point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

September - 2011 - issue > 10 Most Promising Security Products

ManageISMS Getting ISO 27001 no longer an issue!

ST Team
Thursday, September 8, 2011
ST Team
If we go a few years back, the work of a company used to happen inside its walls, employees come to the office, do their jobs and leave. The scope for information theft was limited, as in order to get access to the information one had to be on the premises, which was almost always prevented with physical security. Ever since the rise of Internet this no longer stands true. Internet gave the business a whole new dimension, made it much more agile, flexible and now mobile. This wave gave rise to devices like Smartphone and tablets that took the business mobile, now we are in a world where employees no longer have to be in the office or not even in the same state or country to do their job. This magnificent technological impact also gave way to the increase in online information theft. Information is the cornerstone of almost all companies, if in the wrong hand these can literally put an end to the company. So, companies will and are doing everything to make sure it has enough layers of protection to keep them safe from any such attacks. The companies go for certifications like ISO 27001, as it is an assurance that they are following the global information safety standards.

Moreover, companies also have responsibility of securing customer and partner information. Especially, when customers outsource work, outsourced companies need to provide information security assurance to customers. How do they make sure their information will be safe with this new partner of theirs? How do they make sure these customers or partners of theirs have taken enough measures to keep their information safe?

So, for companies and their partners, which are on the other end of this process, it is no longer an option to have ISO 27001 certification. They must have it to secure their data and their client’s data. But to achieve ISMS as per ISO 27001 and get certified, they have to perform multiple activities as adherence to ISO 27001 requirements and to ensure effective management of ISMS. Managing all these activities and processes without proper managing tool can be challenging and a very serious issue too. Be it collecting asset information, assessing its business value, maintaining inventory of assets across large and distributed environments, producing consisting and error free risk assessment, and even demonstrating ISMS compliance to external auditors and customers are all among the challenges faced by Information Security Officers in many of these companies. For example, in a bid to adopt and implement global standards and best practices ensuring effective and efficient customer services, one of largest Telecom Company in Middle East Asia, decided to have an Information Security Management System and get ISO 27001 certified. After careful evaluation and consideration of different vendors, the telecom giant decided that this is a complicated issue and they need help to tackle it, and that is when they bought in Paladion Networks to assist them. Paladion brought in its product ManageISMS to the company such solving its issue. Once implemented, the product helped and eased collaboration required for asset collection, CIA valuation, perform risk assessment, plan risk treatment, generate SoA, track implementation, and conducts ISMS internal audit making the client qualified to get the certification. ManageISMS starts by helping its clients identify the scope of ISMS implementation. Once the initial processes were taken care of, our team installs the ManageISMS tool in a selected client server located within their data center. The initial configurations for the operation such as Active Directory configuration settings and Mail Server settings will be done to enable Active Directory based authentication and route all outgoing mail notifications through Client’s mail server. The threats, vulnerability and control settings in ManageISMS tool had been reviewed and aligned with our knowledge base.

After the successful completion of installation and configuration, Paladion goes further towards identifying all the assets that are required for the ISMS, then went on to the risk assessment. Once the risks are identified, a detailed report is given to the client, describing the risk, how it can affect the organization and what can be done about that. Based on this assessment goes further to the planning stage, where the plan on how to treat the risk is made. Further it generates a SoA and ISMS manual which describes in detail the implementation process before going further with it. Once the implementation starts this is tracked in every stage and made sure everything is going forward as planned. Then in the penultimate stage an ISMS internal audit is conducted, the clients are provided with the exact set of questions that are to be asked to make sure that the ISMS is managed as per requirement of the ISO 27001 certification. Once the client completes one or more of this internal audits, they will be ready to take on the external certification audit and get certified. This means the product, ManageISMS, of Paladion literally walks their clients through all the necessary steps that are needed to be followed from identifying ISMS scope to getting ISO certification. “ManageISMS tool plays a significant role in streamlining various processes involved in establishing ISMS and achieving ISO Certification in much reduced time and effort.” says Amirthamurugaraj, Head Product, Paladion Networks.

ManageISMS tool is built by Paladion from scratch and it is made keeping in mind the customer need and ease of use. The product is developed to be very user friendly and can be tailored according to customer needs. Apart from all these, it also provided the benefits like, easy maintenance of ISMS across multiple PDCA cycle; review of asset register, risk assessment, risk treatment planning and tracking, internal audit, and corrective action planning and tracking. It also lets the clients capable of, easy demonstration of compliance to internal auditors, and external auditors, Transparent and real-time visibility of ISMS progress to management, effective tracking of risk treatment plan and corrective action plan till completion, ongoing information security awareness solution aligned with client’s information security policy.


Share on Twitter
Share on LinkedIn
Share on facebook