Solved

Design a network compliant with ISO 27001 ???

Posted on 2006-10-25
2
343 Views
Last Modified: 2010-04-11
Hi Experts,

I need to design a network with couple of servers with WAN, LAN, PSTN with compliant with ISO 27001.
What are the guide lines for this ?? Please pull me some resources.

Please advice !

Thanks a lot !
0
Comment
Question by:NetMaxtor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 500 total points
ID: 17802123
Hi,

ISO 27001 is about "Information Security Management Systems Requirements" (ISMS)
Then there is ISO 17799 which is the "Code of Practice for information security management". This is a best practice and will be renamed to ISO 27002 in the future.
Both originate from BS-7999.
27001 used to be part 2 and 27002 used to be part one.
A little confusing eh?
Let me clarify:
ISO 27001 is a process approach to implement the controls defined in ISO 17799 (27002).
So you will need both. The process is as following:
1) Define an information security policy
2) Define scope of the information security management system
3) Perform a security risk assessment
4) Manage the identified risk
5) Select controls to be implemented and applied (ISO 17799)
6) Prepare an SoA (a "statement of applicability")

You can buy the ISO standard documents here:
https://eshop.bsi-global.com/ProductListing.aspx?cat=InformationTechnology%2fInformationSecurity
But, don't try to take this to the letter and implement all.
For the auditors, you do not need to implement every control. You have to keep it pragmatic and look at your business.
And then be able to document why you have exceptions.
Also: start small. Implementing this is typically a 3 years project.
So start with the basic and a simple policy. Next year go further etc ...
Auditors understand this. They will start with the basics and request more advanced controls and process for the next year.
Keep it practical, no user or manager will read a policy of 300 pages ...

For a quick start, SANS has a free checklist here: http://www.sans.org/score/checklists/ISO_17799_2005.doc

Also see:
- http://www.iso27001security.com/
- http://www.17799.com/ (a discussion forum)

J.
0
 

Author Comment

by:NetMaxtor
ID: 17802152
Thanks a lot !
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question