ISO 27001 Annex A controls mapping to products and solutions
Assign topic to the user
Nonetheless, if you don't mind for me to ask, do you have a mapping for ISO 27001 (Annex A) to technical controls (such as all of the technical products and solutions); I think it is more on IT/IT Security/CyberSecurity technical controls.
Answer: Since technical implementation will depend on each organization's business and security requirements, the market of technical solutions changes very quickly, and combinations of technologies can result in different levels of security, building and maintaining such mapping is unpractical.
What I can orient you to do is identify first the main concepts your security solution needs, based on the recommendations of Annex A controls (these are not product/technology - oriented) and then contact you regular suppliers or the big players to see what they can offer you to cover you r needs. Regarding specific technologies, maybe you can find information on NIST Special Publications (https://csrc.nist.gov/publications/PubsSPs.html)
This article will provide you further explanation about NIST documents:
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
These materials will also help you regarding ISO 27001 Annex A:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
May 01, 2017