Security Compliance

ISO 27000 Series Overview

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a series of standards for information security management best practices. Information security controls and objectives are provided along with implementation and assessment guidance in the ISO 27000 series which has been widely adopted in the International community. ISO/IEC 27002 equivalent national standards are:

  • Australia and New Zealand AS/NZS ISO/IEC 17799
  • Netherlands NEN-ISO/IEC 17799
  • Denmark DS 484
  • Sweden SS 627799
  • Japan JIS Q 27002
  • Spain UNE 71501
  • United Kingdom BS ISO/IEC 27002
  • Uruguay UNIT/ISO 17799
  • Estonia EVS-ISO/IEC 17799

This standard recommends organizations implement security policies for both internal and external parties. The following sections are used as progressive guidance to help reduce risk and foster better security management practices throughout an organization.

ISO Standard Clauses

Risk Assessment Help identify, quantify, prioritize and treat risks to organization.
Security Policy Provide policies and guidelines consistent with corporate requirements, industry standards and regulations.
Organization of Information Security To organize and manage information security for both internal and external third parties.

Asset Management

Protection of organization assets and information.

Human Resources Security

Ensure employees, contractors and third party user accounts and permissions are managed appropriately on creation, modification and removal.

Physical & Environmental Security

Monitor access and protection of physical resources to avoid compromises or theft.

Communications & Operations Management

Monitor systems and active policies to minimize risk of failures, protect integrity of information, maintain availability, secure communications and maintain audit trail.

Access Control

Control access to information on systems, network, applications and devices to prevent unauthorized access, compromises and theft of information.

Information System Acquisition, Development and Maintenance

Ensure security is an integral part of information systems lifecycles to protect the confidentiality, availability and integrity of organizations assets and information.
Information Security Incident Management Alert and communicate security incidents in timely manner and until resolved or mitigated appropriately.
Business Continuity Counteract impact if information system asset and information loss to organization processes and business activities.
Compliance Avoid breaches of any law, regulation, contractual obligations or security requirements.
How it affects you

The ISO 27002 standard provides an international best practice guide to implementing information security policies and controls that have been adopted by numerous different countries as a national information security standard. Depending on your industry, corporate policy and residing country these standards may be enforced in different ways.

How we can help

Secure Vantage builds products that can help you meet the requirements of the ISO 27002 and affiliated standards. We fulfill the following requirements using System Center Operations Manager and Configuration Manager:

Requirement

Secure Vantage Technologies Offering

Asset Management

Asset availability and log integrity audit and reporting.

Human Resources Security

Canned collection and reporting on account creation, deletion, deactivation plus permission and group changes.

Physical & Environmental Security

Use Operations Manager to collect events from environmental and physical monitoring devices.

Communications & Operations Management

Canned configuration and group policy auditing for Windows OS security policies, general system configuration and communication settings.

Access Control

Canned monitoring, alerting and reporting of authentication attempts, permission modifications, policy changes and object access activity.

Information System Acquisition, Development and Maintenance

Leverage solutions during asset acquisition, development, staging and production to ensure common controls and monitoring policies are enforced.
Information Security Incident Management Default security incident alerting with custom control templates to facilitate optimization. Incidents can be responded to with emails, pages, service tickets and remediation tasks.
Business Continuity Monitor Disaster Recovery environment and data transfers to ensure information availability and business continuity.
Compliance Leverage compliance libraries to quickly assess and audit your environment for general and specific security controls.

Learn More.....

News & Events

Press Release 07/08/08: Secure Vantage Technologies and Infront Consulting join forces to offer free training and education series for the Audit Collection Service

Press Release 05/21/2008: Secure Vantage Technologies partners to create a Security Management Partner Solutions bundle for System Center customers

Read more