ISO 27002 Framework Implementation

Rimici Unified Security Operations Center

Reduce the Cost of ISO 27002 Cloud Security Program

Introduction

In an effort to achieve a consistent and reliable security program, many organizations have adopted the ISO27002 standard as a key compliance strategy and guiding set of metrics. Developed by the InternationalOrganization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC27002 provides a code of practice for information security professionals.

Simply and automate information security compliance

When looking to manage security and compliance programs, many organizations turn to SIEM, orSecurity Information and Event Management tools. Unfortunately, SIEM products don’t come with allof the essential security detection capabilities, so organizations spend months implementing and thenintegrating all of these disparate feeds and functions into their SIEM engine. This takes time, money, andexpertise that many organizations simply don’t have.

Unlike traditional SIEM tools, Rimici Unified Security Operations Center delivers all of theessential security capabilities we need to be ready to start an ISO compliance program—from Rimici “Secure Cloud Infrastructure and Security Programs. There is no need for purchasing, deploying, and integrating asset discovery, threat detection,vulnerability assessment, network analysis and reporting tools. These capabilities are already built-in. Building in these essential security controls saves you the time, cost, and complexity of purchasing,configuring, and integrating those disparate data feeds and managing disparate management consoles.

All you need to be ready for your audit is “instantly on” when you deploy the solution, and managed via aunified console.

Additionally, Rimici’s security intelligence capability is backed by global threat research collected andanalyzed by the Rimici “ONE Source” Labs and the Rimici “ONE Source”Unified Security Operations Center which benefits from theshared security intelligence of all of global security technology partners namely Cisco Systems, Juniper Networks, and security product companies.

We’ve provided the following table of the key ISO 27002 requirements, implemented in Rimici “ONE Source” Secure Cloud Data Center and Infrastructure. This demonstrate how Rimici Unified Security Operations Center helps Muslim Families and businesses to protect and secure their confidential and privacy information throughcost-effective and continuous compliance with these requirements.

Rimici “ONE Source” Unified Security Operations Center ISO 27002 Compliance

ISO 27002 Requirements

Requirement Description

Relevant Rimici Security Operations Center Capabilities

Benefits of Unified Security
Management

5.1 Security Policy

5.1.2 Information Security Policy

Information Security
Policy Review &
Evaluation
  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Situational Awareness

Built-in essential security controls
provide a complete and unified view into
information security and compliance
posture.

6.1 Organization of Information Security: Internal Organization

6.1.1

Management
Commitment to
Information Security
  • Compliance Reporting
  • Dashboards

Find, fix, and report on security threats
in a single view to garner executive
support for security and compliance
programs.

6.1.2

Information Security
Coordination
  • Asset Inventory
  • Risk Scoring
  • Dynamic Incident Response templates

Manage all security controls from a
single unified workflow. Dynamic
incident response templates provide
customized guidance on how to respond
to each alert.

6.1.3

Allocation of
Information Security
Responsibilities
  • Role-based Access Control
  • Asset Inventory
  • Risk Scoring

Allocate security analyst tasks based on
role-based views and detailed
information about assets, networks, and
other risk categories.

6.1.4

Authorization
Process for
Information
Processing Facilities
  • Asset Inventory
  • Vulnerability Assessment
  • Behavioral Monitoring

Correlate built-in asset, vulnerability,
and netflow analysis data to validate
new information processing facilities.

6.1.5

Confidentiality
Agreements
  • Log Management
  • Behavioral Monitoring
  • SIEM

Validate adherence to confidentiality
agreements through log analysis and
advanced event correlation

6.1.8

Independent Review
of Information
Security
  • Asset Inventory
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM

Leverage unified control and visibility of
built-in essential security to automate
and accelerate internal and third party
audits and reviews.

6.2 Organization of Information Security: External Parties

6.2.1

Identification of
Risks Related to
External Parties
  • Asset Inventory
  • Vulnerability Assessment
  • Risk Scoring
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM

Automated asset inventory paired with
vulnerability and threat detection data
assigns contextualized risk to highlight
areas of exposure—whether internal or
external.

6.2.2

Addressing Security
when Dealing with
Customers
  • Asset Inventory
  • Vulnerability Assessment
  • Risk Scoring
  • Intrusion Detection (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM

Automated asset inventory correlated
with vulnerability and threat detection
data can identify policy violations with
your customer communication
guidelines.

7.1 Asset Management: Responsibility for Assets

7.1.1

Inventory of Assets
  • Asset Discovery
  • Asset Inventory
  • Vulnerability Assessment

Automated asset discovery and
inventory captures configuration
information, installed software, and
other system details. Additionally, this
is correlated with vulnerability scan
data for a full picture into asset security
and risk profile.

7.1.2

Ownership of Assets
  • Asset Discovery
  • Asset Inventory
  • Risk Scoring

Validate automated risk scoring for
each asset and assign ownership to
assets, and logical asset groupings.

7.1.3

Acceptable Use of
Assets
  • Asset Discovery
  • Asset Inventory
  • Risk Scoring
  • User Activity Monitoring
  • File Integrity

Monitor acceptable use policy
adherence through user activity
monitoring, changes to critical
files—informed by the asset inventory
and relative risk scores.

7.2 Asset Management: Information Classification

7.2.1

Classification
Guidelines
  • Asset Discovery
  • Asset Inventory
  • Risk Scoring

Track and monitor the usage of
terminated user accounts to validate
removal of access, and any changes to
critical system files

8.3 Human Resources Security: Termination of Change of Employment

8.3.1

Termination
Responsibilities
  • Asset Inventory
  • User Activity Monitoring
  • File Integrity Monitoring

Track and monitor the usage of
terminated user accounts to validate
removal of access, and any changes to
critical system files.

8.3.2

Return of Assets
  • Asset Inventory
  • User Activity Monitoring

Identify usage or attempted usage of
terminated user accounts, profiles, and systems to verify return of assets to authorized personnel.

8.3.3

Removal of Access
Rights
  • Asset Inventory
  • User Activity Monitoring
  • File Integrity Monitoring

Track and monitor the usage of
terminated user accounts to validate
removal of access, and any changes to
critical system files.

9.1 Physical and Environmental Security: Secure Areas

9.1.2

Physical Entry
Controls
  • Log Management
  • Behavioral Monitoring
  • SIEM / Event Correlation

Track, monitor, and correlate physical
security system logs and events with
system access, netflow analysis and
other data to verify physical security
controls are working.

9.1.3

Securing Offices,
Rooms and Facilities
  • Log Management
  • Behavioral Monitoring
  • SIEM / Event Correlation

Track, monitor, and correlate physical
security system logs and events with
system access, netflow analysis and
other data to verify physical security
controls are working.

10.1 Communications and Operations Management: Operational Procedures and Responsibilities

10.1.1

Documented
Operating
Procedures
  • Dynamic Incident Response templates

Dynamic incident response templates
provide the foundation for a SOP
workflow for security monitoring and
incident response.

10.1.2

Information Security
Coordination
  • Asset Inventory
  • Risk Scoring
  • User Activity Monitoring
  • File Integrity Monitoring

Use rich asset information to
automatically identify asset value and
risk ratings. Monitor user activity and
changes to critical system files to
support change management process
and procedures.

10.1.3

Segregation of
Duties
  • Role-based Access Control
  • Asset Inventory
  • Asset Classification

Enforce segregation of duties based on
role-based views and detailed
information about assets, networks, and
other risk categories.

10.1.4

Separation of
Development, Test
and Operational
Facilities
  • Asset Discovery
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Automated asset discovery provides a
real-time asset map for functional
network segments. Built-in netflows
and IDS technologies provide validation
that ACLs and other segmentation
tactics are working properly.

10.2 Third-Party Service Delivery Management

10.2.2

Monitoring and
Review of Third-
Party Services
  • Asset Inventory
  • Vulnerability Assessment
  • Risk Scoring
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM

Monitor and review third party services
with built-in, automated asset inventory
correlated with vulnerability and threat
detection data to identify policy
violations with third party services.

10.2.3

Managing Changes
to Third-Party
Services
  • Asset Inventory
  • Vulnerability Assessment
  • Risk Scoring
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM

Effectively manage changes to third
party services and applications with
built-in, automated asset inventory
correlated with vulnerability and threat
detection data.

10.3 System Planning and Acceptance

10.3.1

Capacity
Management
  • Asset Inventory
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM

Monitor service and system availability
to maintain service levels and stay
ahead of capacity constraints.

10.4 Protection Against Malicious and Mobile Code

10.4.1

Protection Against
Malicious Code
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Quickly identify and isolate malware
outbreaks throughout your network
leveraging built-in security controls
such as IDS, netflow analysis, event
correlation, and log analysis. Dynamic
incident response templates provide
customized guidance for each alert.

10.5 Back-up

10.5.1

Information Back-up
  • Log Management

Built-in log management and analysis
can trigger alerts when back-up
systems or processes fail to complete.

10.6 Network Security Management

10.6.1

Network Controls
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Securely manage and enforce network
controls by leveraging built-in security
technologies such as IDS, netflow
analysis, event correlation, and log
analysis. Dynamic incident response
templates provide customized guidance
for each alert.

10.6.2

Security of Network
Services
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEMZZZZZZ
  • Dynamic Incident Response Templates

Automated asset discovery provides a
real-time asset map for functional
network segments. Built-in netflows
and IDS technologies provide validation
that ACLs and other segmentation
tactics are working properly.

10.7 Media Handling

10.7.1

Management of
Removable Media
  • Host-based Intrusion Detection (HIDS)
  • File Integrity Monitoring
  • SIEM

Built-in HIDS alerts on policy violations
such as attempted use of external
storage media on critical systems (e.g.
USB drives). Additionally, built-in file
integrity monitoring captures
anomalous changes to critical files and
event correlation rules provide the
situational awareness needed to
identify the potential exfiltration of
sensitive data.

10.8 Exchange of Information

10.8.4

Electronic
Messaging
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Built-in essential security controls help
to protect against known and unknown
exploits (e.g. DDoS, 0day, etc.) by
providing a unified view of electronic
messaging and other network-based
communication channels.

10.8.5

Business Information
Systems
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Built-in essential security monitors and
identifies potential security events and
policy violations that are often caused
by failures in business process.

10.9 Electronic Commerce Services

10.9.1

Electronic
Commerce
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Built-in essential security controls help
to protect against known and unknown
exploits to e-commerce applications
and systems (e.g. SQL injection, DDoS,
etc.) by providing a complete and unified
view of your critical service delivery
infrastructure.

10.9.2

Online Transactions
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Built-in essential security controls help
to protect against known and unknown
exploits to publicly available systems by providing a complete and unified view of the security of your DMZ and publicly facing infrastructure.

10.9.3

Publicly Available
Information
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Built-in essential security controls help
to protect against known and unknown
exploits to publicly available systems by
providing a complete and unified view of
the security of your DMZ and publicly
facing infrastructure.

10.10 Monitoring

10.10.1

Audit Logging

Asset Discovery
File Integrity Monitoring
Log Management

Built-in, automated and unified asset
discovery, file integrity monitoring and
log management provide an easy way to
meet this requirement. Additionally,
data archiving and data retrieval are
easily managed via a single console.

10.10.2

Information Security
Coordination
  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection
  • (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM
  • Behavioral Monitoring
  • Log Management

Built-in asset discovery, vulnerability
assessment, threat detection,
behavioral monitoring, and security
intelligence—reduces the cost and
complexity of compliance. Unified log
review and analysis, with triggered
alerts for high risk systems speed the
audit process.

10.10.3

Protection of Log
Information
  • Log Management
  • Vulnerability Assessment
  • File Integrity Monitoring

Built-in log management, vulnerability
assessment, and file integrity
monitoring detect changes to critical
system files, particularly event and
audit log data.

10.10.4

Administrator and
Operator Logs
  • Log Management
  • Vulnerability Assessmen
  • File Integrity Monitoring
  • User Activity Monitoring

Built-in log management, vulnerability
assessment, and file integrity
monitoring detect changes to critical
system files, particularly audit log data,
with triggered alerts on privileged users
such as administrators and operators.

10.10.5

Fault Logging
  • Log Management
  • Vulnerability Assessment
  • File Integrity Monitoring
  • Behavioral Monitoring
  • SIEM

Built-in log management, vulnerability
assessment, and file integrity
monitoring detect critical system faults,
and can correlate these with other
security events and netflow data
leveraging automated event correlation.

10.10.6

Clock
Synchronization
  • Log Management

Built-in log management and analysis
protects chain-of-custody by
synchronizing log data.

11.1 Access Control: Business Requirement for Access Control

11.1.1

Access Control
Policy
  • Asset Discovery
  • Intrusion Detection (wireless, network, and host-based)
  • File Integrity Monitoring
  • User Activity Monitoring
  • SIEM
  • Behavioral Monitoring
  • Log Management

Built-in essential security technologies
such as asset discovery, IDS, netflows,
file integrity monitoring, and user
activity monitoring provide a complete
view of access control policy violations
and other security events.

11.2 Access Control: User Access Management

11.2.1

User Registration
  • User Activity Monitoring
  • Log Management

Built-in user activity monitoring and log
management provide the necessary
information to effectively manage user
accounts, and investigate unauthorized
activity.

11.2.2

Privilege
Management
  • User Activity Monitoring
  • Log Management

Built-in user activity monitoring and log
management provide the necessary
information to effectively monitor
privileged activity, and investigate
unauthorized access attempts.

11.2.4

Review of User
Access Rights
  • User Activity Monitoring
  • Vulnerability Assessment
  • Intrusion Detection (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM

Built-in user activity monitoring,
vulnerability assessment, and threat
management technologies work
together to monitor user access
(successful and unsuccessful attempts).

11.3 Users Responsibilities

11.3.1

Password Use
  • User Activity Monitoring
  • Vulnerability Assessment
  • Intrusion Detection (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM

Built-in, automated vulnerability
assessment identifies the use of weak
and default passwords while built-in
host-based IDS and File Integrity
Monitoring signal when password files
and other critical system files have
been modified.

11.4 Network Access Control

11.4.1

Policy on Use of
Network Services
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Built-in asset discovery, vulnerability
assessment, threat detection,
behavioral monitoring, and security
intelligence—reduces the cost and
complexity of network security and
compliance. Unified log review and
analysis, with dynamic incident
response templates guide the security
analyst through forensic investigations.

11.4.3

Equipment
Identification in
Networks
  • Asset Discovery
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Automated asset discovery provides a
real-time asset map for functional
network segments. Built-in netflows
and IDS technologies provide validation
that ACLs and other segmentation
tactics are working properly.

11.4.5

Segregation in
Networks
  • Asset Discovery
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Automated asset discovery provides a
real-time asset map for functional
network segments. Built-in netflows
and IDS technologies provide validation
that ACLs and other segmentation
tactics are working properly.

11.4.6

Network Connection
Control
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Built-in netflows and IDS technologies
detect unauthorized access attempts
and anomalous behavior (e.g. outbound
command-and-control connections).

11.4.7

Network Routing
Control
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Built-in netflows and IDS technologies
detect network routing anomalies
(e.g. outbound command-and-control
connections).

11.5 Operating System Access Control

11.5.1

Secure Log-On
Procedures
  • Intrusion Detection
    (wireless, network, and host-based)
  • Log Management
  • SIEM

Built-in host-based IDS monitors all
activity on critical files and systems.
Automated event correlation signals
activities such as unauthorized logins
followed by additional security
exposures like data exfiltration.

11.5.2

User Identification
and Authentication
  • User Activity Monitoring
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM

Built-in user activity monitoring,
vulnerability assessment, and threat
management technologies work
together to monitor user identities and
access (e.g. successful and unsuccessful
attempts).

11.5.3

Password
Management
Systems
  • User Activity Monitoring
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM

Built-in, automated vulnerability
assessment identifies the use of weak
and default passwords while built-in
host-based IDS and File Integrity
Monitoring signal when password files
and other critical system files have been
modified.

11.5.4

Use of System
Utilities
  • Intrusion Detection
    (wireless, network, and host-based)

Host-based IDS monitors system
utilities, usage, and performance data to
ensure service availability and avoid
downtime.

11.5.5

Session Time Out
  • Intrusion Detection
    (wireless, network, and host-based)
  • User Activity Monitoring

Host-based IDS monitors user activity
and enforces session timeouts on
critical systems.

11.6 Application and Information Access Control

11.6.1

Information Access
Restriction
  • User Activity Monitoring
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • File Integrity Monitoring
  • SIEM

Built-in essential security technologies
such as vulnerability assessment, IDS,
netflows, file integrity monitoring, and
user activity monitoring provide a
complete view of access control policy
violations and other security events.

11.6.2

Sensitive System
Isolation
  • Asset Discovery
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Automated asset discovery provides a
real-time asset map to auto-populate an
asset inventory, including sensitive
systems. Built-in netflows and IDS
technologies provide validation that
ACLs and other segmentation tactics
are working properly.

11.7 Mobile Computing and Teleworking

11.7.1

Mobile Computing
and Communications
  • Asset Discovery
  • Intrusion Detection
    (wireless, network, and host-based)

Built-in asset discovery auto-discovers
all devices on wired and wireless
networks while wireless IDS detects
any policy violations, rogue devices and
other wireless threats.

11.7.2

Teleworking
  • Asset Discovery
  • Intrusion Detection
    (wireless, network, and host-based)

Built-in asset discovery auto-discovers
all devices connecting to the corporate
network – including teleworkers and
other remote users. IDS and netflow
analysis technologies identify real-time
threats and policy violations.

12.1 Information Systems Acquisition, Development and Maintenance

12.1.1

Security
Requirements
Analysis and
Specification
  • Asset Discovery
  • Vulnerability Assessment
  • Behavioral Monitoring
  • Risk Scoring

Evaluate and analyze security
requirements based on detailed and
unified information about assets, their
vulnerabilities, network baselines, and
calculated risk scores.

12.3 Cryptographic Controls

12.3.1

Policy on the Use of
Cryptographic
Controls
  • Asset Discovery
  • Behavioral Monitoring
  • Intrusion Detection
    (wireless, network, and host-based)

Unified netflow analysis and event
correlation monitors traffic and issues
alerts on unencrypted traffic to/from
sensitive data resources. Built-in
wireless IDS monitors encryption
strength and identifies unauthorized
access attempts to critical
infrastructure.

12.4 Security of System Files

12.4.1

Control of
Operational
Software
  • Asset Discovery
  • Intrusion Detection (wireless, network,and host-based)
  • File Integrity Monitoring
  • Log Management

Automated asset discovery provides a
complete and dynamic asset
inventory—critical for identifying all
operational software. Host-based IDS
and file integrity monitoring identify
and alert on changes to critical
software.

12.4.2

Protection of System
Test Data
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM

Built-in essential security technologies
such as asset discovery, vulnerability
assessment, IDS, netflows, file integrity
monitoring, and user activity monitoring
provide a complete view of access to
and protection of system test data.

12.4.3

Access Control to
Program Source
Library
  • Asset Discovery
  • Intrusion Detection (wireless, network, and host-based)
  • File Integrity Monitoring
  • User Activity Monitoring
  • SIEM
  • Behavioral Monitoring
  • Log Management

Built-in essential security technologies
such as asset discovery, vulnerability
assessment, IDS, netflows, file integrity
monitoring, and user activity monitoring
provide a complete view of access
control policy violations to program
source libraries.

12.5 Security in Development and Support Process

12.5.1

Change Control
Procedures
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management

Built-in, automated asset discovery
combined with vulnerability assessment
data validates the successful execution
of configuration changes and other
operational tasks.

12.5.2

Technical Review of
Applications After
Operating System
Changes
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management

Built-in, automated asset discovery
combined with vulnerability assessment
data provides a full technical review of
the impact of operating system changes
on critical applications.

12.5.4

Information Leakage
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • Log Management
  • SIEM

Built-in threat detection, behavioral
monitoring and event correlation signals
information leakage and other attacks
in progress—for example, unauthorized
access followed by additional security
exposures such as sensitive data
exfiltration. Built-in log management
enables the collection and correlation of valid and invalid authentication
attempts on critical devices.
Centralized, role-based access control
for audit trails and event logs preserves
“chain-of-custody” for data forensics
and investigations.

13.1 Information Security Incident Management

13.1.1

Reporting
Information Security
Events
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • Behavioral Monitoring
  • SIEM
  • Dynamic Incident Response Templates

Report on all security metrics
(vulnerability statistics, IDS alerts, etc.)
from a single unified workflow. Dynamic
incident response templates provide
customized guidance on how to respond
to each alert.

13.1.2

Reporting
Information Security
Weaknesses
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)

Identify, manage and report on all
network, system, and application
vulnerabilities from a single unified
workflow. Correlate vulnerability data
with log analysis and IDS alerts to
prioritize remediation efforts.

13.2 Management of Information Security Incidents and Improvements

13.2.2

Learning from
Information Security
Events
  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • File Integrity Monitoring
  • User Activity Monitoring
  • SIEM
  • Behavioral Monitoring
  • Log Management

Built-in essential security technologies
such as vulnerability assessment, IDS,
netflows, file integrity monitoring, and
user activity monitoring provide a
complete picture of operational
security. This unified perspective allows
for a built-in feedback loop to your
technical and executive management
teams for continuous improvement.

13.2.3

Collection of
Evidence
  • Log Management

Built-in log management and analysis
provides the necessary raw evidence to assist in data forensics and
investigations.

15.1 Compliance with Legal Requirements

15.1.3

Protection of
Organizational
Records
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • File Integrity Monitoring
  • SIEM

Built-in and unified log review and
analysis, with triggered alerts for high-
risk systems (containing organizational
records and other sensitive data).
Built-in host-based intrusion detection
and file integrity monitoring detect and
alarm on changes to cryptographic keys
for encrypted data.

15.1.4

Data Protection &
Privacy of Personal
Information
  • Asset Discovery
  • Vulnerability Assessment
  • Log Management
  • Intrusion Detection
    (wireless, network, and host-based)
  • File Integrity Monitoring
  • Behavioral Monitoring
  • SIEM

Built-in and unified log review and
analysis, with triggered alerts for high-
risk systems (containing personal
information). Built-in host-based
intrusion detection and file integrity
monitoring detect and alarm on changes
to cryptographic keys for encrypted
data. Unified netflow analysis and event
correlation monitors traffic and issues
alerts on unencrypted traffic to/from
high risk resources where encryption is
required.

15.1.5

Prevention of Misuse
of Information
Processing Facilities
  • Asset Inventory
  • Vulnerability Assessment
  • Behavioral Monitoring
  • SIEM

Correlate built-in asset, vulnerability,
and netflow analysis data to detect and
prevent the misuse of information
processing facilities.

15.2 Compliance with Security Policies and Standards, and Technical Compliance

15.2.1

Compliance with
Security Policies and
Standards
  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • Log Management
  • Behavioral Monitoring
  • SIEM
  • Compliance Reporting / Dashboards

Built-in essential security controls
provide a complete and unified view into
information security and compliance
posture. Unified compliance reports
and dashboard views highlight key
operational metrics against compliance
and business requirements.

15.2.2

Technical
Compliance Checking
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • SIEM

Unified vulnerability assessment, threat
detection, and event correlation
provides full situational awareness in
order to reliably check technical
compliance requirements.

15.3 Information Systems Audit Considerations

15.3.1

Information Systems
Audit Controls
  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection
    (wireless, network, and host-based)
  • Log Management
  • Behavioral Monitoring
  • SIEM
  • Compliance Reporting / Dashboards

Built-in essential security controls
provide a complete and unified view into
information systems audit controls
performance. Unified compliance
reports and dashboard views highlight
key operational metrics and facilitate
the audit process.

Summary

Traditional SIEM approaches aren’t sufficient for today’s cyber security landscape and changingcompliance requirements. They’re costly, complex, and they take too long to deploy. Risole USM delivers more functionality—at reduced costs—and in significantly less time. Simplified and automatedcompliance makes everyone happy—including your auditors.

For more information on how Rimici can help you meet your ISO 27002 compliance needs,contact us at
+1-408-887-8994, or send email to This email address is being protected from spambots. You need JavaScript enabled to view it..