flow of isms endeavors based on the pdca cycle raise staff awareness ① confirmation of work flow...

1
Flow of ISMS endeavors based on the PDCA cycle Raise staff awareness Confirmation of work flow in relation to the transfer of media Create a work flow for each activity based on media transfer surveys and ensure wide knowledge of actions in accordance with that flow. Continued implementation of patrols of actual office buildings Implemented year-round (spot checks) Confirmation of standard of information security measures implemented by outside organizations Comprehensive explanation to organization in question, individual confirmation and instruction for rectification Ensuring knowledge of precautions for removing USB memory sticks and other external media from the premises Ensure wide knowledge that external use is, in principle, prohibited, and of precautions when external use is unavoidable Confirmation of implementation of information security measures by sub-contractors in consignment contracts Confirmation by check list for sub-contractors with large contract values Improvement of security incident responses In the unlikely event of an incident, formulation of improvement measures following investigation of the cause and readjustment of work flow. Enhancement of Individual Responses to Security Creation and Emplacement of Security System Aims for FY2008 Obtaining of certification by all 56 elementary, junior high and special needs schools Maintenance of certification by all internal departments Internal auditor training For: Internal auditors (section managers) Regarding internal auditing procedures Information Security Measures Information Security Measures Ensuring examples of information security incidents and prevention measures are widely known (distribution by e-mail) Year-round as required For: all staff Training of new staff (by HR Development Group) For: newly employed staff Importance of security, Ichikawa City’s ISMS initiatives, etc. Practical administrative work training (by HR Development Section) For: staff who applied for training Training by external instructors For: Information security managers (section managers) Risk assessment training For: Information security managers and information security promoters Regarding assessment procedures for level of risk of information assets outflow Maintenance by all departments of ISMS certificatio n and obtaining of ISMS certificatio n by all schools Implement truly effective security measures Secure management of information held by the City Gain the trust of residents Breakdown of schools: elementary – 39; junior high 16; special needs 1 In order to build a solid information security system, all departments within the organization have received information security management system (ISMS) certification under international standard ISO27001, and we are currently preparing for certification of all municipal elementary, junior high and schools for special needs children. ISMS raises information security through continuous improvement based on the PDCA cycle. In 2008, in addition to enhancing training to encourage even greater awareness among staff, a variety of security measures will be implemented to actually promote effectiveness in the work of each department for more effective information security measures. 3 2 Secure and assured continuation of business by the City Objective s Prevention of information leakage from internal sources due to staff actions, or due to unauthorized access from the outside. Consistent secure operation of the information system with no effect on residents’ lives 1 Plan Do Check Act formulation of basic policy formulation of training plan • implement policy prescribed in the plan implement security measures prescribed in the ISMS standard internal audit deliberation by security committee actual examination by certifying body FY2006: Obtained by all internal departments implement improvement measures based on inspection results 2008 Projects Since FY2007: Maintenance of certification by all departments • First regional public body to obtain ISMS certification • Although there are currently 13 regional public bodies across Japan that are certified, Ichikawa City is the only one in which all departments have gained certification. Materials – 3 FY2007: Obtained by 20 schools FY2008: Obtaining of certification by remaining 36 schools

Upload: amos-morton

Post on 18-Jan-2016

215 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: Flow of ISMS endeavors based on the PDCA cycle Raise staff awareness ① Confirmation of work flow in relation to the transfer of media Create a work flow

Flow of ISMS endeavors

based on the PDCA cycle

Raise staff awareness  

① Confirmation of work flow in relation to the transfer of mediaCreate a work flow for each activity based on media transfer surveys and ensure wide knowledge of actions in accordance with that flow.

⑥ Continued implementation of patrols of actual office buildingsImplemented year-round (spot checks)

③ Confirmation of standard of information security measures implemented by outside organizationsComprehensive explanation to organization in question, individual confirmation and instruction for rectification

② Ensuring knowledge of precautions for removing USB memory sticks and other external media from the premisesEnsure wide knowledge that external use is, in principle, prohibited, and of precautions when external use is unavoidable

④ Confirmation of implementation of information security measures by sub-contractors in consignment contractsConfirmation by check list for sub-contractors with large contract values

⑤ Improvement of security incident responsesIn the unlikely event of an incident, formulation of improvement measures following investigation of the cause and readjustment of work flow.

      

En

ha

nce

me

nt

of

Ind

ivid

ua

l R

es

po

ns

es

to S

ec

uri

ty

En

ha

nce

me

nt

of

Ind

ivid

ua

l R

es

po

ns

es

to S

ec

uri

tyC

rea

tio

n a

nd

E

mp

lac

eme

nt

of

Sec

uri

ty S

yst

em

Cre

ati

on

an

d

Em

pla

cem

en

t o

f S

ecu

rity

Sy

ste

m

《 Aims for FY2008 》

② Obtaining of certification by all 56 elementary, junior high and special needs schools

① Maintenance of certification by all internal departments

⑤ Internal auditor trainingFor: Internal auditors (section managers)Regarding internal auditing procedures

Information Security MeasuresInformation Security Measures

⑥ Ensuring examples of information security incidents and prevention measures are widely known (distribution by e-mail)Year-round as required For: all staff

① Training of new staff(by HR Development Group)For: newly employed staffImportance of security, Ichikawa City’s ISMS initiatives, etc.

② Practical administrative work training(by HR Development Section)For: staff who applied for training

③ Training by external instructorsFor: Information security managers (section managers)

④ Risk assessment trainingFor: Information security managers and information security promotersRegarding assessment procedures for level of risk of information assets outflow

Maintenance by all departments of ISMS certification and obtaining of ISMS certification by all schools

Implement truly effective security measures

Secure management of information held by the CityGain the trust

of residents

Breakdown of schools: elementary – 39; junior high – 16; special needs – 1

In order to build a solid information security system, all departments within the organization have received information security management system (ISMS) certification under international standard ISO27001, and we are currently preparing for certification of all municipal elementary, junior high and schools for special needs children. ISMS raises information security through continuous improvement based on the PDCA cycle. In 2008, in addition to enhancing training to encourage even greater awareness among staff, a variety of security measures will be implemented to actually promote effectiveness in the work of each department for more effective information security measures.

3

2

Secure and assured continuation of business by the City

ObjectivesPrevention of information leakage from internal sources due to staff actions, or due to unauthorized access from the outside.

Consistent secure operation of the information system with no effect on residents’ lives

1

Plan Do Check Act• formulation of

basic policy• formulation of

training plan

• implement policy prescribed in the plan

• implement security measures prescribed in the ISMS standard

• internal audit• deliberation by

security committee• actual examination

by certifying body

FY2006: Obtained by all internal departments

• implement improvement measures based on inspection results《 2008

Projects 》

Since FY2007: Maintenance of certification by all departments

• First regional public body to obtain ISMS certification

• Although there are currently 13 regional public bodies across Japan that are certified, Ichikawa City is the only one in which all departments have gained certification.

Materials – 3

FY2007: Obtained by 20 schools

FY2008: Obtaining of certification by remaining 36 schools