Information Security Management Systems
ISO COMPLIANCE Consulting services help an organization to design, implement and operate a coherent set of policies, standards, and procedures (PSP) to manage risks to its information assets. While ISO-27001 is the most well-known promoter of the ISMS concept, the idea of an ISMS can be found in other leading IT control frameworks including COBIT (most notably in Risk IT) and FISMA/NIST (most notably in SP 800-39ICS’s IC’S Practice Area addresses the three key life-cycle phases of an ISMS:
Strategize: What framework(s) should we consider? What attestation do we need to provide to which stakeholders? What standards should we align ourselves with? What will the process look like if rolling this out world-wide? What internal/external resources will we need to design it, implement it, certify it, operate it, and validate it?
Implement: What Risk Assessment Methodology will we adopt? How do we develop the Risk Treatment Plan? How best to Gap Assess current vs. desired state? How do we leverage Security Metrics to know that we are achieving KPI’s?
Operate: How do we evolve the scope of the ISMS to address other key systems or different locations? How do we independently/objectively validate the operation of the ISMS? How do we provide assurance/attestation to stakeholders like the Board and customers? How do we manage and learn from incidents before risk is realized?
Business Continuity Management
Payment Card Industry (PCI)
ISO 27001 Roadmap
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
ISO 22301 Roadmap