Online Mind Mapping and Brainstorming

Create your own awesome maps

Online Mind Mapping and Brainstorming

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account? Log In

ISO 27001:2013 by Mind Map: ISO 27001:2013
5.0 stars - 25 reviews range from 0 to 5

ISO 27001:2013

Gap Analysis

Gap analysis of current management system compliance and effectiveness against the requirement of the standard and document the gap

The Gap Analysis is a technique to determine the steps to move from current state to a desired future state. This is a response to three questions:

Inventory List

Department Process and Procedures

Internal

External

History

1992

1995

1998

1999

2000

2002

2005

2007

2008

2009

2010

2011

2013

ISO 27001:2013 Sections

0 Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Context of the Organization

5 Leadership (top management)

6 Planning

7 Support

8 Operation

9 Performance Evaluation

10 Improvement

Annex A

General information

ISO 27001 is a set of guidelines / best practices for Information Security Management System (NOT Information Technology Security Management System)

Requirements

Controls

Is based on PDCA Cycle

Implementation Process

1. Management Support

2. Scoping

3. Create Inventory Lists

4. Perform Gap Analysis

5. Perform Risk Assessment

6. Create SOA

7. Create RTP

8. Create ISMS (Policies, Procedures, Training and Reports)

9. Management Review / Internal Audit

10. Pre-Certification Audit

Identify and contact a certification body for the audit

References / Publications

Guide to Implementing and Auditing of ISMS Controls

How to Achieve 27001 Certification: An Example of Applied Compliance Management

3rd party software / toolkits

IS027k Forum

SANS

SerNet

PTA

Related ISO Standards

ISO 27002

ISO 27003

ISO 27004

ISO 27005

ISO 27006

ISO 27007

ISO 27008

ISO 27010

ISO 27013

ISO 27014

ISO 27031

ISO 27032

ISO 27033

ISO 27034

ISO 27035

ISO 22301

ISO 31000

Pre-certification audit

Simulation of an actual audit

Identify any NCs

Take necessary actions to close any identified NCs

Certification

Phase 1

Phase 2

Risk Management

Risk Management Policy

Risk Assessment Procedure

Risk Assessment Document

RTP

Polices and Procedures

Security Policy

Referenced Policies

Procedures

Scope

Organization Scope

Physical Scope

Information Systems Scope

Any change in scope must be evaluated, approved and documented!

Mandatory Documents

Leadership

ISMS Related

Policies

Risk Management

Security Awareness Training

Other Documents

Statement of Applicability (SOA)

Statement of Applicability

Defines which controls from ISO 27001 you select to implement

ISO 27001 does not specify the form of the statement of applicability.

It is good practice to include in the statement of applicability, the title or function of the responsible person per control and the list of documents or records relating to it.

This freeware, non-commercial mind map was carefully hand crafted with passion and love for learning and constant improvement... (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Please don't hesitate to contact me for :-) Mirosław Dąbrowski, Poland/Warsaw.

White Papers

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013