Can we handle ISO 27001 implementation remotely?
Assign topic to the user
Answer: This question doesn't seem to be related to ISO 27001 because this standard does not mention specifically security operations centers. In other words, from ISO 27001 perspective you can perform monitoring in the way you mentioned.
Can we handle ISO 27001 implementation remotely meaning not being onsite ?
Answer: Theoretically this is possible, but I would say this would be difficult in practice - implementation of ISO 27001 is not like installing a software; rather, you have to make sure that new security rules are complied with, which often means changes in people behavior. And such changes are difficult to enforce if you are not present on-site.
See also these articles:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/is o-27001-implementation-checklist/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
I got the reply in the sense of ISO 27001 but I forwarded it as a separate question , meaning I was not asking it in terms of ISO 27001 requirements.
Can we monitor Security of our geographically dispersed offices through SOC (security Operations Center) ? For instance, cyber-security of office (in Europe) from an office (in Asia) ?
I'm sorry but we are specialists in ISO 27001, not in security operations centers, so I cannot really provide you an answer to this question.
About the question regarding monitoring of geographically dispersed offices, if we consider a SOC as a centralized unit that handles security by using data processing and communication technologies for assessing, monitoring and defending assets, any asset, no matter where it is located, which is capable to be reached through communication technologies and can provide information about your status can be remotly monitored.
Which mus be clearly understood is that cybersecurity includes assets and situations that cannot be remotly handled (e.g.: people behavior, "dumb" equipment, and assets and processes out of a communication network), so a remote SOC can provide only partial protection, that should be complemented by local activities.
Comment as guest or Sign in
Nov 01, 2016