Cyber security Planning and Compliance (pdf)
11 Pages3109 Words30 Views
Added on 2021-06-17
Cyber security Planning and Compliance (pdf)
Added on 2021-06-17
ShareRelated Documents
RUNNING HEAD: Cyber security Planning and Compliance
0
KPMG
Cyber security Planning and
Compliance
0
KPMG
Cyber security Planning and
Compliance
Cyber security Planning and Compliance
1
Executive Summary
The usage of networking technology has enhanced operational efficiency but has augmented
risk related to the information accessible within the business. To protect confidential facts of
company and customers there is need of information security management systems (ISMS).
An ISMS minimizes the risk of unauthorised access and ensures effective deployment of
protective measures. It provides a framework to improve performance in managing
information security. I have been appointed consultant for KPMG Australia. Being a
consultant advices are given to the company regarding the implementation of ISMS
(Information Security Management Systems). In this report specific guidelines are given for
the execution of ISMS. The details of ISO/IEC 27004 and ISO/IEC 27009 are provided in
order to advice for the company. In this report the background of KPMG is given. Along with
the background, ISMS requirements are discussed which keeps sensitive information of
company secure such as confidential information of customers and company’s information
and data. Further the information security controls are explained. Finally the scope of
performance evaluation and improvement is provided.
1
Executive Summary
The usage of networking technology has enhanced operational efficiency but has augmented
risk related to the information accessible within the business. To protect confidential facts of
company and customers there is need of information security management systems (ISMS).
An ISMS minimizes the risk of unauthorised access and ensures effective deployment of
protective measures. It provides a framework to improve performance in managing
information security. I have been appointed consultant for KPMG Australia. Being a
consultant advices are given to the company regarding the implementation of ISMS
(Information Security Management Systems). In this report specific guidelines are given for
the execution of ISMS. The details of ISO/IEC 27004 and ISO/IEC 27009 are provided in
order to advice for the company. In this report the background of KPMG is given. Along with
the background, ISMS requirements are discussed which keeps sensitive information of
company secure such as confidential information of customers and company’s information
and data. Further the information security controls are explained. Finally the scope of
performance evaluation and improvement is provided.
Cyber security Planning and Compliance
2
Contents
Executive Summary...................................................................................................................1
Introduction................................................................................................................................3
ISMS requirements.....................................................................................................................3
The information security controls..............................................................................................5
Performance evaluation and improvement.................................................................................6
Conclusion..................................................................................................................................8
References..................................................................................................................................9
2
Contents
Executive Summary...................................................................................................................1
Introduction................................................................................................................................3
ISMS requirements.....................................................................................................................3
The information security controls..............................................................................................5
Performance evaluation and improvement.................................................................................6
Conclusion..................................................................................................................................8
References..................................................................................................................................9
Cyber security Planning and Compliance
3
Introduction
Cyber security is such a big challenge for the companies. The cyber security standards
compliance is supported by the cyber security strategy of Australia 2009. But more
challenging thing is to understand from where to start. To win over this challenge the
companies have adopted international standards. ISO 27001 ISMS are helpful in
implementing an information security management system. It is starting point to tackle cyber
security and protection against the increasing cyber-attacks. An ISMS is a efficient approach
used to manage sensitive information of company to keep it secure. This approach
implements, monitors, reviews and improves information security of an organisation to
achieve it’s business objectives. It includes people, procedures and IT systems by applying a
risk management approach. An ISMS is helpful to all type of companies whether it’s small,
medium or large. KPMG is a professional company and provider of risk, financial, advisory,
audit, tax and regulatory services. The cyber security team at KPMG assists organisation in
transforming security, privacy and controlling business enabling platforms (Knowles, et. al.
2015). The system maintains confidentiality, reliability and availability of critical business
functions. An ISMS system manages information security in KPMG. The system integrates,
keep confidential and make available information and data all the time. The information
system is expected to change over time.
ISMS requirements
An ISMS is a systematic approach required to eliminate threats such as fraud, disruption, fire
from a wide range of sources. The ISMS framework contains policies and procedures to
tackle security risks in an organisation. It minimises security risks to information assets. An
ISMS includes three basic concepts that is confidentiality, integrity and availability
(Kolkowska, Karlsson & Hedström, 2017). The requirements/ implementation of ISMS in
KPMG can be understood from these points:
To protect assets and reputation of business:
AN ISMS covers people, process and IT systems and it is not all about antivirus software.
An ISMS helps to protect KPMG against the various types of information security threats like
cyber-attacks, data leakage or stealing (Safa, Von Solms & Furnell, 2016). It protects assets
and reputation of business. The effective security measure adopted by company minimises
the financial and reputation damage. The weak security measures are responsible for the
financial and reputational damage.
3
Introduction
Cyber security is such a big challenge for the companies. The cyber security standards
compliance is supported by the cyber security strategy of Australia 2009. But more
challenging thing is to understand from where to start. To win over this challenge the
companies have adopted international standards. ISO 27001 ISMS are helpful in
implementing an information security management system. It is starting point to tackle cyber
security and protection against the increasing cyber-attacks. An ISMS is a efficient approach
used to manage sensitive information of company to keep it secure. This approach
implements, monitors, reviews and improves information security of an organisation to
achieve it’s business objectives. It includes people, procedures and IT systems by applying a
risk management approach. An ISMS is helpful to all type of companies whether it’s small,
medium or large. KPMG is a professional company and provider of risk, financial, advisory,
audit, tax and regulatory services. The cyber security team at KPMG assists organisation in
transforming security, privacy and controlling business enabling platforms (Knowles, et. al.
2015). The system maintains confidentiality, reliability and availability of critical business
functions. An ISMS system manages information security in KPMG. The system integrates,
keep confidential and make available information and data all the time. The information
system is expected to change over time.
ISMS requirements
An ISMS is a systematic approach required to eliminate threats such as fraud, disruption, fire
from a wide range of sources. The ISMS framework contains policies and procedures to
tackle security risks in an organisation. It minimises security risks to information assets. An
ISMS includes three basic concepts that is confidentiality, integrity and availability
(Kolkowska, Karlsson & Hedström, 2017). The requirements/ implementation of ISMS in
KPMG can be understood from these points:
To protect assets and reputation of business:
AN ISMS covers people, process and IT systems and it is not all about antivirus software.
An ISMS helps to protect KPMG against the various types of information security threats like
cyber-attacks, data leakage or stealing (Safa, Von Solms & Furnell, 2016). It protects assets
and reputation of business. The effective security measure adopted by company minimises
the financial and reputation damage. The weak security measures are responsible for the
financial and reputational damage.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Importance of Cyber Security Risk Management in E-commerce Companieslg...
|4
|729
|432
Information Security Management: Guidelines for Risk Management and Certificationlg...
|14
|3312
|209
ISO/IEC 27001 Cybersecurity Framework for Riot Games, Inc. 1.lg...
|2
|406
|70
Information Systems Risk Management - PDFlg...
|8
|2075
|102
INFORMATION SECURITY MANAGEMENT INFORMATION SECURITY MANAGEMENTlg...
|4
|390
|1
Assignment on Legal and Standardisation Aspects of Cybersecuritylg...
|21
|5706
|16