ISO 27008 - Information technology – Security techniques – Guidelines for auditors on information security controls

 

 

New ISO/IEC technical report provides information security control guidelines

A new ISO/IEC technical report (TR) providing technical controls and compliance guidelines for auditors can improve the effectiveness of an organization's information security system, says ISO.

ISO/IEC TR 27008:2011, 'Information technology – Security techniques – Guidelines for auditors on information security controls', aims to instill confidence in the controls underpinning an organization's information security management system. The review applies to all parts of the organization, including business processes and its information systems environment.

The business environment is constantly changing – along with threats to a company's survival. Organizations need to be ahead of the game, and an excellent defence can be built around audit of the controls used to support the information security.

ISO/IEC TR 27008:2011 supports a rigorous organizational security audit and review programme for information security controls, to enable the organization to have confidence that their controls have been appropriately implemented and operated and that their information security is 'fit for purpose'.

ISO/IEC 27008 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking. The document is principally aimed at information security auditors who need to check the technical compliance of an organization's information security controls against ISO/IEC 27002 and any other control standards used by the organization. ISO/IEC TR 27008 will help them to:

• Identify and understand the extent of potential problems and shortfalls of information security controls;
• Identify and understand the potential organizational impacts of inadequately mitigated information security threats and vulnerabilities;
• Prioritize information security risk mitigation activities;
• Confirm that previously identified or emergent weaknesses or deficiencies have been adequately addressed; Support budgetary decisions within the investment process and other management decisions relating to improvement of organization's information security management.

The Security Manual Template can be acquired as a stand alone item (Standard) or in the Premium or Gold sets:

• Security
• Premium
• Gold
• DRP & Security Bundle
• Premium
• Gold

Security Manual Template - Standard Edition

• Security Manual Template
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Toolkit
• Security Management Checklist
• HIPAA Audit Program
• Sarbanes Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • BYOD Access and Use
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • FIPS 199 Assessment Electronic Form
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement
  • Threat and Vulnerability Assessment (Adobe FormsCentral - PDF)

Security Manual Template - Premium Edition

• Security Manual Template
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Form
• HIPAA Audit Program
• Sarbanes Oxley Section 404 Checklist
• Security Audit Program - fully editable
  • Comes in MS EXCEL and PDF formats
  • Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements
  • Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
• Over one dozen Electronic Forms
• Security Job Descriptions MS Word Format
  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • VP Strategy and Architecture
  • Director e-Commerce
  • Database Administrator
  • Data Security Administrator
  • Manager Data Security
  • Manager Facilities and Equipment

  • Manager Network and Computing Services
  • Manager Network Services
  • Manager Training and Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Network Security Analyst
  • System Administrator - Unix
  • System Administrator - Windows

Security Manual Template - Gold Edition

• Security Manual Template
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Form
• HIPAA Audit Program
• Sarbanes Oxley Section 404 Checklist
• Security Audit Program
• Electronic Forms
• 260 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition.

Disaster Recovery Business Continuity & Security Manual Templates Standard Edition Includes

• Disaster Recovery Business Continuity Template
• Disaster Recovery Business Continuity Audit Program
• Security Manual Template
• Business and IT Impact Questionnaire - 21 pages
• Threat and Vulnerability Assessment Form

Disaster Recovery Business Continuity & Security Manual Templates Premium

• Disaster Recovery Business Continuity Template
  
• Security Manual Template
• 25 Job Descriptions
  • Chief Information Officer - CIO; Chief Compliance Officer - CCO; Chief Security Officer - CSO;VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

Disaster Recovery Business Continuity & Security Manual Templates Gold

• Disaster Recovery Business Continuity Template
  
• Security Manual Template
  
• 260 Job Descriptions which includes all of the job descriptions in the premium edition

"Best of Breed - Best Practices Disaster Recovery Planning / Business Continuity Planning, Security Policies, IT Job Descriptions" according to the IT Productivity Center

News Feed   Safe Shopping Copyright © 1999 - Copyright - Janco Associates, Inc. - ALL RIGHTS RESERVED