Guest
Required tools for ISO 27001
I am working in the ISO 27001 certification project which has started the project recently. In-addition, we started PCI-DSS project earlier and at the middle stage of that higher management would like to know about the estimated cost for purchasing different monitoring, assessment tools both for PCI-DSS and ISO 27001 and would not invest further for ISO 27001 requirement only at later. In this situation I have asked for a list of needed tools for ISO 27001 and I am preparing the list (e.g. Network Monitoring, Availability, Vulnerability; Database Activity Monitoring, Status; System Users Activity; Log Management; Change Management, etc.) Could you please help me in this regard to figure out all needed software/tool for assuring highest level of security, monitoring and assessment/analysis.
Assign topic to the user
Answer: PCI-DSS is not my field of expertise, but ISO 27001 does not require you to implement any of these tools - ISO 27001 requires you to assess whether there are risks in your organization that would require such tools, and if yes - then you would n eed to implement the tools.
In my experience, large majority of companies already do have most of the technology they need, but they don't use it in an appropriate way.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016