Dara Security

ISO 27001

Background

ISO/IEC 27001:2013 is the latest revision of the security standard that specifies best practice guidelines for an organization's information security management system (ISMS). Based on the British standard BS 7799-2 and first published in 2005, ISO/IEC 27001:2013 (also known as ISO 27001) outlines the establishing, implementing, and maintaining of an ISMS within the context of a company, regardless of the type, size or nature of the organization.  ISO 27001 is the most sought after information security standard worldwide, and many companies view compliance with this standard as an essential part of doing business.

 

How Does It Work?

The focus of ISO 27001 is to protect the confidentiality, integrity and availability of an organization's information. This is done by identifying issues that could pose a risk to an organization's information (i.e., risk assessment) and defining what needs to be done so that information remains secure (i.e., risk mitigation or risk treatment).

 

To protect against information loss, safeguards (or controls) are typically in the form of policies, procedures and technical implementation (e.g., software and equipment). In most cases, companies have appropriate hardware and software in place, but have implemented these in unsecure ways.  Therefore, ISO 27001 implementation usually centers on setting organizational rules (i.e., developing and documenting guidelines) needed to detect or prevent security breaches. 

 

ISO 27001 extends beyond common IT security issues (i.e., firewalls and anti-virus) and captures areas that are often not considered relevant in information security:  the management of processes, legal protection, human resources, physical protection, and more.  ISO 27001 helps manage these various elements together within the organization's ISMS, providing companies a comprehensive approach to secure their information.

 

ISO/IEC 27001:2013 GAP Assessment

Dara Security has created an ISO/IEC 27001:2013 Gap Assessment to review an organization's systems and processes so that areas of non-compliance can be identified.  The Gap Assessment is performed against selected services, applications, and infrastructure within the organization.  It reviews current privacy measures and security controls against the established standard by:

    Documenting your organization’s level of compliance


    Identifying ISMS program vulnerabilities and weaknesses


    Providing independent verification of the effectiveness of existing controls


    Reducing your organization’s privacy and security costs


    Offering insight into industry best practices


Dara Security has created an ISO/IEC 27001:2013 Gap Assessment to review an organization's systems and processes so that areas of non-compliance can be identified.  The Gap Assessment is performed against selected services, applications, and infrastructure within the organization.  It reviews current privacy measures and security controls against the established standard by:

    Compliance with legal requirements – ISO 27001 provides your organization the ideal methodology to comply with the increasing number of information security laws, regulations and contractual requirements relevant to your organization.


    Maintain Profitability – ISO 27001 helps preserve your organization’s profitability since the focus of this standard is to help prevent costly security incidents from occurring.


    Increase Efficiency – Oftentimes, a company cannot commit resources to thoroughly define processes and procedures which results in inefficiencies. ISO 27001 helps resolve such situations by encouraging companies to document critical processes (even those that are not security-related). By having established processes in place, companies can operate as efficiently as possible.


 

Dara Security Experts

Dara Security's consultants are experts in understanding both the technical and business components of your organization. Our team members have extensive experience with organizations in the commercial, government, and health and human services sectors, including providers and service organizations.  We are experts in program building, security operations and security management.  By leveraging our extensive experience and wide range of skills, we have the expertise to build and implement a reliable security program specific for your organization.