ISO 27001/2005
This standard ensures compliance to existing and future information infrastructure-related regulations and readiness for the ISO 27001/2005 Award “This standard will be used as baseline to cover the managerial level of information security risks and high level approach to security risks, threats and vulnerabilities. This will cover not only the computer aspects but also the associated parameters as well as personnel, physical security, training/awareness and procedures in place. This will include:
- Risk Assessment
- Policy Review and Development
- Risk Treatment and determination of security controls
- Security Awareness Training
- Incident Management evaluation
- Internal Auditing
- Corrective and Preventive Actions
Why taking ISO 27001/2005 ?
- Information security risk reduction
- Cost-saving: standardization provides an embodiment of good practices that avoids ‘re-inventing the wheel’
- It comes with a structured approach which provides a mechanism for measuring performance and incrementally raising the information security status over the long term
- Market opportunities: stakeholders or regulatory authorities may at some point insist that the organization complies with ISO27001/2005 as a condition of business or to satisfy privacy and other laws
- Brand value
Once the assessment is complete, we will provide a comprehensive overview of remediation and implementation activities required for the customer to implement to achieve ISO 27001/2005 compliancy. Project deliverables:
- Kickoff meeting with project plan
- Weekly progress reports to management including high risk and critical
- Completed risk assessment of all critical applications and all systems
- Vulnerability scan and vulnerability scan review
- Asset classification and criticality/risk assessment matrix
- Security policies (guidelines and templates)
- Security Organization – Roles & Responsibilities (suggestions)
- Principles & Standards
- Security Procedures
- Security Metrics (including templates)
- Implementation of the required documentation for compliance
- Compliance and Security Road-Map
- Detailed project plan for requirements
- Training documentation for framework , security awareness and compliance requirements
- Various checklists (e.g. internal audit forms, reporting templates, risk assessments/analysis, training programs etc)
Expected results after project completion and framework development:
- Comprehensive & verifiable information security management strategy
- Organizational infrastructure & related data protection activities are addressed
- Information Security effectively transformed into a proactive activity
- Ensure compliance to existing and future information infrastructure-related regulations
- Information security framework aligned with business objectives
- Alignment with leading industry practices and methods
