|
Rating Security and Systems... Is system security a technology or business (risk)
issue? A question posed to top executives with over 55% answering that it is a technology issue - result from a KPMG study that also found that over 40 of top executives while concern with security the
ability to manage security threats must improve. Treating security as a measurable activity whose progress can be track and improve through management fundamentals. ISO/IEC 27002 can provide these fundamentals for management to
track and improve security and technology relating issues. Once dressed with realistic metrics, the path to best security practices has commences. Management should ask not only on the safety of information but ascertain that their organization understand what it takes for making IT safe and safer. Further, even know a level (metric) of security. Whilst ISO/IEC 27002 (ISO/IEC 17799) provides
fundamentals to measure how is the safety of our IT is doing, teamwork and knowledge are important for organizations to improve, innovate and perhaps invent (I3 - a BULLTEK network of professionals modular technique
). Discontinuance of technology is one of the many challenges that today's enterprise phase, and measuring security within an continual moving target it's more of a challenge.
It is also of interest indicate that ISO/IEC 27001 is not the only scheme providing management and metrics fundamentals, also consider others:
 (iaesa.disa.mil/ditscap), Department of Defense
Information technology Security Certification and Accreditation Process - used by the DoD that documents, assesses and certifies the security of its computers systems before they're implemented and over the course of
their use. This program pursuit, implements and practice a framework similar to ISO/IEC 27002.
These standards as well as ISO/IEC 27001 | ISO/IEC 17799 provide a point of departure toward what we have been informed I3. Visit one of our network of professionals and supporters Global Virus Map
page, updated daily. For international certification of the information security management system, Creating an Information Incident Team By implementing an information security incident
investigation policy and designating a incident response team will assist in mitigating and preventing intrusion and issue relating to information security. When provided by local
authorities assure liaison with law enforcement. The action taken by this response team shall be objective, robust and viable to stand in court, as the need rises. An investigative process may follow a simple three-step strategy:
|
ISO/IEC 27002 is the implementation standard | ISO/IEC 27001 is the assessment standard... ...A qualified and competent certification body can assess an ISMS through mapping techniques and methods of information system security. This security of information management system assessment ISO/IEC 27001 (based on ISO/IEC
27002) can be fuse with other International Management Systems such as ISO 9001, ISO 22000, SrA, and ISO 14001, which provides a key component for the reduction of risk. The macro advancement activities-components are:
ß ß ß ß ¬ Continual Improvement
It determines the specific security situation in accordance to latest advent of technology applying the International Standard ISO/IEC 27001 2005 (on the basis of ISO/IEC
27002 2005, former ISO/IEC 17799) provides for action taking and thus bridging actual practices and contemporary with latest (global) best practices. This is a combined protocol service assessing the organization vulnerabilities and provides
information assisting in the level of risk encountered. This assessment may include the assessment team's Contemporary Documentation and System Implementation
Training Comprises of training and workshop for the implement of management policies, practices and methods in an agile yet robust structure. Objectives reside in creating the fundamentals for protection of knowledge and on going
opportunities for improving. Risk Assessment is a vital component of ISO/IEC 27002 in providing with an evaluation of assets, dependent on
the probable intrusions and vulnerabilities as encountered during the BaseLine Analysis fact-finding activity. Training and Development of Auditing Personnel to Validate Implementation The objective
of the "Advance ISO/IEC 27001 | ISO/IEC 27002 Auditor" program is necessary to ensure that not only security measures are implemented but maintained within continual the realm of updates and continual improvement. This training is
not unique to IT professionals it does include a cross-functional representation of the organization and leads to validation through combining history, external events and external technical information. Once the management system is implemented and counter intrusion measurements deployed the organization can advance to improve practices and methods concurrent with the advent of new technology. Team Approach, Deliverables and Ongoing Support Safeguarding and preventing intrusion is an ongoing task. Outsourcing is effective for many organizations. Combining outsource with corporate security intelligence
can provide support for ongoing security solutions. Transferring tacit knowledge explicitly through a team effort propitiates advancement in objectives for reduction of risk. The BULLTEK network team provides links to competent organizations
that can assist in maintenance of technical and management leading edge efforts enabling continual improvements in security.
Baseline Assessment
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
© Copyright 2000
BULLTEK LTD, All rights reserved 2011. Page updated 06 Nov, 2011
 |
 |
 |
 |
 |