ISO 27001 and SIEM
Me gustaria tratar el tema acerca de como integrar la ISO 27001 con la implementación de un SIEM, es decir, tengo claros algunos conceptos y algunas relaciones existentes, pero me gustaria fundamentar de mejor manera dicha integración y conocer mas acerca de la ISO 27001 para poder relacionarla.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
I would like to address the issue of how to integrate ISO 27001 with the implementation of a SIEM, that is, I have clear some concepts and some existing relationships, but I would like to better base this integration and learn more about ISO 27001 to be able to relate it.
A Security Information and Event Management (SIEM) is a software or service which combines security information management (SIM) and security event management (SEM), providing real-time analysis of security alerts generated by network hardware and applications.
ISO 27001 is a set of requirements to plan, implement, operate and improve an Information Security Management System. It is composed by a set of requirements for information security management (section 4 to 10), and a set of controls (Annex A), which can be used to treat relevant risks.
Considering these definitions, you can understand SIEM as an implementation way for some controls from Annex A (primarily those from sections A.12.4 Logging and monitoring, A.13.1 Network security management, and A.16 Information security incident management).
A proper integration between ISO 27001 and SIEM is ensured based on the results of risk assessment and risk treatment, were relevant risk are identified and treated by the application of controls defined in the above-mentioned sections.
This article will provide you further explanation about ISO 27001 security controls:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
- How to manage network security according to ISO 27001 A.13.1 https://advisera.com/27001academy/blog/2016/06/27/how-to-manage-network-security-according-to-iso-27001-a-13-1/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 13, 2020