Compliance: ISO 27001
The ISO 27001 standard is a reference frame for all information security management systems.
The ISO 27001 standard describes the management processes to implement to meet the security best practices set down in the ISO 17799 standard.
The ISO 27001 standard audits and evaluates an information security management system from different axes:
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Acquisition, development and maintenance
- Incident management
- Business continuity plan
- Compliance
IS Decisions provides a range of software solutions that allow information security management will support the security management processes deriving from the ISO 17799 standard:
| Evaluation axis | IS Decisions Aptitude | IS Decisions Solution | IS Decisions solution's features |
|---|---|---|---|
| Asset management | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources. |
| Report permissions applied to files, folders and shares | |||
| Report applied hotfixes | |||
| Communications and operations management | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources. |
| Report permissions applied to files, folders and shares | |||
| Report applied hotfixes | |||
| Detection of unauthorized/illegal software | |||
| Control | UserLock | Identification of users connected to the environment | |
| Session duration per user | |||
| Disconnect or lock a user account | |||
| Computer access restriction for specific user accounts/groups | |||
| FileAudit | Identification of users whose access has been denied to a file or folder | ||
| Search, report and archive user access to files or folders | |||
| EvenTrigger | Administrator alert in case of suspicious behavior | ||
| Act | RemoteExec | Remote installation of security hotfixes by batch | |
| Access control | Control | UserLock | Identification of users connected to the environment |
| Session duration per user | |||
| Disconnect a user | |||
| FileAudit | Identification of users accessing files or folders | ||
| Identification of the type of access required by a user | |||
| Search, report and archive user access to files or folders | |||
| Acquisition, development and maintenance | Know | WinReporter | Search, report and archive configuration settings |
| Control | EvenTrigger | Windows event log monitoring | |
| Administrator alert upon incident detection | |||
| Automatic action execution in response to an incident | |||
| Search, report and archive incidents | |||
| Act | RemoteExec | Corrective action execution | |
| Settings or configuration modification | |||
| Incident management | Know | WinReporter | Search, report and archive configuration settings |
| Control | EvenTrigger | Windows event log monitoring | |
| Administrator alert upon incident detection | |||
| Automatic action execution in response to an incident | |||
| Search, report and archive incidents | |||
| Act | RemoteExec | Corrective action execution | |
| Settings or configuration modification | |||
| Continuity plan | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources |
| Search, report and archive configuration settings | |||
| Report permissions applied to files, folders and shares | |||
| Compliance | Know | WinReporter | Search, report and archive configuration settings |
| Control | UserLock | Search, report and archive user connectivity | |
| FileAudit | Search, report and archive file and folder accesses | ||
| EvenTrigger | Search, report and archive incidents |