ISO 17799
ISO Standards Benefits:
- Independent Standards Benchmarking
- Improvement of Internal Controls & Business Continuity Management
- Validates Operational Risk Management & Corporation Governance
- Formalizes Security Processes, Procedures, and Documentation
- Provides a Competitive Advantage
- Confirms Executive Commitment to Corporate Security
- Demonstration of Security Posture for clients, partners, and auditors
- Regular assessment process to ensure security practice improvement
ISO 17799/27001 Standards
Security is becoming a business issue. Executive management and organizations are now challenged with understanding the status of their security posture in comparison to industry standards. The International Organization for Standardization (ISO) has developed the following standards for information security:
ISO17799
BS ISO/IEC 17799:2005: This universal standard provides a complete set of guidelines for an effective Information Security Management System (ISMS). It is essential guidance to help you manage an effective information security management policy. It offers common language and a common understanding to develop, implement and measure effective security management practice.
ISO27001
BS ISO/IEC 27001:2005 is the new complementary standard to BS ISO/IEC 17799:2005 (BS 7799-1:2005). The standard provides a specification for an Information Security Management System and the foundation for third party audit and certification. BS ISO/IEC 27001:2005 also ensures effective information security management is established and maintained through a continual improvement process, and implements the Organization for Economic Co-operation and Development (OECD) principles governing the security of information systems and network.
ISO Domains
The standard is comprised of 11 distinct domains of information security:
- Security Policy
- Organization of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
- Compliance
ISO 27001 / ISO 17799 Service Offerings:
Through proven methodology, common framework, and tools, FishNet Security provides the related following service offerings for our clients:
- ISO 27001/17799 Gap Analysis
- ISO 27001/17799 Readiness Assessment
- ISO 27001/17799 Remediation Management
The FishNet Security Approach
FishNet Security leverages our experience in conducting ISO consulting engagements and knowledge of information security to build a scalable, repeatable process. Our process consists of a series of interviews (including key business and technical stakeholders) across all functional business units, operational and environment observations, and reviewing related ISO domain documentation. Through this methodology, our security consultants effectively identify gaps, provide recommendations (process, people, and technology), and assist in preparing your organization to apply for an official ISO27001 certificate of registration.
About FishNet Security
At FishNet Security, our common goal is to be your trusted Information Security solutions provider and advisor. From multi-disciplined compliance auditing and assessment, to training, integrating, and supporting complex multi-vendor enterprise security solutions, Fishnet Security can help with all of your information security services and infrastructure needs.