case study compliance - underdefense€¦ · iso/iec 27001:2013 annex a reference . 6 team...
Post on 17-Jul-2020
4 Views
Preview:
TRANSCRIPT
Compliance
Case Study
2
Solution/Service Title
Client Overview Client Challenge
Scope
Key Benefits
Results
Client Industry
3
Certifications
4
Big Picture of the Certification Journey
5
ISO/IEC 27001:2013 Annex A Reference
6
Team composition
1 ISO 27001 Lead Auditor2 Cyber Security Auditors
7
Initial Assessment Overview
1Documentation analysisInformal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization's information security policy, Statement of Applicability (SoA) and Risk Treatment Plan (RTP). This stage serves to familiarize the assessors with the organization and vice versa.
2
3
4
5Interviews phaseA more detailed and formal check, independently testing the ISMS against the requirements specified in ISO/IEC 27001. The assessors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS).
Security posture analysisUD team process findings collected during interviews and checks, this is the phase where we write down what we have found during the main audit – names of persons we spoke to, quotes of what respondentsaid, IDs and content of records we examined, description of facilities we visited, observations about the equipment we checked, etc
RecommendationsFollowing the evaluation, the team prepare comprehensive roadmap to rapidly eliminate nonconformities, detailed recommendations following the ISO/IEC 27002:2013 best practice guidance
Final resultsThe team deliver Initial Assessment Report, make final presentation that represent key findings and mapped roadmap to future improvements
8
Documentation analysis
9
Security posture analysis
10
Recommendations
Hardware and software inventory
Risk assessment plan
Roadmap
Access control procedures
Clean Desk Policy
Statement of Applicability
Change management
Antivirus procedures
Backup process
Vulnerability Management
Network Controls
SDLC procedures
Incident Response
Security Awareness
Disaster Recovery
11
Final results
Thank you!
Ukraine Poland Malta USA
12
top related