About CounterStrike CounterStrike Electronic Security
CounterStrike Home PageContact CounterStrikeAudit and ComplianceComputer Network SecurityInvestigations and IntelligenceTechnical Security Countermeasures

Information Security
Management System (ISMS)
ISO/IEC 27000 series

The greatest mistake that organizations ever make is that they are not properly prepared for an audit. Many organizations who want to undergo a certification audit fail at the first stage because they have not properly prepared for it.

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) created the ISO/IEC 27000 family of standards as an Information Security Management System (ISMS).

ISO 27000 series formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification

means that it mandates specific requirements. Organizations that claim to have adopted ISO 27000 series can therefore be formally audited and certified compliant with the standard.

Though the ISO 27000 certification involves a three stage audit process, the standard itself consists of twelve (12) main sections:

  • Risk assessment
  • Security policy - management direction
  • Organization of information security - governance of information security
  • Asset management - inventory and classification of information assets
  • Human resources security - security aspects for employees joining, moving and leaving an organization
  • Physical and environmental security - protection of the computer facilities
  • Communications and operations management - management of technical security controls in systems and networks
  • Access control - restriction of access rights to networks, systems, applications, functions and data
  • Information systems acquisition, development and maintenance - building security into applications
  • Information security incident management - anticipating and responding appropriately to information security breaches
  • Business continuity management - protecting, maintaining and recovering business-critical processes and systems
  • Compliance - ensuring conformance with information security policies, standards, laws and regulations

Within each section, information security controls and their objectives are specified and outlined. The information security controls are generally regarded as "best practice" means of achieving those objectives. For each of the controls, implementation guidance is provided. Specific controls are not mandated.

If you desire for your organization to obtain the ISO 27000 series certification, contact CounterStrike for the best method to achieve this ISMS compliance.


Home  |   About Us  |   Contact Us  |   Site Map
Audit & Compliance  |   Computer Network Security  |   Investigations & Intelligence  |   Technical Security Countermeasures
BSA / AML  |   e Discovery Forensics  |   FISMA  |   HIPAA / HITECH Act  |   ISO 27000  |   PCI DSS  |   SSAE 16  |   TR-39  |   FedRAMP

Contact Us: Telephone 307-432-1092  |  E-mail: help@counterstrike.com
Copyright © 1999-, CounterStrike. All rights reserved.