Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Toolkit content

  Quote
Guest
Guest user Created:   Mar 06, 2020 Last commented:   Mar 06, 2020

Toolkit content

1. Hi there, we need to figure out whether or not we need ISO 27001 compliance. Some of the requirements our potential client has are as follows:

Audit review, plan, and information as to the audit standards they're using Network penetration testing Internal External Application penetration testing Vulnerability scanning for network, internal and external Logical network diagram, with data flow if possible with encryption levels. Security baseline stands? Hardening standards? Info on corporate RTO and RPO standards SDLC - tollgates Application testing? SAST, DAST, SCA, IAST, MAST? All policies, standards, and procedures documents, including Secure coding standards Risk assessment document Change management Conscia to provide a summary of our most recent Disaster Recovery (DR) audit Conscia to provide network and application layout diagram for our product.

2. What is a SIEM solution? What log review tools? Frequency of the log reviews. Is some of this covered in your toolkit?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 06, 2020

1. Hi there, we need to figure out whether or not we need ISO 27001 compliance. Some of the requirements our potential client has are as follows:

Audit review, plan, and information as to the audit standards they're using Network penetration testing Internal External Application penetration testing Vulnerability scanning for network, internal and external Logical network diagram, with data flow if possible with encryption levels. Security baseline stands? Hardening standards? Info on corporate RTO and RPO standards SDLC - tollgates Application testing? SAST, DAST, SCA, IAST, MAST? All policies, standards, and procedures documents, including Secure coding standards Risk assessment document Change management Conscia to provide a summary of our most recent Disaster Recovery (DR) audit Conscia to provide network and application layout diagram for our product.

First, it is important to note that the requirements you have declared as your prospects do not include ISO 27001; therefore, you do not have to comply with ISO 27001.

However, ISO 27001 provides requirements for the planning, implementation, operation, and improvement for an Information Security Management System (i.e., what you need to do), and by certification against this standard, you will be more prepared to attract new customers.

For further information, see:

You can see a full list of documents included in the toolkit on this page: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

These articles will provide you a further explanation about ISO 27001:

2. What is a SIEM solution? What log review tools? Frequency of the log reviews. Is some of this covered in your toolkit?

Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across an IT infrastructure.

SIEM collects security data from assets like network devices, servers, domain controllers, etc., and applies analytics to that data to discover trends, detect threats and enable organizations to investigate any alerts.

ISO 27001 does not prescribe the frequency of the log reviews, only that frequency must be defined according to identified risks, so the toolkit provides templates that require the organization to define the frequency of the log reviews. You can see how this is implemented in the Security Procedures for IT Department template at this link: https://advisera.com/27001academy/documentation/security-procedures-for-it-department/ 

Please note that the toolkit does not include software solutions for SIEM or tools for log review. The toolkit provides the mandatory and most common documents to be compliant with ISO 27001.

This article will provide you a further explanation about monitoring:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 06, 2020

Mar 06, 2020

Suggested Topics

Guest user Created:   Sep 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   May 28, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content

Guest user Created:   Mar 11, 2021 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content