Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an...
Transcript of Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an...
![Page 2: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/2.jpg)
How to Ask Questions
Type your question here
Click “Send”
![Page 3: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/3.jpg)
Agenda
Why compliance is important
What ISO/IEC 27001 is
ISO/IEC 27001 compliance benefits
Meeting specific ISO requirements with Netwrix
Q&A
![Page 4: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/4.jpg)
Why Compliance is Important
TIME UNTIL GDPR ENFORCEMENT
525 DAYS
2013 – Target: $3.6 – 12 billion (estimated)
2015 – Anthem: 78.8 million entries
2016 – Red Cross: 1.28 million donor records
2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database
![Page 5: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/5.jpg)
ISO/IEC 27001
ISO/IEC 27001, like any other compliance standard, is aimed to protect
private and sensitive data and to prevent security breaches. It provides
guidance and details on how to establish, implement, maintain, and
continuously improve an information security management system (ISMS).
o applicable to organisations across all industries
o contains the best information security practices
o originally came from BS 7799 standard published by BSI Group
o BSI Group is Netwrix customer
![Page 6: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/6.jpg)
ISO Compliance Benefits
© BSI Group BSI/UK/842/SC/0416/EN/BLD*Source: BSI Benefits survey - BSI clients were asked which benefits they obtained from IS/IEC 27001:2013
![Page 7: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/7.jpg)
Meet Specific ISO Requirements
ISO/IEC 27002:2013 has 14 security control sections containing a total of
35 main security categories and 114 controls.
Netwrix Auditor is designed to help with:
A. 9: Access Control
A. 13: Communication Security
A. 16: Information Security Incident Management
A. 17: Information Security Aspects of Business Continuity Management
A. 18: Compliance
![Page 8: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/8.jpg)
Meet Specific ISO Requirements
Netwrix Auditor helps indirectly with:
A. 6: Organisation of Information Security
A. 7: Human Resource Security
A. 12: Operations Security
A. 14: System Acquisition, Development and Maintenance
A. 15: Supplier Relationships
![Page 9: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/9.jpg)
A. 9: Access Control
Objective:
o to control access to information
o to prevent unauthorized access to information systems
o to prevent compromise or theft of data
Controls:
9.2.1 User registration and de-registration
9.2.3 Management of privileged access rights
9.3.1 Use of secret authentication information
9.4.2 Secure log-on procedures
9.4.3 Password management system
![Page 10: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/10.jpg)
A. 13: Communication Security
Objective:
o to ensure the protection of information in networks
o to maintain the security of information transferring
Controls:
13.1.1 Network controls Audit authorization and access procedures for
discrepancies
13.1.3 Segregation in networks
13.2.1 Information transfer policies and procedures
![Page 11: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/11.jpg)
A. 16: Security Incident Management
Objective:
o to ensure effective approach to security incidents management
o to have personnel trained and equipped to report and respond
Controls:
16.1.2 Reporting information security events
16.1.4 Assessment of and decision on information security events
16.1.5 Response to information security incidents
16.1.7 Collection of evidence
![Page 12: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/12.jpg)
A. 17: Business Continuity Management
Objective:
o to ensure the continuity of operations under extraordinary
circumstances
Controls:
17.1.2 Implementing information security continuity
17.1.3 Verify, review and evaluate information security continuity
![Page 13: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/13.jpg)
A. 18: Compliance
Objective:
o to avoid breaches of legal, statutory or regulatory
Controls:
18.1.3 Protection of records
18.1.4 Privacy and protection of personally identifiable information
18.2.2 Compliance with security policies and standards
18.2.3 Technical compliance review
![Page 14: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/14.jpg)
Achieve ISO Compliance with Netwrix
Strengthen security of data by auditing your IT systems
![Page 15: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/15.jpg)
Achieve ISO Compliance with Netwrix
Streamline certification audits with our-of-the-box compliance reports
![Page 16: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/16.jpg)
Achieve ISO Compliance with Netwrix
Quickly answer detailed questions from auditors
![Page 17: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/17.jpg)
Achieve ISO Compliance with Netwrix
Enable long-term audit data archiving to ensure continuous compliance
![Page 18: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/18.jpg)
Real Case Study
Customer: The Football Pools
Industry: Entertainment
The challenge: to evidence to auditors that all changes and access to SQL
databases are monitored according to the requirements of the UK Gambling
Commission, which are based on ISO/IEC 27001 standard
Key benefits:
o Proof of Compliance with ISO/IEC 27001
o Less time and effort required to pass audit checks
o Reduced risk of data loss and downtime
o Video recording of every remote DBA session
![Page 19: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/19.jpg)
Real Case Study
![Page 20: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/20.jpg)
Netwrix Auditor Platform
Netwrix Auditor
A visibility and governance platform that enables control over
changes, configurations, and access in hybrid cloud IT environments by
providing security analytics to detect anomalies in user behavior and
investigate threat pattern before a data breach occurs.
![Page 21: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/21.jpg)
Netwrix Auditor Benefits
Relieves IT departments of manual
crawling through weeks of log data
to get the information about who
changed what, when and where
and who has access to what.
Detect Data Security Threats – On Premises
and in the Cloud
Pass Compliance Audits with Less Effort and
Expense
Increase the Productivity of Security and Operations Teams
Bridges the visibility gap by
delivering security analytics about
critical changes, state of
configurations and data access in
hybrid cloud IT environments and
enables investigation of suspicious
user behavior.
Provides the evidence required to
prove that your organization’s IT
security program adheres to PCI
DSS, HIPAA, HITECH, SOX,
FISMA/NIST800-53, COBIT, ISO/IEC
27001 and other standards.
![Page 22: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/22.jpg)
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Windows Server
Netwrix Auditor for VMware
Netwrix Auditor for Exchange
Netwrix Auditor for SQL Server
Netwrix Auditor for SharePoint
Netwrix Auditor for Office 365
Netwrix Auditor for NetApp
Netwrix Auditor for EMC
Netwrix Auditor for Azure AD
Netwrix Auditor for Oracle Database
![Page 23: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/23.jpg)
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
![Page 24: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/24.jpg)
About Netwrix Corporation
Year of foundation:
2006
Headquarters location:
Irvine, California
Global customer base:
over 7000
Recognition:
Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, Windows IT Pro and others
![Page 25: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/25.jpg)
Awards
All awards: www.netwrix.com/awards
![Page 26: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/26.jpg)
Read more about ISO netwrix.com/ISO_IEC_Compliance
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
netwrix.com/webinars
netwrix.com/webinars#featured
Next Steps
![Page 27: Succeed in ISO/IEC 27001 Audit Checks in ISO/IEC 27001 Audit Checks. ... continuously improve an information security management system ... Communication Security](https://reader031.fdocuments.us/reader031/viewer/2022021819/5acc0b127f8b9aad468c4b2e/html5/thumbnails/27.jpg)
Thank You!
Q&A