Rating Security and Systems...

Is system security a technology or business (risk) issue? A question posed to top executives with over 55% answering that it is a technology issue - result from a KPMG study that also found that over 40 of top executives while concern with security the ability to manage security threats must improve.

Treating security as a measurable activity whose progress can be track and improve through management fundamentals. ISO/IEC 27002 can provide these fundamentals for management to track and improve security and technology relating issues. Once dressed with realistic metrics, the path to best security practices has commences.

Management should ask not only on the safety of information but ascertain that their organization understand what it takes for making IT safe and safer. Further, even know a level (metric) of security.

Whilst ISO/IEC 27002 (ISO/IEC 17799) provides fundamentals to measure how is the safety of our IT is doing, teamwork and knowledge are important for organizations to improve, innovate and perhaps invent (I3 - a BULLTEK network of professionals modular technique). Discontinuance of technology is one of the many challenges that today's enterprise phase, and measuring security within an continual moving target it's more of a challenge.

It is also of interest indicate that ISO/IEC 27001 is not the only scheme providing management and metrics fundamentals, also consider others:

  • OCTAVE , Operational Critical Threat, Asset, and Vulnerability Evaluation
  • ISMS certification
  • CIS, launch benchmark for Windows 2000 and Solaris plus VPN, routers and Firewalls
  • Federal Information Technology Security Assessment Framework - US Government agencies methodology to assess IT security programs and pursuit improvement.
  • DITSCAP Visit DITSCAP(iaesa.disa.mil/ditscap), Department of Defense Information technology Security Certification and Accreditation Process - used by the DoD that documents, assesses and certifies the security of its computers systems before they're implemented and over the course of their use. This program pursuit, implements and practice a framework similar to ISO/IEC 27002.

These standards as well as ISO/IEC 27001 provide a point of departure toward what we have been informed I3.

Visit one of our network of professionals and supporters changing Global Virus Map page, updated daily. 

For international certification of the information security management system, ISMS®

Creating an Information Incident Team

By implementing an information security incident investigation policy and designating a incident response team will assist in mitigating and preventing intrusion and issue relating to information security. When provided by local authorities assure liaison with law enforcement. The action taken by this response team shall be objective, robust and viable to stand in court, as the need rises.

An investigative process may follow a simple three-step strategy:

  1. Initial Analysis (and coordinate with those involved),
  2. Identifying and implementing course of action to restore services promptly and safely, and
  3. Identify and implement preventive actions.




ISO/IEC 27002 is the implementation standard |  ISO/IEC 27001 is the assessment standard...

...A qualified and competent certification body can assess an ISMS through mapping techniques and methods of information system security. This security of information management system assessment ISO/IEC 27001 (based on ISO/IEC 27002) can be fuse with other International Management Systems such as ISO 9001, ISO 22000, SrA, and ISO 14001, which provides a key component for the reduction of risk. The macro advancement activities-components are:

BaseLine Assessment

It determines the specific security situation in accordance to latest advent of technology applying the International Standard ISO/IEC 27001 2005 (on the basis of ISO/IEC 27002 2005, former ISO/IEC 17799) provides for action taking and thus bridging actual practices and contemporary with latest (global) best practices. This is a combined protocol service assessing the organization vulnerabilities and provides information assisting in the level of risk encountered. This assessment may include the assessment team's certification body own strategy or even software for verification.

Contemporary Documentation and System Implementation Training

Comprises of training and workshop for the implement of management policies, practices and methods in an agile yet robust structure. Objectives reside in creating the fundamentals for protection of knowledge and on going opportunities for improving. 

Risk Assessment  and Action

Risk Assessment is a vital component of ISO/IEC 27002 in providing with an evaluation of assets, dependent on the probable intrusions and vulnerabilities as encountered during the BaseLine Analysis fact-finding activity.

Training and Development of Auditing Personnel to Validate Implementation

The objective of the "Advance ISO/IEC 27001 | ISO/IEC 27002 Auditor" program is necessary to ensure that not only security measures are implemented but maintained within continual the realm of updates and continual improvement. This training is not unique to IT professionals it does include a cross-functional representation of the organization and leads to validation through combining history, external events and external technical information.

Continual Performance Enhancements

Once the management system is implemented and  counter intrusion measurements deployed the organization can advance to improve practices and methods concurrent with the advent of new technology.

Team Approach, Deliverables and Ongoing Support

Safeguarding and preventing intrusion is an ongoing task. Outsourcing is effective for many organizations. Combining outsource with corporate security intelligence can provide support for ongoing security solutions. Transferring tacit knowledge explicitly through a team effort propitiates advancement in objectives for reduction of risk. The BULLTEK team provides links to competent organizations that can assist in maintenance of technical and management leading edge efforts enabling continual improvements in security.


Cyber graphical view GlobalNet capabilities...


Advance Management Security  
 System CapabilityBack to entrance Portal
Security Tech
English Portal
Service Providers
About us
Contact us

© Copyright 2016
BULLTEK LLC, All rights reserved 2020. Page updated 29 Dec, 2020