ISO 27001 and ISO17799 / BS7799 Consulting
STEALTH – ISS Group® Inc. assists companies and organization in their efforts to maintain adherence to ISO 17799 or get BS 7799 / ISO 27001 certifications by providing professional consulting and implementing various and non-vendor-specific solutions in the areas of performance & availability management, security management, configuration & vulnerability management and operational control.
ISO27001 replaced the original standard, BS7799-2. The latter was a long established information security standard. Strictly speaking, this is a specification for an ISMS (IS Management System). It contains the following chapters:
2) Normative References
3) Terms and Definitions
4) Information Security Management System
5) Management Responsibility
6) Management review of the ISMS
7) ISMS improvement
ISO 17799 was created as an international standard for information security and is widely regarded as the most complete security guideline in existence. Companies that adhere to this standard can apply for a BS 7799 certification.
ISO 17799 and BS7799 are organized into 10 sections:
- Security policy – This provides management direction and support for information security
- Organization of assets and resources – To help you manage information security within the organization
- Asset classification and control – To help you identify your assets and appropriately protect them
- Personnel security – To reduce the risks of human error, theft, fraud or misuse of facilities
- Physical and environmental security – To prevent unauthorized access, damage and interference to business premises and information
- Communications and operations management – To ensure the correct and secure operation of information processing facilities
- Access control – To control access to information
- Systems development and maintenance – To ensure that security is built into information systems
- Business continuity management – To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
- Compliance – To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement
However, ISO 17799 does not mandate specific procedures nor define how to implement the necessary controls. As such, companies who wish to adopt ISO 17799 standard or obtain BS 7799 certifications are faced with these challenges:
Assessing, planning and designing programs for ISO 17799 / BS7799 compliance
Implementing and coordinating the people, processes and technology required to meet the standards
Continually managing and maintaining the security controls and procedures put into place, along with the necessary oversight, correction and adjustments when standards are not met
Key Features & Benefits:
In addressing the requirements to meet ISO 17799 standards across the working sections, our solutions can help in a number of areas, including:
Security Policy. The first step in achieving ISO 17799 standards acceptance is the creation of a formal, written set of Information Security policies. We assist or develop for companies of all sizes and industries a set of policies, standards and other internal security guidelines.
Access Control. Ou solutions allow you to control access by internal and third party (partners, suppliers, contractors) individuals via roles-based access control for managing user accounts, computers, groups and local resources. This ensures consistency between the access controls of multiple systems and provides separation of duty enforcement between development and operation teams.
Business Continuity Management. ISO 17799 standards require you to establish plans to reduce the risk of business interruption, limit the consequences of damaging incidents and ensure the timely resumption of operations. We assist you to comply with the capability to manage service levels, ensure compliance with SLAs, decrease recovery time and more effectively resolve root causes of system and application problems that can result in outages. Our solutions protect you against intrusions, manages and correlates security events and sends notifications to appropriate personnel.
Communications and Operations. Our solutions and products assist you in the establishment and enforcement of policies and standards regarding email usage and the protection of content and attachments: you can monitor email content, quarantine suspicious emails and provide meaningful compliance reports, while also detecting and blocking the entry of viruses and worms at your company’s email gateway.
Compliance. To achieve success in acceptance and usage of the ISO 17799 standards, compliance to the standards must be demonstrated. Our solutions and technology assists you in this by identifying and reporting on observed or suspected security weaknesses, including malicious software, multiple user IDs and accounts, weak passwords, inappropriate user access rights and systems lacking proper audit enablement. It also assists in remediation of systems found to be vulnerable due to outdated software versions, and will obtain, deploy and verify that the latest patches are installed on Windows, Unix/Linux systems.
STEALTH – ISS® Inc. has assisted many companies worldwide to plan, implement, manage and adhere to this IT security standard or obtain the certification with various solutions across systems management, security management and administration. Please contact us to obtain more information, about our services or talk to a consultant.