Schedule Demo WannaCry911

What is the ISO 27001 Compliance?

ISO 27001 Information Security Management Systems is the international best practice standard for information security. ISO 27001:2013, the current version of the standard, provides a set of standardised requirements for an information security management system (ISMS). ISO 27001 certification is suitable for any organisation, large or small and in any sector. The standard is especially suitable for organisations which manage high volumes of data, or information on behalf of other organisations and where the protection of information is critical, such as in the banking, financial, health, public and datacentres and IT out sourcing companies.

How is the ISO 27001 standard structured?

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.

The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO/IEC 27002. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted good practice security controls.

Specific controls are not mandated since:

  1. Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances.
  2. It is practically impossible to list all conceivable controls in a general purpose standard. Industry-specific implementation guidelines for ISO/IEC 27001:2013 and ISO/IEC 27002 offer advice tailored to organizations in the telecommunication industry (ISO/IEC 27011) and healthcare (ISO 27799).

How does Promisec Help me achieve ISO 27001?

A.10 Communications and operations management

ISO27001 A-10-1 Operational procedures
Requirement
Objective: To ensure the correct and secure operation of information processing facilities. Ensure the operating systems are running the latest service packs and hotfixes.

Promisec Solution
Ensure the operating systems are running the latest service packs and hotfixes.
ISO27001 A-10-3 System planning and acceptance
Requirement
Objective: To minimize the risk of systems failures.

Promisec Solution
Monitor system settings and parameters like memory usage, available free disk space.
ISO27001 A-10-4 Protection against malicious code
Requirement
Objective: To protect the integrity of software and information.

Promisec Solution
Ensure antivirus agent is running and up to date and remediate non-functional agents
ISO27001 A-10-5 ISO27001 Back-up
Requirement
Objective: To maintain the integrity and availability of information and information processing facilities.

Promisec Solution
Verify which users have rights to perform backup and the path of directories.
ISO27001 A-10-6 Network security management
Requirement
Objective: To ensure the protection of information in networks and the protection of the supporting infrastructure.

Promisec Solution
Verify which users have rights to access data resources across the network
ISO27001 A-10-7 Media Handling
Requirement
Objective: To prevent unauthorized disclosure, modification, removal or destruction of assets, and interruption to business activities.

Promisec Solution
ISO27001 A-10-8 Exchange of information
Requirement
Objective: To maintain the security of information and software exchanged within an organization and with any external entity.

Promisec Solution
Enforce policies to ensure data is encrypted and digitally signed before transmitted
ISO27001 A-10-10 Monitoring
Requirement
Objective: To detect unauthorized information processing activities.

Promisec Solution
Enforce audit log generation and monitor for specific security events

A.11 Access control

ISO27001 A-11-2 User access management
Requirement
Objective: To ensure authorized user access and to prevent unauthorized access to information systems.

Promisec Solution
Monitor for privileged access users and remediate accordingly
ISO27001 A-11-3 User responsibilities
Requirement
Objective: To prevent unauthorized user access, and compromise or theft of information and information processing facilities.

Promisec Solution
Validate user access and password policies
ISO27001 A-11-4 Network access control
Requirement
Objective: To prevent unauthorized access to networked services.

Promisec Solution
Validate endpoint firewall and access policies.
ISO27001 A-11-5 Operating system access control
Requirement
Objective: To prevent unauthorized access to operating systems.

Promisec Solution
Validate various user rights assignments policies
ISO27001 A-11-6 Application access control
Requirement
Objective: To prevent unauthorized access to information held in application systems.

Promisec Solution
Monitor and control access to NTFS shares

A.12 Information systems acquisition, development and maintenance

ISO27001 A-12-3 Cryptographic controls
Requirement
Objective: To protect the confidentiality, authenticity or integrity of information by cryptographic means.

Promisec Solution
Validate cryptographic security policies for the endpoint
ISO27001 A-12-4 Security of system files
Requirement
Objective: To ensure the security of system files.

Promisec Solution
Validate system security policies for the endpoint
ISO27001 A-12-6 Technical Vulnerability Management
Requirement
Objective: To reduce risks resulting from exploitation of published technical vulnerabilities.

Promisec Solution
Validate all installed applications against the known vulnerabilities and exploits

A.13 Information security incident management

ISO27001 A-13-1 Reporting security events
Requirement
Objective: To ensure information security events and weaknesses associated with information systems are communicated in a manner allowing timely corrective action to be taken.

Promisec Solution
Illustrative reports and dashboard views along with notification alerts on various mediums

A.15 Compliance

ISO27001 A-15-2 Compliance security policies
Requirement
Objective: To ensure compliance of systems with organizational security policies and standards.

Promisec Solution
Monitor all endpoints against pre-defined baselines for processes, services, applications, patch levels, security policies for any non-compliance

Is Your Security Compliance Audit Ready?