MEETING ISO STANDARDS

Similar documents
EXABEAM HELPS PROTECT INFORMATION SYSTEMS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

The Common Controls Framework BY ADOBE

Advent IM Ltd ISO/IEC 27001:2013 vs

WELCOME ISO/IEC 27001:2017 Information Briefing

ISO27001 Preparing your business with Snare

RULES VERSUS MODELS IN YOUR SIEM

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

White Paper IMPLEMENTING PCI DSS CONTROLS WITH EXABEAM

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Information technology Security techniques Information security controls for the energy utility industry

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

RSA NetWitness Suite Respond in Minutes, Not Months

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

NEN The Education Network

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

SECURITY & PRIVACY DOCUMENTATION

locuz.com SOC Services

AUTHORITY FOR ELECTRICITY REGULATION

SIEM Solutions from McAfee

10 FOCUS AREAS FOR BREACH PREVENTION

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

RSA INCIDENT RESPONSE SERVICES

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Oracle Data Cloud ( ODC ) Inbound Security Policies

ISO/IEC Information technology Security techniques Code of practice for information security management

SYSTEMKARAN ADVISER & INFORMATION CENTER. Information technology- security techniques information security management systems-requirement

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

MITIGATE CYBER ATTACK RISK

External Supplier Control Obligations. Cyber Security

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

ISO/IEC Controls

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

WORKSHARE SECURITY OVERVIEW

RSA INCIDENT RESPONSE SERVICES

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

GDPR Update and ENISA guidelines

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

7.16 INFORMATION TECHNOLOGY SECURITY

IBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security

Certified Information Systems Auditor (CISA)

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Privileged Account Security: A Balanced Approach to Securing Unix Environments

Office 365 Buyers Guide: Best Practices for Securing Office 365

GDPR: An Opportunity to Transform Your Security Operations

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

White Paper. Complying with SOX Regulations Using the Exabeam Security Intelligence Platform

Reducing the Cost of Incident Response

THE TRIPWIRE NERC SOLUTION SUITE

Apex Information Security Policy

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Security Controls in Service Management

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Sage Data Security Services Directory

Total Security Management PCI DSS Compliance Guide

Building a Resilient Security Posture for Effective Breach Prevention

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

ISO/IEC TR TECHNICAL REPORT

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Built-in functionality of CYBERQUEST

Trust Services Principles and Criteria

Checklist: Credit Union Information Security and Privacy Policies

Standard CIP Cyber Security Critical Cyber Asset Identification

Information Security Management

Sparta Systems TrackWise Digital Solution

Juniper Vendor Security Requirements

Information Security Management System

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

The Business Case for Network Segmentation

Security Operations & Analytics Services

Standard CIP Cyber Security Critical Cyber Asset Identification

General Data Protection Regulation

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

This document provides a general overview of information security at Aegon UK for existing and prospective clients.

CYBER SECURITY OPERATION CENTER

IBM services and technology solutions for supporting GDPR program

CyberArk Privileged Threat Analytics

Information technology Security techniques Information security controls for the energy utility industry

Transcription:

WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced threats targeting. They not only need security technologies to protect themselves from such threats, but also need to comply with security regulations and follow best practices in managing cyber risks. Traditional security is insufficient to protect presentday hybrid infrastructures. With increasingly dynamic environments enabled by trends such as bring your own technology (BYOT), more data in the cloud, and a growing number of points of entry, pervasive, sophisticated threats can do major damage to any entity. They could take years to discover and stop. This white paper focuses on some of the main information security controls and requirements addressed by ISO 27002. It maps key Exabeam solution capabilities to ISO 27002 controls, describing how they can be used to manage risk to information systems and prove compliance. What is ISO 27002 Standard? ISO 27002 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation s information risk management processes. According to its documentation, 1 ISO 27002 was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system. 1 HTTPS://WHATIS.TECHTARGET.COM/DEFINITION/ISO-27001

MEETING ISO 27002 STANDARDS WITH EXABEAM Organizations often begin with a gap assessment to examine compliance across their entire infrastructure. Exabeam offers solutions to satisfy many threat detection use cases and meet your security and compliance needs. Here is an Exabeam product line overview: Exabeam Data Lake - A security data lake that helps enterprises to collect and store unlimited amounts of data to detect threats and meet compliance use cases; all for a predictable flat rate. Exabeam Advanced Analytics - A user and entity behavior analytics (UEBA) solution that can be deployed on top of Exabeam Data Lake or legacy SIEM tools. It detects malicious insiders, compromised and rogue insiders, data exfiltration, malware, and other advanced threats. Exabeam Entity Analytics - Focuses on tracking your organization s assets. It provides end-to-end network visibility, establishes baseline behavior (using communication patterns, ports and protocols, servers, and operating activity), and automatically identifies irregular activities that are indicative of a security incident. Exabeam Incident Responder - A security orchestration and automated response tool (often called a SAO or SOAR solution). It provides a case management a central console to track and manage incidents and automated response, which collects evidence for investigations using response playbooks and centralized workflows. Exabeam Threat Hunter - Not requiring a complex query language, Threat Hunter provides SOC with a simple GUI. This gives analysts of any ability level to run complex searches with context-aware data. Exabeam Security Management Platform A modern SIEM that combines end-to-end data collection, analysis, and response in a single management and operations platform. A.6 Organization of information security Controls on how roles and responsibilities are defined and assigned to protect internal organization and remote devices. A.6 ORGANIZATION OF INFORMATION SECURITY A.6.1.1 A.6.1.2 Define roles and responsibilities Segregation of duties Exabeam provides access to information and actions that administrators take based on roles. It enables security control separation by providing role-based access control, with roles having separation of duties A.6.2.2 Security controls for teleworking Exabeam tracks the behavior of internal users as well as remote employees. It issues alerts for any unauthorized access to assets as well as abnormal remote logins. It monitors your network and assets, tracking suspicious activities 2 HTTPS://WWW.NIST.GOV/CYBERFRAMEWORK MEETING ISO 27002 STANDARDS WITH EXABEAM 2

A.7 Human Resources Security Controls on how employees and contractors comply with organization policies and regulations as well as workers leaving or moving (laterally or vertically). A.7 HUMAN RESOURCES SECURITY A.7.2.1 A.7.3.1 Employees and contractors to comply with established policies and procedures of the organization Information security controls for workers leaving the organization or moving within the organization Exabeam meets these security control by reporting and alerting about access management activities by employees and contractors. Monitor privileged accounts Track user access to high-value assets Monitors terminated or departed accounts Tracks user activities and baselines normal behavior for new, existing, and promoted employees. Provides user activity reports Tracks any lateral movements of user access across your organization A.8 Asset Management Controls related to policies related to ownership of assets, use of assets and media handling. A.8 ASSET MANAGEMENT A.8.1.2 A.8.1.3 Asset ownership Acceptable asset use Exabeam s Entity Analytics is part of a behavior analytics portfolio. It provides end-to-end network visibility, establishes baseline behavior, and identifies irregular activities indicative of a security incident. Assets are classified based on ownership, servers, workstations, groups, etc. Tracks user access to both internal and remote assets. It issues alerts A.8.3.1 Management of removable media regarding unacceptable asset use. Controls movement of removable media such as USB sticks, removable disk packs, and others; alerts regarding unauthorized movement from one location to another. MEETING ISO 27002 STANDARDS WITH EXABEAM 3

A.9 Access Control Controls for access management and provisioning policy, system and application access control, and user responsibilities. A.9 ACCESS CONTROL A.9.1.2 A.9.2.1 A.9.2.2 A.9.2.4 A.9.2.6 A.9.3.1 A.9.4.1 A.9.4.2 A.9.4.4 A.9.4.5 Access to networks and network services User registration and de-registration User access provisioning process to assign or revoke access rights for all user types to all systems and services. Management of secret authentication information of users Removal or adjustment of access rights Follow practices in the use of secret authentication information Information access restriction Controls on secure log-on procedures Use of privileged utility programs Access to program source code shall be restricted Exabeam monitors for authentication failures and remote logon activities. It can detect compromised user accounts and monitors high-value or critical assets for unauthorized access. Exabeam monitors and immediately issues alerts for unauthorized user access. Monitors unauthorized access to business applications, network, or systems. Monitors networks and systems for suspicious/anomalous activities. Monitors and alerts for access from blacklisted or terminated users. Ability to define rules on access controls. All logs access, audit, change, and event are made available to IT administrators. Provides ability to define rules for who can access privileged utilities; issues alerts for authorized access. MEETING ISO 27002 STANDARDS WITH EXABEAM 4

A.11 Physical and Environmental Security Controls defining physical security, entry controls, protection against external threats, equipment security, secure document disposal, clear desk and clear screen policy. A.11 PHYSICAL AND ENVIRONMENTAL SECURITY A.11.1.1 A.11.1.2 A.11.1.3 A.11.1.5 A.11.2.2 A.11.2.6 A.11.2.8 A.11.2.9 Physical security perimeter Physical entry controls Physical security for offices, rooms, and facilities Procedures for working in secure areas Monitor systems/ equipments from power failures and other disruptions Security of equipment and assets off-premises Unattended user equipment A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities Exabeam monitors all access to the organization s security perimeter, as well as cloud access and other public domains. Anomalous access or sensitive data transfers are detected and alerts are issued. Monitors badge access: Tracks users entries and exits to create a user session. Monitors systems/equipment from disruptions and issues alert about them. Monitors unauthorized physical access to devices. Monitors data transfer to insecure digital media such as USB memory sticks, etc. MEETING ISO 27002 STANDARDS WITH EXABEAM 5

A.12 Operational Security Controls related to operational procedures - change management, capacity management; protection from malware, logging, monitoring, installation, and vulnerability management. A.12 OPERATIONAL SECURITY A.12.1.2 A.12.1.3 A.12.2.1 A.12.3.1 A.12.4.1 A.12.4.2 A.12.4.3 A.12.4.4 A.12.5.1 A.12.6.1 A.12.6.2 A.12.7.1 Change management: Assess risks and impacts due to changes Capacity management: Review asset usage, SLAs Controls against malware Information backup policies and procedures Event logging Protection of log information System administrator and operator activity logs The clocks of all relevant systems within security domain shall be synchronized. Control of operational software Management of technical vulnerabilities Restrictions on software installation Information systems audit controls Set of controls to detect suspicious activities by monitoring users and assets by tracking deviations from baseline behavior such as changes in roles and responsibilities, high-value and critical system changes, threats, and various administrator and operator activities. Exabeam ingests logs from various data sources, creates a baseline of normal behavior for users and associated assets. Any deviations or changes from the baseline is alerted and the events are stitched into a timeline. Analysts or IT administrators can easily pinpoint anomalous activities and respond to the alerts. Takes baseline of various activities like - normal logon to assets, remote logins, normal working hours, web activity time, VPN source IP, VPN session time etc. Monitor and log access activities, network access, key changes in parameters to high-value assets, processes and users accessing the systems. Detect insider threats and compromised insiders Detect advanced threats and malware Monitor and log privileged system activities. Check for only authorised personnel having appropriate system privileges are able to install software on systems and alert them if there are any unauthorized use. Use native Threat Intelligence services to detect threats and malware. Use machine learning to detect phishing and malicious domain access. MEETING ISO 27002 STANDARDS WITH EXABEAM 6

A.13 Communications Security Controls related to network security, network services, segregation of network services, and information transfer. A.13 COMMUNICATIONS SECURITY A.13.1.1 A.13.2.1 A.13.2.3 Networks managed and controlled, so as to be protected from threats, and to maintain security Policies, procedures, and controls shall be in place to protect the exchange of information Protect information involved in electronic messaging Exabeam checks for adequate network security mechanisms. It provides realtime monitoring of the network and its devices. Sends alerts for unauthorized access of network access points. Monitors unsupported and unauthorized transfer of data to cloud services, USB, web, etc. Monitors unauthorized of data transfer protocol use. A.14 System Acquisition, Development and Maintenance Controls defining security requirements of information systems, and security in development and support processes. A.14 SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE A.14.1.1 A.14.1.2 A.14.2.2 A.14.2.3 A.14.2.4 Information security requirements analysis and specifications Securing application services on public networks System change control procedures Review of applications after operating platform changes Restrictions on changes to software packages Exabeam provides continuous monitoring to assess risks on high-value assets, file systems, databases, and server controls. Exabeam alerts on any abnormal data transfer or application access. Exabeam can check and alert regarding: Unauthorized access to systems and applications. Sensitive data transfer to cloud systems and public domain. Unauthorized and unencrypted usage of protocols (e.g., http, ftp) if they are part of policy. Exabeam tracks deviations from a normal baseline for assets. Significant changes to assets are logged and alerts are issued. Assess risks associated with any changes to systems or applications; issue alert if they are risky. Assess risks associated with any changes made to systems and issue alert if built-in controls are compromised. MEETING ISO 27002 STANDARDS WITH EXABEAM 7

A.16 Information Security Incident Management Controls defining management of information security incidents and improvements. A.16 INFORMATION SECURITY INCIDENT MANAGEMENT A.16.1.2 Reporting information security events Exabeam provides a case management console to handle security incidents. It provides tools to respond to incidents by playbook integrations and automated response capabilities. A.16.1.3 A.16.1.5 A.16.1.6 Reporting information security weaknesses Response to information security incidents Learning from information security incidents Exabeam logs and alerts system admins regarding abnormal system logons, as well as issues alerts for phishing emails and unusual or anomalous user activities. Exabeam provides automated response capabilities. To each security incident it attaches risk scores and reasons, in addition to smart event timelines so as to easily pinpoint anomalous events that led up to it. Security incident reports include open and closed incidents, work distribution, and metrics such as mean-time-to-respond (MTTR), are which made available to responders or analysts.. Exabeam can realign the baseline based on analyst input for events. For example, if a security alert within a user session is marked as a non-risky event, Exabeam takes that into account. A.16.1.7 Collection of evidence Exabeam provides an integrated platform a central incident tracking console collects evidence through centralized workflows, automates responses, and collaborates across your SOC team. A.17 Business Continuity Management Controls requiring the planning of business continuity, planning, procedure, and monitoring of capacity, performance and resilience of disaster recovery or fall-back systems. A.17 BUSINESS CONTINUITY MANAGEMENT A.17.1.1 A.17.2.1 Business continuity planning Availability of information processing facilities Exabeam can identify and alert about potential risks to high availability and fallback systems in place. Their baseline activity is tracked and deviations are logged and alerted. By identifying and collecting details around anomalous activities, appropriate actions can be taken by your operations team to prevent adverse effects, and ensure the recovery of high-availability systems. MEETING ISO 27002 STANDARDS WITH EXABEAM 8

A.18 Compliance and Protection of Critical Data Controls requiring personal data protection, intellectual property protection, identification of applicable laws and regulations, reviews of information security responsibilities. A.18 COMPLIANCE AND PROTECTION OF CRITICAL DATA A.18.1.3 A.18.1.4 A.18.2.1 A.18.2.2 Protection of system records Privacy and protection of personally identifiable information Independent review of information security Compliance with security policies and standards Exabeam complies with various security regulations. Compliance reports are provided out of the box, with controls tagged to make it easier for administrators to run customized reports. Exabeam meets and augments ISO controls by monitoring and protecting sensitive and critical data. It issues alerts for: Abnormal file and system access by unauthorized user(s) Sensitive data loss risks and detection Abnormal lateral movement detection Unencrypted protocol usage MEETING ISO 27002 STANDARDS WITH EXABEAM 9

CONCLUSION Exabeam has a rigorous testing methodology and quality assurance process implemented throughout its software development lifecycle. Accelerating your deployment with quick time-to-value, it provides prepackaged security reports, search capabilities and threat detection techniques. Also, customers can quickly and painlessly satisfy ISO 27002 along with other security requirements to secure related information and information systems. TO LEARN MORE ABOUT HOW EXABEAM CAN HELP YOU, VISIT EXABEAM.COM TODAY. Exabeam is a modern SIEM that combines end-to-end data collection, analysis, and response in a single management and operations platform. It offers a single, fully integrated, and centrally managed solution that reduces TCO while enabling phased, seamless deployment.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback