ISO Compliance

Overview

·         ISO 27001

ISO 27001 was recently updated after being first released in 2005, is a specification for an information security management system (ISMS). The standard lays out mandatory requirements that are able to be audited and certified. It contains a cycle of four phases that must continually be implemented.

The Plan Phase The Do Phase The Check Phase The Act Phase
o    Identify business objectives

o    Obtain management support

o    Select implementation scope

o    Define method of risk assessment

o    Prepare inventory of information assets to protect

o    Manage risks

o    Enact policies and procedures

o    Allocate resources and train staff

o    Monitor implementation of ISMS

o    Prepare for certification audit

o    Conduct regular assessment audits

ISO 27002

ISO 27002 is not a formal specification and is not certifiable. Instead, it supports ISO 27001 by recommending detailed guidance for addressing information security objectives related to data confidentiality, integrity and availability, and deploying an ISMS. ISO 27002 also recently was updated and contains 114 controls listed under the following main sections:

    • Structure
    • Securiy Policy
    • Organization of Information Security
    • Human Resources Security
    • Asset Management
    • Cryptography
    • Physical And Environmental Security
    • Operations security
    • Communications Security
    • Information Systems Acquisition, Development, Maintenance
    • Supplier Relationships
    • Information Security Incident management
    • Information Security Aspects of Business Continuity
    • Compliance
    • Access Control

Solutions

  • GTIS provides a comprehensive portfolio that can help organizations of any size respond to the ISO 27000 series of standards.
Plan and Prepare

Conducting a Risk Assessment is the first step to identifying and implementing safeguards necessary to meet compliance. GTIS helps you find gaps that may exist between your current security posture and ISO guidance. The customizable assessments, scaled individually for your organization, include identification of key assets and IT systems, assessment of controls and frameworks and a review of third-party providers and incident response programs.

Address Gaps and Vulnerabilities

GTIS products and services help organizations respond to the controls listed in the ISO standards and implement best practice suggestions Here’s how we can help:

SIEM

Helps you gain broad visibility of threats to your network and improve your compliance process through logging, monitoring, and analysis of events.

Network Access Control

Ensures managed and unmanaged devices connecting to the network comply with policies and do not introduce malware.

Data Loss Prevention

Allows you to discover and classify sensitive data and prevent it from leaving the network.

Security Awareness Education

Instructs your employees and contractors to understand the threat of social engineering and follow best practices for security, including password management and the safe use of web and social media tools.

Incident Readiness and Response

Prepares your staff to proactively identify the indications of a breach and contain it quickly and efficiently.

Compliance

Identifies areas of risk and establishes the business and technical requirements needed for an effective information security program.