ISO 27002 Requirements
|
Requirement Description
|
Relevant Rimici Security Operations Center Capabilities
|
Benefits of Unified Security Management
|
5.1 Security Policy
|
5.1.2 Information Security Policy
|
Information Security Policy Review & Evaluation
|
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection (wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Situational Awareness
|
Built-in essential security controls provide a complete and unified view into information security and compliance posture.
|
6.1 Organization of Information Security: Internal Organization
|
6.1.1
|
Management Commitment to Information Security
|
- Compliance Reporting
- Dashboards
|
Find, fix, and report on security threats in a single view to garner executive support for security and compliance programs.
|
6.1.2
|
Information Security Coordination
|
- Asset Inventory
- Risk Scoring
- Dynamic Incident Response templates
|
Manage all security controls from a single unified workflow. Dynamic incident response templates provide customized guidance on how to respond to each alert.
|
6.1.3
|
Allocation of Information Security Responsibilities
|
- Role-based Access Control
- Asset Inventory
- Risk Scoring
|
Allocate security analyst tasks based on role-based views and detailed information about assets, networks, and other risk categories.
|
6.1.4
|
Authorization Process for Information Processing Facilities
|
- Asset Inventory
- Vulnerability Assessment
- Behavioral Monitoring
|
Correlate built-in asset, vulnerability, and netflow analysis data to validate new information processing facilities.
|
6.1.5
|
Confidentiality Agreements
|
- Log Management
- Behavioral Monitoring
- SIEM
|
Validate adherence to confidentiality agreements through log analysis and advanced event correlation
|
6.1.8
|
Independent Review of Information Security
|
- Asset Inventory
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
|
Leverage unified control and visibility of built-in essential security to automate and accelerate internal and third party audits and reviews.
|
6.2 Organization of Information Security: External Parties
|
6.2.1
|
Identification of Risks Related to External Parties
|
- Asset Inventory
- Vulnerability Assessment
- Risk Scoring
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
|
Automated asset inventory paired with vulnerability and threat detection data assigns contextualized risk to highlight areas of exposure—whether internal or external.
|
6.2.2
|
Addressing Security when Dealing with Customers
|
- Asset Inventory
- Vulnerability Assessment
- Risk Scoring
- Intrusion Detection (wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
|
Automated asset inventory correlated with vulnerability and threat detection data can identify policy violations with your customer communication guidelines.
|
7.1 Asset Management: Responsibility for Assets
|
7.1.1
|
Inventory of Assets
|
- Asset Discovery
- Asset Inventory
- Vulnerability Assessment
|
Automated asset discovery and inventory captures configuration information, installed software, and other system details. Additionally, this is correlated with vulnerability scan data for a full picture into asset security and risk profile.
|
7.1.2
|
Ownership of Assets
|
- Asset Discovery
- Asset Inventory
- Risk Scoring
|
Validate automated risk scoring for each asset and assign ownership to assets, and logical asset groupings.
|
7.1.3
|
Acceptable Use of Assets
|
- Asset Discovery
- Asset Inventory
- Risk Scoring
- User Activity Monitoring
- File Integrity
|
Monitor acceptable use policy adherence through user activity monitoring, changes to critical files—informed by the asset inventory and relative risk scores.
|
7.2 Asset Management: Information Classification
|
7.2.1
|
Classification Guidelines
|
- Asset Discovery
- Asset Inventory
- Risk Scoring
|
Track and monitor the usage of terminated user accounts to validate removal of access, and any changes to critical system files
|
8.3 Human Resources Security: Termination of Change of Employment
|
8.3.1
|
Termination Responsibilities
|
- Asset Inventory
- User Activity Monitoring
- File Integrity Monitoring
|
Track and monitor the usage of terminated user accounts to validate removal of access, and any changes to critical system files.
|
8.3.2
|
Return of Assets
|
- Asset Inventory
- User Activity Monitoring
|
Identify usage or attempted usage of terminated user accounts, profiles, and systems to verify return of assets to authorized personnel.
|
8.3.3
|
Removal of Access Rights
|
- Asset Inventory
- User Activity Monitoring
- File Integrity Monitoring
|
Track and monitor the usage of terminated user accounts to validate removal of access, and any changes to critical system files.
|
9.1 Physical and Environmental Security: Secure Areas
|
9.1.2
|
Physical Entry Controls
|
- Log Management
- Behavioral Monitoring
- SIEM / Event Correlation
|
Track, monitor, and correlate physical security system logs and events with system access, netflow analysis and other data to verify physical security controls are working.
|
9.1.3
|
Securing Offices, Rooms and Facilities
|
- Log Management
- Behavioral Monitoring
- SIEM / Event Correlation
|
Track, monitor, and correlate physical security system logs and events with system access, netflow analysis and other data to verify physical security controls are working.
|
10.1 Communications and Operations Management: Operational Procedures and Responsibilities
|
10.1.1
|
Documented Operating Procedures
|
- Dynamic Incident Response templates
|
Dynamic incident response templates provide the foundation for a SOP workflow for security monitoring and incident response.
|
10.1.2
|
Information Security Coordination
|
- Asset Inventory
- Risk Scoring
- User Activity Monitoring
- File Integrity Monitoring
|
Use rich asset information to automatically identify asset value and risk ratings. Monitor user activity and changes to critical system files to support change management process and procedures.
|
10.1.3
|
Segregation of Duties
|
- Role-based Access Control
- Asset Inventory
- Asset Classification
|
Enforce segregation of duties based on role-based views and detailed information about assets, networks, and other risk categories.
|
10.1.4
|
Separation of Development, Test and Operational Facilities
|
- Asset Discovery
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Automated asset discovery provides a real-time asset map for functional network segments. Built-in netflows and IDS technologies provide validation that ACLs and other segmentation tactics are working properly.
|
10.2 Third-Party Service Delivery Management
|
10.2.2
|
Monitoring and Review of Third- Party Services
|
- Asset Inventory
- Vulnerability Assessment
- Risk Scoring
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
|
Monitor and review third party services with built-in, automated asset inventory correlated with vulnerability and threat detection data to identify policy violations with third party services.
|
10.2.3
|
Managing Changes to Third-Party Services
|
- Asset Inventory
- Vulnerability Assessment
- Risk Scoring
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
|
Effectively manage changes to third party services and applications with built-in, automated asset inventory correlated with vulnerability and threat detection data.
|
10.3 System Planning and Acceptance
|
10.3.1
|
Capacity Management
|
- Asset Inventory
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
|
Monitor service and system availability to maintain service levels and stay ahead of capacity constraints.
|
10.4 Protection Against Malicious and Mobile Code
|
10.4.1
|
Protection Against Malicious Code
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Quickly identify and isolate malware outbreaks throughout your network leveraging built-in security controls such as IDS, netflow analysis, event correlation, and log analysis. Dynamic incident response templates provide customized guidance for each alert.
|
10.5 Back-up
|
10.5.1
|
Information Back-up
|
|
Built-in log management and analysis can trigger alerts when back-up systems or processes fail to complete.
|
10.6 Network Security Management
|
10.6.1
|
Network Controls
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Securely manage and enforce network controls by leveraging built-in security technologies such as IDS, netflow analysis, event correlation, and log analysis. Dynamic incident response templates provide customized guidance for each alert.
|
10.6.2
|
Security of Network Services
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEMZZZZZZ
- Dynamic Incident Response Templates
|
Automated asset discovery provides a real-time asset map for functional network segments. Built-in netflows and IDS technologies provide validation that ACLs and other segmentation tactics are working properly.
|
10.7 Media Handling
|
10.7.1
|
Management of Removable Media
|
- Host-based Intrusion Detection (HIDS)
- File Integrity Monitoring
- SIEM
|
Built-in HIDS alerts on policy violations such as attempted use of external storage media on critical systems (e.g. USB drives). Additionally, built-in file integrity monitoring captures anomalous changes to critical files and event correlation rules provide the situational awareness needed to identify the potential exfiltration of sensitive data.
|
10.8 Exchange of Information
|
10.8.4
|
Electronic Messaging
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Built-in essential security controls help to protect against known and unknown exploits (e.g. DDoS, 0day, etc.) by providing a unified view of electronic messaging and other network-based communication channels.
|
10.8.5
|
Business Information Systems
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Built-in essential security monitors and identifies potential security events and policy violations that are often caused by failures in business process.
|
10.9 Electronic Commerce Services
|
10.9.1
|
Electronic Commerce
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Built-in essential security controls help to protect against known and unknown exploits to e-commerce applications and systems (e.g. SQL injection, DDoS, etc.) by providing a complete and unified view of your critical service delivery infrastructure.
|
10.9.2
|
Online Transactions
|
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Built-in essential security controls help to protect against known and unknown exploits to publicly available systems by providing a complete and unified view of the security of your DMZ and publicly facing infrastructure.
|
10.9.3
|
Publicly Available Information
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Built-in essential security controls help to protect against known and unknown exploits to publicly available systems by providing a complete and unified view of the security of your DMZ and publicly facing infrastructure.
|
10.10 Monitoring
|
10.10.1
|
Audit Logging
|
Asset Discovery File Integrity Monitoring Log Management
|
Built-in, automated and unified asset discovery, file integrity monitoring and log management provide an easy way to meet this requirement. Additionally, data archiving and data retrieval are easily managed via a single console.
|
10.10.2
|
Information Security Coordination
|
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
- (wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
- Behavioral Monitoring
- Log Management
|
Built-in asset discovery, vulnerability assessment, threat detection, behavioral monitoring, and security intelligence—reduces the cost and complexity of compliance. Unified log review and analysis, with triggered alerts for high risk systems speed the audit process.
|
10.10.3
|
Protection of Log Information
|
- Log Management
- Vulnerability Assessment
- File Integrity Monitoring
|
Built-in log management, vulnerability assessment, and file integrity monitoring detect changes to critical system files, particularly event and audit log data.
|
10.10.4
|
Administrator and Operator Logs
|
- Log Management
- Vulnerability Assessmen
- File Integrity Monitoring
- User Activity Monitoring
|
Built-in log management, vulnerability assessment, and file integrity monitoring detect changes to critical system files, particularly audit log data, with triggered alerts on privileged users such as administrators and operators.
|
10.10.5
|
Fault Logging
|
- Log Management
- Vulnerability Assessment
- File Integrity Monitoring
- Behavioral Monitoring
- SIEM
|
Built-in log management, vulnerability assessment, and file integrity monitoring detect critical system faults, and can correlate these with other security events and netflow data leveraging automated event correlation.
|
10.10.6
|
Clock Synchronization
|
|
Built-in log management and analysis protects chain-of-custody by synchronizing log data.
|
11.1 Access Control: Business Requirement for Access Control
|
11.1.1
|
Access Control Policy
|
- Asset Discovery
- Intrusion Detection (wireless, network, and host-based)
- File Integrity Monitoring
- User Activity Monitoring
- SIEM
- Behavioral Monitoring
- Log Management
|
Built-in essential security technologies such as asset discovery, IDS, netflows, file integrity monitoring, and user activity monitoring provide a complete view of access control policy violations and other security events.
|
11.2 Access Control: User Access Management
|
11.2.1
|
User Registration
|
- User Activity Monitoring
- Log Management
|
Built-in user activity monitoring and log management provide the necessary information to effectively manage user accounts, and investigate unauthorized activity.
|
11.2.2
|
Privilege Management
|
- User Activity Monitoring
- Log Management
|
Built-in user activity monitoring and log management provide the necessary information to effectively monitor privileged activity, and investigate unauthorized access attempts.
|
11.2.4
|
Review of User Access Rights
|
- User Activity Monitoring
- Vulnerability Assessment
- Intrusion Detection (wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
|
Built-in user activity monitoring, vulnerability assessment, and threat management technologies work together to monitor user access (successful and unsuccessful attempts).
|
11.3 Users Responsibilities
|
11.3.1
|
Password Use
|
- User Activity Monitoring
- Vulnerability Assessment
- Intrusion Detection (wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
|
Built-in, automated vulnerability assessment identifies the use of weak and default passwords while built-in host-based IDS and File Integrity Monitoring signal when password files and other critical system files have been modified.
|
11.4 Network Access Control
|
11.4.1
|
Policy on Use of Network Services
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Built-in asset discovery, vulnerability assessment, threat detection, behavioral monitoring, and security intelligence—reduces the cost and complexity of network security and compliance. Unified log review and analysis, with dynamic incident response templates guide the security analyst through forensic investigations.
|
11.4.3
|
Equipment Identification in Networks
|
- Asset Discovery
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Automated asset discovery provides a real-time asset map for functional network segments. Built-in netflows and IDS technologies provide validation that ACLs and other segmentation tactics are working properly.
|
11.4.5
|
Segregation in Networks
|
- Asset Discovery
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Automated asset discovery provides a real-time asset map for functional network segments. Built-in netflows and IDS technologies provide validation that ACLs and other segmentation tactics are working properly.
|
11.4.6
|
Network Connection Control
|
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Built-in netflows and IDS technologies detect unauthorized access attempts and anomalous behavior (e.g. outbound command-and-control connections).
|
11.4.7
|
Network Routing Control
|
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Built-in netflows and IDS technologies detect network routing anomalies (e.g. outbound command-and-control connections).
|
11.5 Operating System Access Control
|
11.5.1
|
Secure Log-On Procedures
|
- Intrusion Detection
(wireless, network, and host-based)
- Log Management
- SIEM
|
Built-in host-based IDS monitors all activity on critical files and systems. Automated event correlation signals activities such as unauthorized logins followed by additional security exposures like data exfiltration.
|
11.5.2
|
User Identification and Authentication
|
- User Activity Monitoring
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
|
Built-in user activity monitoring, vulnerability assessment, and threat management technologies work together to monitor user identities and access (e.g. successful and unsuccessful attempts).
|
11.5.3
|
Password Management Systems
|
- User Activity Monitoring
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
|
Built-in, automated vulnerability assessment identifies the use of weak and default passwords while built-in host-based IDS and File Integrity Monitoring signal when password files and other critical system files have been modified.
|
11.5.4
|
Use of System Utilities
|
- Intrusion Detection
(wireless, network, and host-based)
|
Host-based IDS monitors system utilities, usage, and performance data to ensure service availability and avoid downtime.
|
11.5.5
|
Session Time Out
|
- Intrusion Detection
(wireless, network, and host-based)
- User Activity Monitoring
|
Host-based IDS monitors user activity and enforces session timeouts on critical systems.
|
11.6 Application and Information Access Control
|
11.6.1
|
Information Access Restriction
|
- User Activity Monitoring
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- File Integrity Monitoring
- SIEM
|
Built-in essential security technologies such as vulnerability assessment, IDS, netflows, file integrity monitoring, and user activity monitoring provide a complete view of access control policy violations and other security events.
|
11.6.2
|
Sensitive System Isolation
|
- Asset Discovery
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Automated asset discovery provides a real-time asset map to auto-populate an asset inventory, including sensitive systems. Built-in netflows and IDS technologies provide validation that ACLs and other segmentation tactics are working properly.
|
11.7 Mobile Computing and Teleworking
|
11.7.1
|
Mobile Computing and Communications
|
- Asset Discovery
- Intrusion Detection
(wireless, network, and host-based)
|
Built-in asset discovery auto-discovers all devices on wired and wireless networks while wireless IDS detects any policy violations, rogue devices and other wireless threats.
|
11.7.2
|
Teleworking
|
- Asset Discovery
- Intrusion Detection
(wireless, network, and host-based)
|
Built-in asset discovery auto-discovers all devices connecting to the corporate network – including teleworkers and other remote users. IDS and netflow analysis technologies identify real-time threats and policy violations.
|
12.1 Information Systems Acquisition, Development and Maintenance
|
12.1.1
|
Security Requirements Analysis and Specification
|
- Asset Discovery
- Vulnerability Assessment
- Behavioral Monitoring
- Risk Scoring
|
Evaluate and analyze security requirements based on detailed and unified information about assets, their vulnerabilities, network baselines, and calculated risk scores.
|
12.3 Cryptographic Controls
|
12.3.1
|
Policy on the Use of Cryptographic Controls
|
- Asset Discovery
- Behavioral Monitoring
- Intrusion Detection
(wireless, network, and host-based)
|
Unified netflow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from sensitive data resources. Built-in wireless IDS monitors encryption strength and identifies unauthorized access attempts to critical infrastructure.
|
12.4 Security of System Files
|
12.4.1
|
Control of Operational Software
|
- Asset Discovery
- Intrusion Detection (wireless, network,and host-based)
- File Integrity Monitoring
- Log Management
|
Automated asset discovery provides a complete and dynamic asset inventory—critical for identifying all operational software. Host-based IDS and file integrity monitoring identify and alert on changes to critical software.
|
12.4.2
|
Protection of System Test Data
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
|
Built-in essential security technologies such as asset discovery, vulnerability assessment, IDS, netflows, file integrity monitoring, and user activity monitoring provide a complete view of access to and protection of system test data.
|
12.4.3
|
Access Control to Program Source Library
|
- Asset Discovery
- Intrusion Detection (wireless, network, and host-based)
- File Integrity Monitoring
- User Activity Monitoring
- SIEM
- Behavioral Monitoring
- Log Management
|
Built-in essential security technologies such as asset discovery, vulnerability assessment, IDS, netflows, file integrity monitoring, and user activity monitoring provide a complete view of access control policy violations to program source libraries.
|
12.5 Security in Development and Support Process
|
12.5.1
|
Change Control Procedures
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
|
Built-in, automated asset discovery combined with vulnerability assessment data validates the successful execution of configuration changes and other operational tasks.
|
12.5.2
|
Technical Review of Applications After Operating System Changes
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
|
Built-in, automated asset discovery combined with vulnerability assessment data provides a full technical review of the impact of operating system changes on critical applications.
|
12.5.4
|
Information Leakage
|
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- Log Management
- SIEM
|
Built-in threat detection, behavioral monitoring and event correlation signals information leakage and other attacks in progress—for example, unauthorized access followed by additional security exposures such as sensitive data exfiltration. Built-in log management enables the collection and correlation of valid and invalid authentication attempts on critical devices. Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations.
|
13.1 Information Security Incident Management
|
13.1.1
|
Reporting Information Security Events
|
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- Behavioral Monitoring
- SIEM
- Dynamic Incident Response Templates
|
Report on all security metrics (vulnerability statistics, IDS alerts, etc.) from a single unified workflow. Dynamic incident response templates provide customized guidance on how to respond to each alert.
|
13.1.2
|
Reporting Information Security Weaknesses
|
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
|
Identify, manage and report on all network, system, and application vulnerabilities from a single unified workflow. Correlate vulnerability data with log analysis and IDS alerts to prioritize remediation efforts.
|
13.2 Management of Information Security Incidents and Improvements
|
13.2.2
|
Learning from Information Security Events
|
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- File Integrity Monitoring
- User Activity Monitoring
- SIEM
- Behavioral Monitoring
- Log Management
|
Built-in essential security technologies such as vulnerability assessment, IDS, netflows, file integrity monitoring, and user activity monitoring provide a complete picture of operational security. This unified perspective allows for a built-in feedback loop to your technical and executive management teams for continuous improvement.
|
13.2.3
|
Collection of Evidence
|
|
Built-in log management and analysis provides the necessary raw evidence to assist in data forensics and investigations.
|
15.1 Compliance with Legal Requirements
|
15.1.3
|
Protection of Organizational Records
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- File Integrity Monitoring
- SIEM
|
Built-in and unified log review and analysis, with triggered alerts for high- risk systems (containing organizational records and other sensitive data). Built-in host-based intrusion detection and file integrity monitoring detect and alarm on changes to cryptographic keys for encrypted data.
|
15.1.4
|
Data Protection & Privacy of Personal Information
|
- Asset Discovery
- Vulnerability Assessment
- Log Management
- Intrusion Detection
(wireless, network, and host-based)
- File Integrity Monitoring
- Behavioral Monitoring
- SIEM
|
Built-in and unified log review and analysis, with triggered alerts for high- risk systems (containing personal information). Built-in host-based intrusion detection and file integrity monitoring detect and alarm on changes to cryptographic keys for encrypted data. Unified netflow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from high risk resources where encryption is required.
|
15.1.5
|
Prevention of Misuse of Information Processing Facilities
|
- Asset Inventory
- Vulnerability Assessment
- Behavioral Monitoring
- SIEM
|
Correlate built-in asset, vulnerability, and netflow analysis data to detect and prevent the misuse of information processing facilities.
|
15.2 Compliance with Security Policies and Standards, and Technical Compliance
|
15.2.1
|
Compliance with Security Policies and Standards
|
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- Log Management
- Behavioral Monitoring
- SIEM
- Compliance Reporting / Dashboards
|
Built-in essential security controls provide a complete and unified view into information security and compliance posture. Unified compliance reports and dashboard views highlight key operational metrics against compliance and business requirements.
|
15.2.2
|
Technical Compliance Checking
|
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- SIEM
|
Unified vulnerability assessment, threat detection, and event correlation provides full situational awareness in order to reliably check technical compliance requirements.
|
15.3 Information Systems Audit Considerations
|
15.3.1
|
Information Systems Audit Controls
|
- Asset Discovery
- Vulnerability Assessment
- Intrusion Detection
(wireless, network, and host-based)
- Log Management
- Behavioral Monitoring
- SIEM
- Compliance Reporting / Dashboards
|
Built-in essential security controls provide a complete and unified view into information systems audit controls performance. Unified compliance reports and dashboard views highlight key operational metrics and facilitate the audit process.
|