|
ISO 17799/27002 Security Assessment
Description: To provide an ISO 17799/27002 Security Assessment that provides a clear understanding of the gaps between current security policies, security management processes and controls and ISO 17799/27002, and provides a phased roadmap empowering organizations to close those gaps. These recommendations are based upon comprehensive interviews, conducted by our information security experts who possess in-depth business experience and knowledge of industry and regulatory compliance requirements.
The ISO 17799 Security assessment was designed to provide an overview of the state of organizational and technical security. This engagement focuses on security (and overlapping privacy policies), procedures, physical access controls, technical access controls and internet/intranet controls. For years, organizations have been searching for an objective benchmark to measure the security of potential business partners and to distinguish the quality of their own services. ISO 17799/27002 is the defacto standard because it provides a comprehensive catalogue of topics that should be considered in designing, implementing, and operating a secure IT infrastructure. The standard is a collection of controls that are detailed under 11 major headings. 1. Security Policy 2. Organizing Information Security 3. Asset Management 4. Human Resources Security 5. Physical and Environmental Security 6. Communications and Operations Management 7. Access Control 8. Information Systems Acquisition, Development and Maintenance 9. Information Security Incident Management 10. Business Continuity Management 11. Compliance The ISO 17799/27002 Security Assessment includes: 1. Project planning to ensure that expectations, timelines and deliverables are appropriately managed. 2. Interviews to determine the business environment and current security management and system admin processes through in-depth discussions with key players in the organization. 3. Review of Security Policies, Procedures & Practices to evaluate existing security policies, procedures and practices in comparison to the ISO 17799/27002 international security standard and industry best practices. 4. Analysis of the results and preparation of a concise, detailed technical and ISO 17799/27002 Security Assessment Executive Summary Report. 5. External and Internal Vulnerability scanning to discover all devices and applications across the network, and to identify and eliminate the security threats that make network attacks possible. Deliverables: · ISO 17799/27002 Security Assessment Report Options: · The ISO 17799/27002 Security Assessment can be customized to provide specific emphasis on controls applicable to Health Insurance Portability and Insurance Act (HIPAA), Payment Card Industry (PCI), and Graham Leach Bliley (GLBA) |
