|
ISO 27002 (17799) was established by the International Standards
Organization and offers a set of best practices for information security
controls. Intended to assist all organizations—commercial, governmental or
nonprofit—in the process of managing information security, it is comprised
of twelve security clauses that include 39 security categories with hundreds
of control objectives overall. Technically identical to ISO 17799, it was
renumbered to 27002 in 2007 to conform to the ISO 27000 family numbering
scheme.
The best practices offered by ISO 27002 are guidelines that address
initiating, implementing, maintaining and enhancing the security objectives
and controls within an organization’s information security program. An
organization’s risk assessments provide necessary context for actual
security control selection.
The Business Challenge
Perhaps the greatest challenge presented by ISO 27002 rests in its broad
scope of individual security controls. These controls span the IT
infrastructure, calling for the monitoring and analysis of data generated by
all systems, network appliances and security solutions across the
enterprise. Thus, when implementing controls according to ISO 27002, an
organization must implement, collect and process a variety of different
types of data across the infrastructure.
Processing includes the correlation, analysis and reporting of volumes of
data. If analysis fell to a few IT security analysts, or even an entire
team, timely response to important security or compliance risks would be
nearly impossible. For this reason, to effectively support all of the ISO
27002 controls, automation is essential.
The eIQ Solution
eIQ’s SecureVue security, risk and audit management platform combines
enterprise security management (ESM) and IT governance, risk and compliance
(GRC) to help organizations address the greatest number of NIST SP 800-53
control families. By collecting, archiving, correlating, analyzing and
reporting on log, vulnerability, configuration, asset, performance and
network behavioral anomaly data, SecureVue merges the complex monitoring,
testing and auditing demands of ISO 27002 and other standards into a single
solution. The automated end-to-end correlation of data—alongside built-in
analytics—renders data processing an easily manageable task.
SecureVue’s comprehensive compliance library—containing over 5,000 technical
and functional controls—enables organizations to define, monitor and measure
adherence to ISO 27002 best practices. The platform’s wizard-based policy
mapping also allows organizations to add and modify regulations and best
practices to address a broad range of unique business drivers, including
internal practices, service level agreements and business partner
requirements.
The following ISO 27002 monitoring support chart compares SecureVue’s
integrated platform against traditional security information management (SIM)
and IT GRC solutions:
Supported
Partial Support
Not Supported
For More Information
SecureVue
Solution
ISO 27002 Central Portal |
