artificial intelligence bsc - iso 27001 information security
TRANSCRIPT
![Page 1: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/1.jpg)
HOW TO BUILD EFFECTIVE FORMS
• IF A FIELD REPEATS THEN DESIGN IT AS COLUMNS OTHERWISE ROWS• FORM NO AND FORM NAME MUST BE UNIQUE. • FORM NAME SHOULD DESCRIBE ITSELF• IF POSSIBLE, DATA ENTRY SCREEN AND FORM DESIGN SHOULD BE SIMILAR.• IF THE FORM IS USED IN COMPUTER, USE COMBO BOX STRUCTURE IF
POSSIBLE.• IF POSSIBLE, FORM NAME AND FORM NAME IN COMPUTER MUST BE THE
SAME.
HOW TO BUILD EFFECTIVE REPORTS:• TIME OF REPORT & DATE on every Page• TOTAL-AVERAGE-COUNT ETC.• DISC-MONITOR-PRINT
![Page 2: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/2.jpg)
What is BALANCED SCORECARD?
![Page 3: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/3.jpg)
![Page 4: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/4.jpg)
Don’t forget to read the following paper !
• Cebeci, U. (2009). Fuzzy AHP-based decision support system for selecting ERP systems in textile industry by using balanced scorecard. Expert Systems with Applications, 36(5), 8900-8909.
![Page 5: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/5.jpg)
ARTIFICIAL INTELLIGENCE
• EXPERT SYSTEMS-(Chess Game, DIAGNOSIS• FUZZY LOGIC• PATTERN RECOGNITION• ROBOTICS• MACHINE LEARNING• NATURAL LANGUAGE PROCESSING• SEARCH ENGINES• NEURAL NETWORKS• GENETIC ALGORITHMS
![Page 6: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/6.jpg)
TG4.1 Introduction to Intelligent Systems
Intelligent systems Artificial intelligence (AI)
© Luis Alonso Ocana/Age Fotostock America, Inc.
![Page 7: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/7.jpg)
TG 4.2 Expert Systems
Expertise Expert systems (ESs)
![Page 8: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/8.jpg)
Expertise Transfer from Human to Computer
Knowledge acquisitionKnowledge representationKnowledge inferencingKnowledge transfer
![Page 9: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/9.jpg)
The Components of Expert Systems
Knowledge base Inference engine User interface Blackboard Explanation subsystem
![Page 10: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/10.jpg)
TG4.3 Neural Network
![Page 11: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/11.jpg)
TG 4.5 Genetic Algorithms
Genetic algorithms have three functional characteristics:
• Selection
• Crossover:
• Mutation:
![Page 12: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/12.jpg)
TG 4.6 Intelligent Agents
Information AgentsMonitoring-and-Surveillance AgentsUser Agents
![Page 13: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/13.jpg)
Fuzzy Logic
• By using fuzzy logic, we can convert some linguistic variables to numbers so that we can process the values in computers.
• Define membership function : to be tall for turkish boys
• (Example: To be old)
![Page 14: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/14.jpg)
![Page 15: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/15.jpg)
Information Security Management System (ISMS)
ISO 27001 Standard
![Page 16: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/16.jpg)
What is ISMS?
• That part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.
(ISO/IEC 27001:2005 Clause 3.7)
![Page 17: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/17.jpg)
INFORMATION SECURITY MANAGEMENT
Factors affecting ISMS
Escalating RiskGlobalization
Legislation
Government
NGOs
Competition - cost
Corporate culture
Employee
Union Corporate vision & policy
Shareholder
Customer requirements
Consumer
Competition-business
Neighbor
Societal values
Risk toleranceInsurance
![Page 18: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/18.jpg)
Compatibility with other standards• ISO 9001
Quality Management Systems – requirements
• ISO 14001Environmental Management Systems – specification
with guidance for use
![Page 19: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/19.jpg)
PURPOSE OF ISO 27001
![Page 20: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/20.jpg)
Benefits of ISMS• To protect an organization’s information assets in
order to: ensure business continuity, minimize business damage, and maximize return on investments
• Internationally recognized, structured methodology• Defined process to evaluate, implement, maintain,
and manage information security,• Tailored policies, standards, procedures, and
guidelines
![Page 21: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/21.jpg)
Benefits of ISMS• Efficient and effective security planning and
management• Increased credibility, trust and confidence of partners
and customers• Compliance to all relevant commitment• Compatibility with other standards
![Page 22: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/22.jpg)
Information security concepts
Non-Repudiation
Availability
AccountabilityIntegrity
Reliability
Confidentiality
Accountability
![Page 23: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/23.jpg)
Plan-Do-Check-Act cycle & Continual Improvement
Take actions to continually improve process performance – effectiveness and efficiency
Establish objectives necessary to deliver results in accordance with customer requirements and the organization’s policies
Implement the processesMonitor and measure processes and product against policies, objectives and requirements
![Page 24: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/24.jpg)
PDCA Model applied to ISMS processes
![Page 25: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/25.jpg)
ISO 27001 REQUIREMENTS
![Page 26: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/26.jpg)
ISO 27001 REQUIREMENTS
![Page 27: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/27.jpg)
ISO 27001 Requirements
• 1 Scope– 1.1 General– 1.2 Application
• 2 Normative References• 3 Term and definitions• 4 Information security management system
– 4.1 General requirements– 4.2 Establishing and managing the ISMS– 4.3 Documentation requirements
![Page 28: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/28.jpg)
ISO 27001 Requirements
• 5 Management Responsibility– 5.1 Management commitment– 5.2 Resource management
• 6 Internal ISMS audits• 7 Management review of the ISMS
– 7.1 General – 7.2 Review input– 7.3 Review output
![Page 29: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/29.jpg)
ISO 27001 Requirements
• 8 ISMS Improvement– 8.1 Continual improvement– 8.2 Corrective action– 8.3 Preventive action
![Page 30: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/30.jpg)
Audit / Certification Process
Pre-assessment (Optional)
Stage 1: Desk Study
Stage 2: Certification Audit
Surveillance 1
Surveillance 2
Surveillance 3 Surveillance 3
Surveillance 5
Stage 1: Desk Study•Evaluate the location and site-specific conditions•Collection of information regarding the scope of supply chain SMS, information about risk assessment performed and processes•Relevant ISMS documentation and records•Previous audit reports
Stage 2: Certification Audit•Obtain information and evidence about conformity to all requirements of the applicable normative document•Operational control•Internal auditing and Management review
Surveillance Audits•Maintenance visits•Verify continuous implementation of the system in accordance with the requirements of the standard•Evaluation of the effectiveness of corrective action implementation to previously raised NCs
![Page 31: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/31.jpg)
Failure Mode and Effects Analysis Technique for Information Security
![Page 32: Artificial intelligence bsc - iso 27001 information security](https://reader035.vdocuments.mx/reader035/viewer/2022062822/587d0fcd1a28abae148b57f5/html5/thumbnails/32.jpg)
• Fill the second line above (fire risk) for the company