ISO/IEC 27001:2013 – Information security management
ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices.
ISO/IEC 27001:2013 (formally ISO27001:2005) will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
It can help small, medium and large businesses in any sector keep information assets secure.
What Are the Benefits of ISO 27001 Certification?
Assurance
Demonstrates the independent assurance of your internal controls and meets corporate governance and business continuity requirements.
Competitive
Provides a competitive edge by meeting contractual requirements and demonstrating to your customers that the security of their information is paramount.
Commitment
Proves your senior management’s commitment to the security of its information.
Assessment
The regular assessment process helps you to continually monitor your performance and improve.
Which information security controls can we assist with Osirium?
We mapped Osirium to a Statement of Applicability (SoA) for ISO27001:2013 in relation to Privilege Users and we identified that we could address the following controls;
9.1 Business Requirements of Access Control
9.2 User Access Management
9.3 User Responsibility
9.4 System and Application Access Control
10.1 Cryptographic controls
11.2 Equipment
12.1 Operational procedures and responsibilities
12.2 Protection from Malware
12.3 Backup
12.4 Logging and Monitoring
13.1 Network Security Management
13.2 Information Transfer
14.1 Security requirements of information systems
14.2 Security in development and support processes
15.1 Information Security in Supplier Relationships
15.2 Supplier service delivery management
16.1 Management of IS incidents and improvements
Please contact us directly for a breakdown on how we addressed all these aspects in the SoA.
