ISO27002 (ISO 17799)
Previously known as the DTI Code of Practice (CoP) for information security, ISO27002 was established in 2000 to act as an international standard for information security and is now regarded worldwide as one of the most comprehensive security guidelines available. The standard is defined by a number of working sections, which include, among many, standards for establishing security policy, asset classification and control, access control and compliance.
The Business Challenge
ISO27002 does not identify specific procedures or provide guidance on how to put in the necessary controls. As such, organizations wishing to implement ISO27002 are met with the following challenges:
- Evaluating, scoping and developing policies for ISO27002 compliance
- Adapting the business - including personnel, processes and information technology in order to meet these standards
- Implementing and maintaining procedures and security controls
- Monitoring to identify vulnerabilities and making any necessary adjustments accordingly
The Safestone Solution
Safestone’s Security Manager is a modular and integrated approach that can help define, manage and report on security policy compliance enabling future audits to be passed simply, quickly and efficiently.
Security Audit & Detection can help management find the right direction for developing compliance policies by converting raw System i data into relevant security information and instantly notifying any regulatory non-compliance or security issues.
Risk & Compliance Monitor has market-leading specific reporting tools and features that enable the organization to provide detailed auditing and thereby design policies accordingly. Reports can immediately identify compliance vulnerabilities and can be scheduled to run in line with overall security policy.
Ensuring that critical data sources held on the System i are protected is a key part of compliance. Without adequate controls unauthorized staff may gain access to sensitive information and use it to their advantage. Network Traffic Controller ensures that only the right personnel can actually access and use specific data.
Multiple Systems Administrator allows you to centralize administration of networked System i servers and partitions through a single point of control. Deployment and administration costs are significantly reduced, while resources are optimized and consistency is assured
Controlling the user lifecycle can significantly enhance security and User Profile Manager provides flexibility to easily manage profiles and passwords across System i. In addition the inability of a user to perform their IT functions because of profile or password issues is a situation that must be avoided. Password Self Help enables users to reset their own passwords without the need to call the Help Desk.