Manage your ISO27001-certified ISMS with Odoo

Public Channel / Odoo Experience 2015

Share on Social Networks

Share Link

Use permanent link to share in social media

Share with a friend

Please login to send this presentation by email!

Embed in your website

Select page to start with

1. Manage your ISO27001-certified ISMS with Odoo By Maxime Chambreuil

2. Speaker Odoo Practice Leader & Quality, Environment and Security Director at Savoir-faire Linux, Odoo Gold Partner in Canada Vice-President of the Odoo Community Association

3. Agenda Background EBIOS Terms and definitions Demo

7. Savoir-faire Linux | 7 Thanks to the OCA Sponsors http://www.odoo-community.org

8. Savoir-faire Linux | 8 +1 (514) 276-5468 contact@savoirfairelinux.com http://www. savoirfairelinux .com

4. Savoir-faire Linux | Maxime Chambreuil 4 Background › Context @ Savoir-faire Linux • New markets: Military, aerospace and aeronautics • New projects: new product design and development • Couple security issues › Requirement for an information security management system (ISMS) › Information security analysis performed using EBIOS methodology › Management systems supported by Odoo (v7) and certified • Quality (ISO 9001) • Environment (ISO 14001)

5. | Maxime Chambreuil › Stands for « Expression des Besoins et Identification des Objectifs de Sécurité ». Expression of Needs and Identification of Security Objectives › Method for analysis, evaluation and action on risks relating to information systems › Created in 1995 and maintained by the French Ministry of Defense › Defines 5 steps EBIOS Context Study Feared Security Events Risk Analysis Threat Scenarios Security Controls

6. | Maxime Chambreuil Terms and definitions › Primary Asset: Important and valuable information • List of credit card numbers › Supporting Asset: Resource supporting the primary assets • Server hosting the database › Threat Source: the threat agent, i.e. thing or person at the origin of the threat • A hacker › Controls: Means to manage a security risk • Maintain and update the backup server › Vector: Scenario describing operations • A hacker exploits a vulnerability to connect to the backup server and takes a copy of the database › Feared Event: i.e. potential exposure, a generic scenario representing a feared situation • The hacker gets the list of credit card numbers and publish it

Views

  • 533 Total Views
  • 329 Website Views
  • 204 Embeded Views

Actions

  • 0 Social Shares
  • 0 Likes
  • 0 Dislikes
  • 0 Comments

Share count

  • 0 Facebook
  • 0 Twitter
  • 0 LinkedIn
  • 0 Google+

Embeds 3

  • 1 www.google.com.co
  • 2 www.odoo.com
  • 4 onlinesync.odoo.com