This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Los Angeles/2009 Meetings/October 21

Revision as of 02:22, 2 June 2011 by Sarah Baso (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Topic: Enabling Compliance Requirements using Information Security Management System (ISMS) Framework

Speaker: Shankar Subramaniyan

Shankar Subramaniyan has over 11 years of experience as a technology consulting and project management executive in the areas of IT Governance, Risk and Compliance (GRC), Business Continuity Planning and Network Design & Architecture. He has thorough expertise on setting up Information Security Framework and Policies on the basis of industry standards such as ISO 27001. He has worked extensively on industry standards and best practices like BS7799 and ITIL. He also has good understanding and knowledge of various compliance requirements like PCI, Sox etc. Shankar' s experience includes IT audit, SOX remediation, ISMS (ISO27001) implementation, PCI compliance assessment, disaster recovery solution, enterprise risk management, designing IT security architecture and implementing ITIL processes. Shankar has rich experience in handling large projects and managing client relationships across corporate and educational sectors.

Abstract: Enabling Compliance Requirements using Information Security Management System (ISMS) Framework

Growing threats and complex regulatory requirements emphasize the need for an effective Information Security Management System (ISMS) framework for an organization. Comprehensive and globally accepted standards like ISO27001 can help in protecting information assets and in enabling compliance requirements. ISO27001 provides an Information Security framework based on best practices and controls to ensure the confidentiality, integrity and availability of information assets. This presentation analyzes the possible synergies between the goals of Information Security Management System (ISMS) and the various compliance requirements, thus making the compliance efforts less complex.
Following are the key objectives of this presentation :

  • Provide an introduction to ISO27001 and its controls
  • Discuss the implementation approach for an Information Security Management System (ISMS) framework
  • Familiarize the audience with some common challenges in implementation
  • Outline synergy between ISO27001 controls and some compliance requirements( PCI , etc)

Attendees will learn about ISO27001 Information Security Standard, ISMS implementation approach and how ISO27001 can be used in meeting various regulatory/compliance requirements like Sox, PCI etc. It will also help the attendees to improve the information security posture of the organization and provide an effective and efficient approach for handling various information security/compliance audits with less effort.