2015年4月24日星期五

PMI Seminar on QMS based Information Security Management

I was honor to be invited as speaker for the PMI seminar entitled "Case Study on the Project Implementation of Quality based Information Security Management" was organized by Project Management Institute (PMI) Hong Kong Chapter on 24th Apr 2015. The aim of this seminar to share the system approach through integrated implementation of an Information Security Management System (ISMS – ISO 27001) and Quality Management System (QMS – ISO 9001), as well as, case study in Technology Support Centre (TSC) of Hong Kong Science and Technology Parks Corporation (HKSTP).

In the beginning, I (Former Chairman, HKSQ; Manager, Quality System, TSC-HKSTP) introduced some background of ISO 27001 and ISO 9001. Our ISO 27001 has certified since 2008. So I briefed many security incidents which had happened in 2008 initially.


Then I classified different Control Objectives and Controls into five groups and they were “Policy”, “Process & Procedure”, “Organization Structure”, “Hardware” and “Software”.


The comparison of company registration on ISO 9001 and ISO 27001, it was found that number of ISO 9001 certified companies were much higher than number of ISO 27001 certified companies. It should be a barrier for company to achieve ISO 27001. Therefore, my study was to develop a model so as to fill the gap.


ISO 9001 and ISO 27001 principles and standard comparison was discussed. In next stage, I explained how to extract the core elements of both standards and developed “QMS based Information Security Management (QISM) Model”. However, the core element of this model was Risk Assessment. “Information Security FMEA Cycle” was introduced and 24-steps QISM Implementation Roadmap was mentioned.


At the end, I used the term “SECURE” to be my concluded. Its meaning showed below:
S – Standardization
E – Effectiveness
C – Clearance
U – Unique Identification
R – Recovery
E – Efficiency


Q&A Session


Mr. Anthony Tsui (VP-Programs, PMI-HK) presented a certificate to me.


Reference:
HKSQ - www.hksq.org
HKSTP - http://www.hkstp.org/
PMI-HK - http://www.pmi.org.hk/

Other Related Seminars & Conferences:
20141229 - My ISO Journey of 10 years in Science Park
http://qualityalchemist.blogspot.hk/2014/12/my-iso-journey-of-10-years-in-science.html
20121129 - Hong Kong IT Security Summit 2012
http://qualityalchemist.blogspot.hk/2012/11/hong-kong-it-security-summit-2012.html
20120620 - Meeting with Prof. Edward Humphreys (Father of ISMS Standard)
http://qualityalchemist.blogspot.hk/2012/06/meeting-with-prof-edward-humphreys.html
20110121 - Seminar on Data Privacy
http://qualityalchemist.blogspot.hk/2011/01/seminar-on-data-privacy.html
20100902 - The 8th Asia Network for Quality (ANQ) Congress
http://qualityalchemist.blogspot.hk/2010/09/8th-asia-network-for-quality-anq.html
20090916 - ANQ 2009 Opening & Technical Seminar I
http://qualityalchemist.blogspot.hk/2009/09/anq-2009-opening-technical-seminar-i.html
20090827 - Challenges on Information Security
http://qualityalchemist.blogspot.hk/2009/08/challenges-of-information-security.html
20080802 - Seminar on ISO 9001:2000 UPGRADE to 2008 Version & Secure your information with ISO 27001
http://qualityalchemist.blogspot.hk/2008/08/seminar-on-iso-90012000-upgrade-to-2008.html


沒有留言:

LinkWithin

Related Posts with Thumbnails