ISO Security Services
ISO 27001 is a series of information management standards developed by the International Organization of Standardization (ISO) in conjunction with the International Electrotechnical Commission (IEC). These security controls are collectively known as an Information Security Management System (ISMS).
To remain compliant with your adopted standards, you need to conduct regular internal audits of your business operations in order to identify weaknesses and ensure such weaknesses do not result in any compromise of this information.
What Is an ISO 27001 Audit?
An ISO 27001 cyber security audit is the process by which a third-party assesses your security controls to the standards outlined in ISO 27001. During an ISO 27001 audit, an IT auditor will examine systems and applications that support business processes including: data transmission, storage, access control, access authorization, process flow/workflow management and encryption.
These audits can also be performed as a gap-assessment or readiness assessment, providing your organization with a control-by-control understanding of how it is (and more importantly, isn’t) compliant.
AWA’s ISO Security Services
Risk Assessment for ISO 27001
Our experienced cybersecurity team can perform a risk assessment for ISO 27001 compliance. The goal is to clearly identify the gaps in your organization’s security controls and prioritize the risks that are most critical.
This ISO 27001 risk assessment typically includes a review of:
- Existing physical / logical security controls including access control, encryption, data storage (including backups), segregation of duties, process/workflow management and data transmission;
- Current IT security policies including information access and management, change management (applying updates to the system), user access levels, service accounts and physical security;
- Organizational security processes (i.e., business continuity planning) including incident response policies in place for disaster recovery and the latest ISO 27001 audit results;
- Previous vulnerability assessments, security assessment reports, and past ISO 27001 audits.
ISO 27001 Penetration Testing
Pen testing is an essential part of ISO 27001 compliance. It involves security professionals conducting a highly-targeted, real-world simulation of an attack on your organization’s cybersecurity controls and infrastructure. Penetration testing can also be used to test the effectiveness of:
- Access control logs, intrusion detection systems, and other IT monitoring tools;
- Data encryption practices;
- Controls implemented for ISO 27001 compliance.
Once the weak points in your organization’s defenses (e.g., poorly protected endpoints, misconfiguration of local network devices or unauthorized access due to weak passwords) are identified. Then, we can make a plan for improvement and implement that plan.
ISO 27001 Consultancy Services
AWA provides support for organizations at every point in the compliance process. Speak with a consultant today whether it’s for managing a new ISO implementation, preparing for the next engagement, or maintaining compliance. AWA will meet you right where you are.