| |
ISO 27001/27002
ISO 27001/27002 provides a multitude of recommended areas
an organization must address to ensure the security of its information.
The standard touches on multiple aspects of information security. Organizations
choosing to use ISO 27001/27002 as a basis for their security program or to
meet SOX and other mandates will need to develop a comprehensive set of
controls (policies and procedures) that will cut across multiple functional
parts of the business and IT organization. In trying to meet these recommended
measures, many organizations are struggling with:
- Creating and updating controls –
documenting a compliant set of controls
- Implementing controls – ISO 27001/27002
not only requires documented controls, it requires the entity to implement
and communicate those controls across the organization and to external
partners and other third parties
- Managing the program - ISO 27001/27002 requires
significant investment in developing and managing a security “program,“
safeguarding the accuracy and completeness of information and processing
methods
The Business Impact
By adhering to ISO 27001/27002 recommendations companies
demonstrate their commitment to high levels of information security. However,
ISO 27001/27002 does not mandate specific procedures nor define how to implement
the necessary controls to achieve compliance. As a result, the business
impact of ISO 27001/27002 on IT organizations will continue and likely grow,
including:
- Increased costs – costs associated
with adequately achieving and maintaining protection of enterprise information
systems
- Increased risk – increasing risk with
not meeting objectives including: failed regulatory audits, legal liability
from law suits related to privacy disclosures and cost/revenue impact
associated with security breaches
The Compliance Spectrum
ISO 27001/27002 Solution
ISO 27001/27002 offers a benchmark against which to build organizational information
security. It also offers a mechanism to manage the information security
process. There are numerous areas into which ISO 27001/27002 is organized, together
with Compliance Spectrum’s products and services we address all ISO
27001/27002 control areas. Key capabilities of the Compliance Spectrum ISO 27001/27002
solution include:
- Requirements management – identifies
gaps between current policies and controls and ISO 27001/27002 recommendations
- Controls management (policy and awareness)
– provides a centralized repository for policies and controls,
comprehensive templates for 'quick start' programs, and deployment and
awareness tracking for auditable proof
- Vulnerability and incident management –
provides a comprehensive vulnerability database, targeted alerting,
and task management and status tracking
- Compliance and program management –
ISO 27001/27002 requires a high level of ongoing security program management
and Compliance Spectrum’s solution provides the automation to support
the tracking, reporting and metrics associated with a compliant program
Compliance Spectrum’s Spectra
automates key processes across the IT compliance
life cycle.
For more solutions click on the
compliance standards below:
Contact us
to learn more >>
|
Privacy Policy 
