Contact Us |
Info for students | Our Courses | About Us  
 

 

Information Security Management System
 

 

  1. DOCUMENT OBJECTIVE

    The adoption of a process approach for establishing, implementing, operating, monitoring, maintaining and improving the effectiveness of the organization Information Security Management System. This model is aimed at managing all the ISMS operations of Asian School of Cyber Laws to meet its own requirements as well as any customer and regulatory demands.

  2. COMPATIBILITY WITH SECURITY MANAGEMENT SYSTEMS

    This ISMS has been originally developed and audited as per the British Standard in the BS 7799-2:2002 standard. The same standard has been adopted by the International Standards Organization in the ISO / IEC - 17799: 2000. It is aligned with the BS EN ISO 9001:2000 and the BS EN ISO 14001:1996 in order to support consistent and integrated implementation and operation with related management standards.

    1. Normative References:

      • BS EN ISO 9001:2000, Quality Management Systems – Requirements
      • BS ISO / IEC 17799:2000, Information Technology – Code of Practices for Information Security Management

  3. DEFINITIONS OF TERMS USED

    The following terms that have been used in the document have been explained below for clarity and un-ambiguity. For all other interpretations, literal meanings of terms as per Oxford English Dictionary and general usage shall apply.

    1. Availability – Ensuring that authorized users have access to information and associated assets when required. [BS ISO/IEC 17799:2000]

    2. Confidentiality – Ensuring that information is accessible only to those personnel authorized to have access. [BS ISO/IEC 17799:2000]

    3. Computer System - Means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions. [Information Technology Act, 2000]

    4. Data - A representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. [Information Technology Act, 2000]

    5. Information - includes data, text, images, sound, voice, codes, computer programmes, software and databases or microfilm or computer generated micro fiche.

    6. Information Security – Security preservation of confidentiality, integrity, availability and non-repudiation of information.

    7. Integrity – Safeguarding the accuracy and completeness of information and processing methods.

    8. Risks – Exposure to various threats and vulnerabilities faced by the ISMS.

    9. Risk Management – Coordinated activities to direct and control an organization with regard to risk. [ISO Guide 73]

    10. Statement of Applicability (SoA) – Document describing the control objectives and controls that are relevant and applicable to the organization’s ISMS, based on the results and conclusions of the risk assessment and risk treatment processes.

  4. INTRODUCTION TO ASCL

    Asian School of Cyber Laws is the pioneering institute in the field of education, training and consultancy in cyber law and cyber crime investigation. In these fields, ASCL works with several Universities and Colleges, Government departments, law enforcement agencies, defence organizations and corporates.

    Asian School of Cyber Laws has developed this document for protecting and managing its information assets. We propose to publish this document and provide it as a free tool for other organisations having cyber infrastructure to acquire a degree of resistance and management of electronic risks.

  5. SCOPE OF THE ISMS

    1. Characteristics of the Organization:

      ASCL provides educational programs, training program / seminars and consultancy in Cyber Law & Cyber Crime Investigation:

      • Educational Programs

        For detailed information on Cyber Law related educational programs please visit
        http://www.asianlaws.org/cyberlaw/courses/index.htm

        For detailed information on Cyber Crime Investigation related educational programs, please visit
        http://www.asianlaws.org/cyber_crime_investigation/courses/index.htm

      • Consultancy

        Most modern day criminals are realizing the effectiveness of computers and the Internet to successfully perpetrate crime. So called conventional criminals such as drug cartels, organised crime syndicates and terrorist outfits are known to use high technology to assist them in their operations.

        At the other end of the spectrum, cyber criminals are unleashing one sophisticated cyber attack after another. The number of data-hacks, financial frauds, cyber-murders, viruses etc are growing at an alarming rate.

        Governments around the world are feeling the urgent need to streamline their efforts to investigate and prosecute the emerging brands of techno savvy criminals.

        Asian School of Cyber Laws (ASCL) has pioneered a three-pronged approach to assist Governments in these efforts.

        1. Awareness Building

        2. Formulation of Cyber Laws

        3. Setting up of Investigation Infratructure

        To find out more about ASCL's consultancy services, please visit http://www.asianlaws.org/consultancy/index.htm

    2. Location of the Organization

      Asian School of Cyber Laws is head-quartered in the city of Pune in Maharashtra, India. It is physically located at:

      6, Rajas,
      Above IDBI Bank,
      Opp. Abhimanshri,
      Pashan Road,
      Pune – 411008
      INDIA

      Its virtual location is at http://www.asianlaws.org

    3. Assets & Technology of Organization

      ASCL has a large number of proprietary information assets developed in-house and through consultant experts. It has developed course material for courses on cyber law and cyber crime investigation.

      These course materials have been copyrighted by ASCL and all rights for publishing and distribution are retained by ASCL. Other Intellectual Property Rights like Trademarks for the same are registered in India.

      In addition to these ASCL publishes online newsletters on cyber laws.

      Some relevant policies
 

 

 


Press Room | Information Security | Info for students | Our Courses | About Us | Contact Us
© 2007 Asian School of Cyber Laws. All rights reserved.
  Reprint Permission | Privacy Policy | Disclaimer