ISO 27001 | PENTEST EXTRA 02/2014 | TEASER

Dear PenTest Readers,

It’s been said and written a lot on this topic but it hasn’t been covered completely yet. We decided to take the wheel and fill in the gap. Here is the issue that will comprise all aspects of this information security standard.

What’s new?
What to expect?
How the changes are going to effect those interested?

All you need to know about ISO 27001 – in one issue – integrating, implementing, vulnerability management, compliance.
Tune in to get a full picture!

Remember: Be Aware, Be Prepared.

TABLE OF CONTENTS

WHAT’S NEW?

The Power, Progress and Pitfalls of ISO 27001
By Jason Dewar

In his article our expert, Jason Dewar, offers his own experience of implementing, managing and helping clients to adopt the standard. The good, the bad and the slightly ugly aspects of life in an ISO27001 world. Find out more!

The ISO/IEC 27001:2013 Standard
By Vineet Aggarwal

This paper will cover most important sides and parts of the world internationally acclaimed standard for deploying information security management systems as well as explain why ISO/IEC 27001:2013 requirements and the applicability thereof have to be carefully interpreted keeping in mind the individual needs of the organization.
Avoiding Tick Box Exercises with ISO27001
By David Doherty

Although it may seem blindingly obvious, the best way to ensure your ISO27001 design does not become a tick box exercise is to ensure that the environment is properly understood, that all the data protection requirements have been discussed and agreed with the organization, and that all benefits are clearly documented and agreed. Learn how to with David Doherty.

Practical Approach to Achieve ISO27001 Certification
By George Lewis

In his article our expert, George Lewis, will go through an ISO27001 advisory engagement delivered to one of his clients while working with consulting companies including Big 4 as well as cover a practical approach to implement ISO27001:2005 and will discuss the transition phase to the new ISO27001:2013.

HINTS and CLUES

Integrating Risk Management and SIEM in ISO27002 Compliance Scheme
By Tristan Ramaget and Enrique Polanco Abarca

During his last 13 years of security consultant on ISMS, our expert Tristan Ramaget has seen a lot of technical solutions, from very poor ones and very integrated one. The emergence of Technical solutions based on OSSIM will help growing integrated solutions between SIEM, Risk analysis and Standard.

ISO 27001 Compliance Checklist for Your Data Centre
By Harshit Mistry

Compliance is a large and, unfortunately, growing part of the data center business. Most regulatory requirements map to industry best practices such as redundant power and cooling, intrusion detection, 24x7x365 monitoring and staff, backups and documented policy and procedures.
However, a compliant data center is more than just redundant infrastructure it conforms to a set of all regulatory rules, specifications, standards or laws. Find out more with Harshit Mistry.

Role of Governance in Implementation and Maintenance of ISO 27001 Certification
By Shruti Kulkarni

In this article Mr Kulkarni suggest to look at how the role of governance is vital in accomplishing this activity as well as consider the reasons how these implementations lose their momentum due to lack of governance role.

Root Cause Analysis: The Top 5 Reasons ISO 27001 Certified Organizations are Breached
By Praveen Joseph Vackayil

Explore the Top 5 root causes for organizational breaches even after ISO 27001certification and learn more about how each of the described root causes is materialized, who the related entities are, and how to overcome them.

Operationalisation of ISO 27001 in an Organisation
By Keith Cauchi

Maintaining ISO 27001 is a continuous and long term challenge. Once an organisation decides to go for certification one should never underestimate the resources required to maintain it. Speaking from his experience Keith Cauchi can say that there is a sizeable risk that employees within scope will end up doing the minimum during the months prior to the certification which is likely to result in panic and stress during the weeks before. All you need to know about Operationalisation of ISO 27001 in an organisation in one article.

PLUS

Securing CentOS and Solaris 11 with Puppet
by Toki Winter

Puppet is system administration automation software from Puppet Labs. This article does not cover all security aspects of hardening CentOS and Solaris hosts. It serves as a guide to show you the power of Puppet, and set you writing your own modules and custom defined types.

User, Group and Password Management on Linux and Solaris
By Toki Winter

This article will cover the user, group and password management tools available on the Linux and Solaris Operating Systems. Its author, Toki Winter, will consider local users and groups – coverage of naming services such as NIS and LDAP as well as presume some prior basic system administration exposure with a UNIX-like operating system.