Structure générale
Usages de la norme
Parallèles avec la norme ISO 27001
Le lien entre ISO27001 et ISO27002
Apports des normes à la technique
Exemple 1 - Serveur Web
Exemple 1 - Analyse de la situation
Exemple 1 - Le problème !
Exemple 1 - PDCA et risques
Exemple 2 - Les journaux
Exemple 2 - Analyse de la situation
Exemple 2 - La mesure est appliquée ?
Exemple 2 - Le bon choix
Exemple 3 - Le pare-feu
Exemple 3 - Analyse de la situation
Exemple 3 - Le modèle PDCA
Exemple 3 - Conclusion
Synthèse
Pour aller plus loin ...

Related documents

Standard ISO27001 / ISO17799

Mutualisation ISO 27001 avec les autres référentiels

Juridique de la SSI

ISO27001 Lead Auditor (ISMS Lead Auditor)

ISO 27005 Risk Manager (Information Security Risk Manager)

Indicateurs et tableaux de bord SSI

Implementation of ISO17799 and ISO27001 (BS7799-2) standards

Gestion des risques SSI

Gestion des mesures de sécurité et norme ISO 27002

Identity and Access Management

Sécurité du Cloud Computing

Formation RSSI

Essential of ISO27001 series

Présentation de la certification ISO 27001

How to respond to new security challenges [24 September 2010 -

]

ISO 27005 risk management methodology [15 April 2010 -

]

ISO 27005 risk management methodology [12 June 2009 -

]

RGS Presentation [11 June 2009 -

]

Five questions about the real utility of ISO 27001 [3 June 2009 -

]

L'abécédaire de la norme ISO 27005 [1 December 2008 -

]

Information Security Management System [26 November 2008 -

]

La norme ISO 27005 [30 September 2008 -

]

Le management de la sécurité des systèmes d'information enfin normalisé par l'Afnor [15 May 2008 -

]

ISO 27001 and risk management [10 April 2008 -

]

Return on Investment with ISO 27001 [3 April 2008 -

]

use of ISO 27001 within companies [15 February 2008 -

]

ISO 27001 standard : A global and consistent approach ? [7 February 2008 -

]

Mutualization oportunities between ITIL and ISO 27001 [30 January 2008 -

]

ISMS and ISO 27001 standard, introduction and perpectives [21 November 2007 -

]

Information Security Management System - ISO 27001 [8 November 2007 -

]

La norme ISO 27001 [8 October 2007 -

]

La gestion de risque pour la série de normes ISO 2700x [3 September 2007 -

]

Security strategies : ISO 27001 [13 June 2007 -

]

ISO 27001 Certification [24 May 2007 -

]

ISO 27005 : Risk management [15 May 2007 -

]

ISO 27001 : interest of ISMS implementation [11 May 2007 -

]

ISO 27001, the standard of the future ? Wich role in our information systems security strategy ? [26 April 2007 -

]

Oportunities for the simultaneous implementation of ITIL and ISO 27001 [19 April 2007 -

]

ISO 27001 standards [28 March 2007 -

]

Performance des services informatiques et sécurité de l'information [28 February 2007 -

]

Introduction to ISMS [15 December 2006 -

]

Information Security Certifications [28 November 2006 -

]

ISO 27001 Certification [26 October 2006 -

]

ISO 27001 principles and certification [12 October 2006 -

]

ISO 27004 : ISMS measurement and measures [21 April 2006 -

]

How to choose indicators for ISO 27001? [5 April 2006 -

]

ISO27001 Lead Auditor course [7 March 2006 -

]

Why and how undertake a 7799 project ? [16 June 2005 -

]

Technicals Security Audits for BS7799 [24 May 2005 -

]

BS7799 Standard Interest and usage [13 February 2005 -

]

Security Certifications for individuals [28 April 2004 -

]

Usage of BS-7799 in technical security audits. [23 March 2004 -

]

use of ISO17799 & BS7799-2 standards [18 January 2004 -

]

Useful standards for network security [20 October 2003 -

]

Copyright

© 2009, Hervé Schauer Consultants, all rights reserved.

Last modified on 2 Mars 2009 at 09:17:51 CET - webmaster@hsc.fr
- © 1989-2010 Hervé Schauer Consultants