 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
ISMS based ISO/IEC 17799
BRS ISMS provides security management system certification through an independent third-party assessment of competent professionals. BRS certification provides
confidence to stakeholders that the security of information management practices and methods are effective. BRS ISMSA based ISO/IEC 17799 | ISO/IEC 27002 propitiates
a benchmark and available upon request to BRS client-organizations applying to BRS ISMS certification - registration through ISO/IEC 27001. Security Policy Establishes the basis for implementation and the directive relevant to security and protection of information such that is concurrent with business objectives in promoting continual competence and actions enhancing security. Organizational Security Requires implementation of the fundamentals to manage and control flow of information under secure protocols within the organization's premises and outsourced activities.
Classification and Control of Assets Identification, evaluation and assets risk assessment such that are controlled and protected to the magnitude of impact to the business activities Security & Personnel Providing guidance and awareness on internal and external threats in support of the policy and techno structure objectives assisting the continuity of business activities such that information flows into knowledge. Access Control and Systems (Physical & Micro Environment) Controlling access of data and information such that the threat of intrusion is prevented, minimized or eliminated through network protection and standardized practices in the physical or virtual realm. Protection control includes wireless communication / technology onsite or remote. Computer & Network Management for Communications and Operations Given consideration to a normalized scheme to safeguard the integrity of information and data entered, retained and recoverable throughout the network environment; including supporting maintenance activities to reduce system failures and plan for contingencies. Controls for Accessing Establishing and maintaining the necessary controls to access and communicate information through a network (WI FI, LAN...). Business Requirements for Controlling Access Information security requires controls allowing access to those needing and authorized to use system assets to information. Development and Maintenance; Hardware, Software and Firmware Implementing security as an integral component of the organization's routine activities such that confidentiality and authenticity are inclusive in support of the integrity of the information, which includes maintaining updates, patches and evaluation to preclude impact by discontinuance of technology. Physical and Security Environment The physical security of the premises is an integral component of successful information security strategy assisting in the achievement of the security policy such that minimizes the impact to business continuance created by any breach in the physical or virtual environment. Compliance Identify and establish responsibilities and provide awareness relevant to regulatory obligations and its implications and impact. (consider HIPAA, Sarbanes-Oxley, Graham-Leach-Bliley Acts). Business Continuity Management Requires strategic planning, test, and reliable continuance of operations through a disaster recovery policy.
BRS provides ISMSA (Information Management System Assessment) check sheets upon completing application agreement. BRS ISMSA comprises of 3 parts (Part I, II and III) assisting from interpretation
through implementation and certification (mainly on the basis of best practices ISO/IEC 27002). Further,
|
applied as guidance to ISO/IEC 27002