Compliance: ISO 17799 / BS 7779-1
The ISO 17799 standard (evolution of the BSI 7799-1 standard) is a compilation of security best practices applicable to companies and organizations of all sizes and in all sectors.
This standard is broken down into 10 chapters:
- Security policy
- Security organization
- Asset management
- Human resources security
- Physical and environmental security
- Operations management
- Access control
- Acquisition, development and maintenance
- Business continuity management
- Compliance and control
The ISO 17799 standard sets out the security objectives to reach but does not detail the management processes to implement.
IS Decisions proposes a range of software solutions that will support the security management processes deriving from the ISO 17799 standard:
| Chapter | IS Decisions Aptitude | IS Decisions Solution | IS Decisions solution's features |
|---|---|---|---|
| Asset management | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources. |
| Report permissions applied to files, folders and shares | |||
| Report applied hotfixes | |||
| Operations management | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources. |
| Search, report and archive configuration settings | |||
| Report permissions applied to files, folders and shares | |||
| Report applied hotfixes | |||
| Detection of unauthorized/illegal software | |||
| Control | UserLock | Identification of users connected to the environment | |
| Session duration per user | |||
| Disconnect or lock a user account | |||
| Computer access restriction for specific user accounts/groups | |||
| FileAudit | Identification of users whose access has been denied to a file or folder | ||
| Search, report and archive user access to files or folders | |||
| EvenTrigger | Administrator alert in case of suspicious behavior | ||
| Act | RemoteExec | Remote installation of security hotfixes by batch | |
| Access control | Control | UserLock | Identification of users connected to the environment |
| Session duration per user | |||
| Disconnect a user | |||
| FileAudit | Identification of users accessing files or folders | ||
| Identification of the type of access required by a user | |||
| Search, report and archive user access to files or folders | |||
| Acquisition, development and maintenance | Know | WinReporter | Search, report and archive configuration settings |
| Control | EvenTrigger | Windows event log monitoring | |
| Administrator alert upon incident detection | |||
| Automatic action execution in response to an incident | |||
| Search, report and archive incidents | |||
| Act | RemoteExec | Corrective action execution | |
| Settings or configuration modification | |||
| Business continuity management | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources |
| Search, report and archive configuration settings | |||
| Report permissions applied to files, folders and shares | |||
| Compliance and control | Know | WinReporter | Search, report and archive configuration settings |
| Control | UserLock | Search, report and archive user connectivity | |
| FileAudit | Search, report and archive file and folder accesses | ||
| EvenTrigger | Search, report and archive incidents |