Click&DECiDE 's ISO 27002 (17799) Compliance Suite
Today’s business is all about security and compliance. Whether it is Sarbanes-Oxley,
PCI, LSF, Basel II, GLBA, FISMA … IT stakeholders have a new set of acronyms
they must be concerned about. Compliance with the ISO/IEC 27002 (17799) and 27000
Standards go a long way to ensuring compliance with these key International Internal
Control Regulations. Click&DECiDE ’s ISO 27002 Compliance Suite White
Paper for the ISO/IEC 27002 Standard presents a cutting edge solution to
offer automated log collection, archival, reporting and alerts based on infrastructure
data to secure audit trails and enforce business, and IT policies related to compliance.
What is ISO/IEC 17799:2005?
ISO/IEC 17799:2005 is a code of practice for information security that stems from
an original publication in 1993, from the DTI (Department of Trade and Industry)
in the UK. It became BS7799 in 1995, BS7799 was therefore the forerunner of ISO17799.
It became ISO 17799 in December 2000 and was published under its dual standard ISO
27002. As such, ISO 27002 offers guidelines and voluntary directions for information
security management. As information security becomes increasingly important to the
continued success of businesses, many are seeking an appropriate security framework.
The ISO/IEC 27002 standard is widely becoming the choice for many.
By automating compliance reporting and alerting based on critical enterprise infrastructure
data collected and archived by Click&DECiDE , the Click&DECiDE ISO 17799
Compliance Suite takes away the complexity and heavy resource requirements
to implement internal control frameworks such as ISO 27002, COBIT, COSO…
Request the
Click&DECiDE ISO 17799 Compliance Suite White Paper to find out
more. Click here...
ISO 27002 requires processes to ensure that the security controls for a system
are fully commensurate with its risks. This embraces the analysis of relevant threats,
vulnerabilities, controls in place and potential impacts. Under ISO 27002 concerned
parties must in no way be complacent concerning their Security Event Management.
ISO 27002 contains 11 working sections that define the Information Security standard.
These sections include, amongst others, standards for establishing Security Policy,
Asset Classification and Control, Access Control and Compliance.
ISO 27002 Challenges
Under ISO 27002 you must have a system for the following:
- Monitoring access to your systems.
- Retaining the integrity of unaltered logs.
- Reporting material events to both upper management and the board
of directors.
- Establishing sufficient audit trails to address threats and problems.
- Reporting material events to both upper management and the board
of directors.
Click&DECiDE 's Solutions
To address certain of the Internal Control requirements of ISO 27002, Click&DECiDE
's Solutions can help companies deal with the following issues:
- Security Event Log Archival.
- Access Control.
- Malicious Code Detection.
- Policy Enforcement.
- User Monitoring & Management.
- Vulnerability Management.
- Real-Time Reporting.
- Forensic Analysis.
Click&DECiDE Solutions collects your raw event data and consolidates, filters
and analyzes the data to deliver alerts in real-time, to report incidents to upper
management and the board of directors. We also provide you with scheduled or real-time
precision dashboards, reports which are chronologically interlinked and supply you
with historical trend analysis and forensic analysis. Let Click&DECiDE help
you comply with these regulations and automate this International necessity.
- Your Logs: the compliance regulations are clear concerning the
need for log analysis and retention. If companies have a running record of all the
events occuring on their networks, they can easily discover what went wrong. This
can also aid in following and prosecuting perpetrators.
- Your Risk: are you under attack? When a security breach occurs,
such as a virus, a worm, a disgruntled employee or even a hacker, Click&DECiDE
will pinpoint the breach and distinguish a virus from a hacker and so on.
- Your Shared Reports: security is a shared concern. By constantly
analyzing logged evnts and keeping a stock of logged events, all your departments,
including the IT Security department can generate reports on network activity and
security to share the information with Senior Management.
Request our White Paper
View a Flash Movie of our Solution
Click&DECiDE's Training Workshops
Improve your understanding of the issues raised by the Internal Controls required
by standards such as ISO 27002 and key international regulations: Basel II, Sarbanes-Oxley
(SOX), PCI DSS, SEC 17a-3, a-4, NASD 3010, 3110, Tabaksblat Code, Lippens Code,
La Loi de Sécurité Financière (LSF) that affect the IT function
within your organization. Please contact our Senior Consultant, Benoît Rostagni
for more information: benoit.rostagni@clickndecide.com
Our interactive Training workshops cover the related Governing Bodies (PCAOB, AMF...),
the key internal control frameworks: ISO/IEC 27002, COSO and COBIT and the relationship
and alignment between them. We tailor the content of our workshops to your needs,
according to range of topics you select the workshops can range from 1-2 Days.
Read more...
Bringing your company's security up to meet the regulatory standards may require
various changes, for example managing the reams of log data in your database, managing
your database volumes. We help you store, aggregate and purge your data, decrease
your database volumes and easily analyze and report pure business intelligence knowledge
in real-time, tailored to each of your department's specific needs. Please contact
us to see how we can help you: sales@clickndecide.com
|
Quick Links
Compliance Center
Sarbanes-Oxley
Basel II
Tabaksblat Code
LSF
GLBA
HIPAA
 ISO 27002
PCI DSS
Compliance Training
|
