COMPLIANCE SOLUTIONS

ISO 27002 Cybersecurity

Meet ISO 27002 requirements with privileged access management and vulnerability management solutions from BeyondTrust.

Simplifying IS0 27002 Compliance

The International Organization for Standardization (ISO) has established guidelines and general principles for initiating, implementing, maintaining and improving information security management in an organization. The objectives outlined in ISO 27002 provide general guidance on the commonly accepted goals of information security management.

The control objectives and controls in ISO 27002 are intended to be implemented to meet the requirements identified by a risk assessment. ISO 27002 can serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.

For organizations that have adopted ISO 27002:2013(E), it is important that all existing and new security solutions map into this framework. This standard contains 14 security control clauses containing a total of 35 main security categories and 114 security controls. Whether an organization’s objective is to achieve legislative compliance or to adopt security best practices, these controls apply to most organizations and in most environments.

Address ISO 27002 Requirements with BeyondTrust Cybersecurity Solutions

Privileged access management and vulnerability management play key roles in adhering to the ISO 27002 standard. BeyondTrust solutions address parts of 12 security control clauses, 29 security control categories, and 74 security controls in the standard.

6. Organization of Information Security

6. Organization of Information Security

Identify all IT assets; user and asset security policies; and role-based access authorization levels and policies. Coordinate oversight of security roles and responsibilities.

GET THE GUIDE

8. Asset Management

8. Asset Management

Discover, inventory, profile and classify assets in your environment. Centrally manage details on user behavior, vulnerabilities, attacks, malware, services, processes, tasks, users, software, and events.

GET THE GUIDE

9. Access Control

9. Access Control

Address several controls under this clause, include those regarding access control policy, user access management, and user responsibilities – as well as network, operating system, and application access controls.

GET THE GUIDE

10. Cryptography

10. Cryptography

Scan and report on security weaknesses in deployed cryptographic controls, and provide a framework for managing, reporting, and assessing keys within your organization.

GET THE GUIDE

11. Physical Environment Security

11. Physical Environment Security

Aggregate vulnerability and configuration assessments to determine if clear screen policies are being implemented correctly.

GET THE GUIDE

12. Operations Security

12. Operations Security

Log all access that may affect privileged access, users, or settings. Identify and analyze malware by comparing hashes with Virus Total and NSRL. Conduct vulnerability assessments, risk reporting, and threat analysis via network scanners, agents, or the cloud.

GET THE GUIDE

13. Communications Security

13. Communications Security

Aggregate vulnerability and privileged access control into a central framework to verify the security and operational integrity of network services, and manage privileged access to network resources.

GET THE GUIDE

14. System Acquisition, Development and Maintenance

14. System Acquisition, Development and Maintenance

Support best practices for security, data analysis, and implementation of technical specifications included in business processes.

GET THE GUIDE

15. Supplier Relationships

15. Supplier Relationships

Store vulnerability assessment information gathered per contractual requirements from suppliers.

GET THE GUIDE

16. Information Security Incident Management

16. Information Security Incident Management

Escalate, consolidate, and assign events related to vulnerabilities, user behavior, and cybersecurity incidents. Gain visibility with security event reporting, as well as evidence collection and data sharing with SIEM, GRC and other third-party solutions.

GET THE GUIDE

18. Compliance

18. Compliance

Allow for secure access to privileged access and vulnerability data that could be used for compliance, legal, and contractual requirements. Collect and securely store all log data – including session logs, event logs, and recordings.

GET THE GUIDE