SmartMIB Information Security Management System (ISMS)
ISO17799 (BS7799) is the most widely recognised security standard in the world. Although it was originally published in the mid-nineties, it was the May 1999 revision that really put it on to the world stage. Ultimately, it evolved into BS EN ISO17799 in December 2000.
ISO17799 (BS7799) is comprehensive in its coverage of security issues, containing a significant number of control requirements. Achieving compliance with ISO17799 is a substantial task. Assessing compliance levels for information systems, and then creating/implementing the necessary plans to become fully compliant, can be a very intensive process indeed. However, with the correct SmartMIB approach and methods this effort can be significantly minimized.
The SmartMIB solution package for Information Security Management System (ISMS) is designed to meet and faithfully implement many of the security requirements contained within the ISO17799 standard. This document will introduce the main sections of the standard, and then introduce a number of SmartMIB methods and SmartMIB resources to implement Security Management effectively and efficiently.
BS 7799 Security standard sections are:
Section 1: Security Policy and Strategy
Section 2: Security Organization
Section 3: Asset Classification and Control
Section 4,5: Personal, Physical and Environmental Securities
Section 6: Computer and Network Management
Section 7: System Access Control
Section 8: System Development and Maintenance
Section 9: Business Continuity and Disaster Recovery Planning
Section 1 - Security
Policy/Strategy
The objectives of this section are: To provide management direction and support
for information security.
KEY RESOURCES AND INFORMATION
For a full set of downloadable BS7799/ISO17799 compliant policies, we
recommend
The RUsecure Information Security Policies
Section 2 - Security Organization
The objectives of this section are:
|
SmartMIB approach: To define and document information and assets that processes the information to be secured and assign administrator responsibilities and roles pertaining to securing this information. |
|
SmartMIB approach: Classification of all processing facilities & assets accessed by third parties in the overall assets inventory. |
Section 3 - Asset Classification and Control
The objectives of this section are: To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
|
SmartMIB approach: Classification of company-wide information processing facilities & assets in the inventory, setting appropriate and relevant monitoring and control measures. Detecting in real-time any rogue assets that maybe introduced to the network or the resource assets. |
Section 4 & 5 - Personnel, Physical and Environmental Securities
The objectives of this section are: To reduce risks of human error, theft, fraud
or misuse of facilities; to ensure that users are aware of information security
threats and concerns, and are equipped to support the corporate security policy
in the course of their normal work; to minimise the damage from security
incidents and malfunctions and learn from such incidents.
|
SmartMIB approach: Proactive monitoring of company-wide information processing facilities & assets in the inventory and setting appropriate and speedy notification & alarm measures upon detection of any possible human error, theft, fraud or misuse of facilities. |
Section 6 - Computer &
Network Management
The objectives of this section are:
|
SmartMIB approach: Proactive monitoring and management of information processing facilities, Particularly monitoring of host resources in terms of CPU, Memory and Storage usage, etc). Defining the relationships to the rest of the network and other resources (Interface traffic bandwidth, traffic types and actual established sessions). |
|
SmartMIB approach: Proactive monitoring and management of critical running software, particularly software classified in the inventory as being responsible for the information infrastructure in terms of CPU, Memory, and Storage consumption, etc). Defining the relationships to the rest of the network and other resources (Interface traffic bandwidth, traffic types and actual established sessions) |
|
SmartMIB approach: Proactive monitoring of all critical hardware assets and on each of the managed elements such as NIC cards and Hard Disks and other similar resource types. Monitoring extends to the actual shared resources in terms of what is being shared and on which of the elements. Appropriate notification and alarm measures must be defined to detect any suspicious activities. |
Section 7 - System Access Control
The objectives of this section are as follows:
|
SmartMIB approach: Learning and then targeting network User Sessions, logging each defined User activity as the User logs in and out of the network server(s). Detection of unauthorised Users and checking for any discrepancies in User login activities and generating the appropriate alarms. |
Section 8 - System Development and Maintenance
The objectives of this section are as follows:
1) To ensure security is built into operational systems;
2) To prevent loss, modification or misuse of user data in application systems;
3) To protect the confidentiality, authenticity and integrity of information;
4) To ensure IT projects and support activities are conducted in a secure manner;
5) To maintain the security of application system software and data
Section 9 - Business Continuity and Disaster Recovery Planning
The objectives of this section are as follows: To counteract interruptions to
business activities and to critical business processes from the effects of major
failures or disasters.
KEY RESOURCES AND INFORMATION
This of course is a substantial topic in its own right. For information,
further research and resources we recommend:
Disaster Recovery World and
Business Continuity World.
|
SmartMIB approach: Monitoring of all the installed software, operating system services, and associated resources necessary for the Business process to continue while detecting any trends/threads to the continuity of those processes. |
Section
10 - Compliance
The objectives of this section are as follows:
1) To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements.
2) To ensure compliance of systems with organizational security policies and standards.
3) To maximize the effectiveness of and to minimize interference to/from the system audit process.
KEY RESOURCES AND INFORMATION:
For information and resources on compliance and audit, we recommend
The Security Audit Shop
|
In conclusion:
The SmartMIB Information Security Manager System enables network administrators, IT and MIS Managers to do the following:
|
|
Page 1/3 Next Page |
[Small Solutions], [Professional Solutions], [Security
Solutions], [Development Solutions]
[Home], [About],
[Solutions
Center], [NMS
Market],
[Products & Services],
[Management
Technology], [Technical Support],
[Contact us],
[Site Map]