Phone: USA +1 (703) 473-6200 | IND +91 9818398494 | +91 9899 809 804 | Email: email@example.com
· ISO 27001
ISO 27001 was recently updated after being first released in 2005, is a specification for an information security management system (ISMS). The standard lays out mandatory requirements that are able to be audited and certified. It contains a cycle of four phases that must continually be implemented.
The Plan Phase
The Do Phase
The Check Phase
The Act Phase
o Identify business objectives
o Obtain management support
o Select implementation scope
o Define method of risk assessment
o Prepare inventory of information assets to protect
o Manage risks
o Enact policies and procedures
o Allocate resources and train staff
o Monitor implementation of ISMS
o Prepare for certification audit
o Conduct regular assessment audits
ISO 27002 is not a formal specification and is not certifiable. Instead, it supports ISO 27001 by recommending detailed guidance for addressing information security objectives related to data confidentiality, integrity and availability, and deploying an ISMS. ISO 27002 also recently was updated and contains 114 controls listed under the following main sections:
Organization of Information Security
Human Resources Security
Physical And Environmental Security
Information Systems Acquisition, Development, Maintenance
Information Security Incident management
Information Security Aspects of Business Continuity
GTIS provides a comprehensive portfolio that can help organizations of any size respond to the ISO 27000 series of standards.
Plan and Prepare
Conducting a Risk Assessment is the first step to identifying and implementing safeguards necessary to meet compliance. GTIS helps you find gaps that may exist between your current security posture and ISO guidance. The customizable assessments, scaled individually for your organization, include identification of key assets and IT systems, assessment of controls and frameworks and a review of third-party providers and incident response programs.
Address Gaps and Vulnerabilities
GTIS products and services help organizations respond to the controls listed in the ISO standards and implement best practice suggestions Here’s how we can help:
Helps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.
Network Access Control
Ensures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.
Data Loss Prevention
Allows you to discover and classify sensitive data and prevent it from leaving the network.
Security Awareness Education
Instructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.
Incident Readiness and Response
Prepares your staff to proactively identify the indications of a breach and contain it quickly and efficiently.
Identifies areas of risk and establishes the business and technical requirements needed for an effective information security program.