ISO 27002 Cybersecurity
Meet ISO 27002 requirements with privileged access management and vulnerability management solutions from BeyondTrust.
Simplifying IS0 27002 Compliance
The International Organization for Standardization (ISO) has established guidelines and general principles for initiating, implementing, maintaining and improving information security management in an organization. The objectives outlined in ISO 27002 provide general guidance on the commonly accepted goals of information security management.
The control objectives and controls in ISO 27002 are intended to be implemented to meet the requirements identified by a risk assessment. ISO 27002 can serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.
For organizations that have adopted ISO 27002:2013(E), it is important that all existing and new security solutions map into this framework. This standard contains 14 security control clauses containing a total of 35 main security categories and 114 security controls. Whether an organization’s objective is to achieve legislative compliance or to adopt security best practices, these controls apply to most organizations and in most environments.
BeyondTrust PowerBroker Privileged Access Management and Retina Enterprise Vulnerability Management solutions help proactively eliminate data breaches from insider privilege abuse and external hacking attacks. With an integrated risk intelligence platform, BeyondTrust cybersecurity solutions reveal critical risks hidden within volumes data to prevent breaches, maintain ISO 27002 compliance, and ensure business continuity.
Address ISO 27002 Requirements with BeyondTrust Cybersecurity Solutions
Privileged access management and vulnerability management play key roles in adhering to the ISO 27002 standard. BeyondTrust solutions address parts of 12 security control clauses, 29 security control categories, and 74 security controls in the standard.
6. Organization of Information Security
Identify all IT assets; user and asset security policies; and role-based access authorization levels and policies. Coordinate oversight of security roles and responsibilities.
9. Access Control
Address several controls under this clause, include those regarding access control policy, user access management, and user responsibilities – as well as network, operating system, and application access controls.
Scan and report on security weaknesses in deployed cryptographic controls, and provide a framework for managing, reporting, and assessing keys within your organization.
11. Physical Environment Security
Aggregate vulnerability and configuration assessments to determine if clear screen policies are being implemented correctly.
14. System Acquisition, Development and Maintenance
Support best practices for security, data analysis, and implementation of technical specifications included in business processes.
15. Supplier Relationships
Store vulnerability assessment information gathered per contractual requirements from suppliers.
16. Information Security Incident Management
Escalate, consolidate, and assign events related to vulnerabilities, user behavior, and cybersecurity incidents. Gain visibility with security event reporting, as well as evidence collection and data sharing with SIEM, GRC and other third-party solutions.