|
Rating Security and Systems... Is system security a technology or business (risk)
issue? A question posed to top executives with over 55% answering that it is a technology issue - result from a KPMG study that also found that over 40 of top executives while concern with security the
ability to manage security threats must improve. Treating security as a measurable activity whose progress can be track and improve through management fundamentals. ISO/IEC 27002 can provide these fundamentals for management to
track and improve security and technology relating issues. Once dressed with realistic metrics, the path to best security practices has commences. Management should ask not only on the safety of information but ascertain that their organization understand what it takes for making IT safe and safer. Further, even know a level (metric) of security. Whilst ISO/IEC 17799 provides fundamentals to measure how is the safety of our IT is doing,
teamwork and knowledge are important for organizations to improve, innovate and perhaps invent (I3 - a BULLTEK GlobalNet modular technique)
. Discontinuance of technology is one of the many challenges that today's enterprise phase, and measuring security within an continual moving target it's more of a challenge. It is also of interest indicate that ISO/IEC 17999 |
ISO/IEC 27001 is not the only scheme providing management and metrics fundamentals, also consider others:
 (iaesa.disa.mil/ditscap), Department of Defense
Information technology Security Certification and Accreditation Process - used by the DoD that documents, assesses and certifies the security of its computers systems before they're implemented and over the course of
their use. This program pursuit, implements and practice a framework similar to ISO 17799.
These standards as well as ISO/IEC 27001 | ISO/IEC 17799 provide a point of departure toward what we have been informed I3. Visit our GlobalNet Global Virus Map
page, updated daily. For international certification of the information security management system, Creating an Information Incident Team By implementing an information security incident
investigation policy and designating a incident response team will assist in mitigating and preventing intrusion and issue relating to information security. When provided by local
authorities assure liaison with law enforcement. The action taken by this response team shall be objective, robust and viable to stand in court, as the need rises. An investigative process may follow a simple three-step strategy:
|
ISO/IEC 27002 is the implementation standard | ISO/IEC 27001 is the assessment standard... ...A qualified and competent certification body can assess an ISMS through mapping techniques and methods of information system security. This security of information management system assessment ISO/IEC 27001 (based on ISO/IEC
27002) can be fuse with other International Management Systems such as ISO 9001, ISO 22000, SrA, and ISO 14001, which provides a key component for the reduction of risk. The macro advancement activities-components are:
ß ß ß ß ¬ It determines the specific security situation in accordance to latest advent of technology applying the International Standard ISO/IEC 27001 2005 (on the basis of ISO/IEC
27002 2005, former ISO/IEC 17799) provides for action taking and thus bridging actual practices and contemporary with latest (global) best practices. This is a combined protocol service assessing the organization vulnerabilities and provides
information assisting in the level of risk encountered. This assessment may include the assessment team's Contemporary Documentation and System Implementation
Training Comprises of training and workshop for the implement of management policies, practices and methods in an agile yet robust structure. Objectives reside in creating the fundamentals for protection of knowledge and on going
opportunities for improving. Risk Assessment is a vital component of ISO/IEC 27002 in providing with an evaluation of assets, dependent on
the probable intrusions and vulnerabilities as encountered during the BaseLine Analysis fact-finding activity. Training and Development of Auditing Personnel and Implementation The objective of the
"Advance ISO/IEC 27001 | ISO/IEC 27002 Auditor" program is necessary to ensure that not only security measures are implemented but maintained within continual the realm of continual improvement. Our own updated Security
Countermeasures Software is deployed. This training is not unique to IT professionals it does include a cross-functional representation of the organization.
Once the management system is implemented and counter intrusion measurements deployed the organization can advance to improve practices and methods concurrent with the advent of new technology. Team Approach, Deliverables
and Ongoing Support Safeguarding and preventing intrusion is an ongoing task. Outsourcing is effective for many organizations. Combining outsource with corporate security intelligence can provide support for ongoing security
solutions. Transferring tacit knowledge explicitly through a team effort propitiates advancement in objectives for reduction of risk. The BULLTEK GlobalNet team provides links to competent organizations that can assist in maintenance of
technical and management leading edge efforts enabling continual improvements in security.
Baseline Assessment
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
© Copyright 2000
BULLTEK LTD, All rights reserved 2008. Page updated 05 May, 2008
 |
 |
 |
 |