Meet ISO 27001 Compliance Requirements

International Standard for Information Security

Voluntary. Auditable. Certifiable.

ISO/IEC 27001:2013 is an information security standard that was published in September 2013. Unlike many other regulatory frameworks, it is a voluntary standard. As ISO is an international body, any organization in the world can adopt 27001. Those that choose to implement it can be formally audited to prove compliance to the standard.

NIST-Developed Security Controls Underpin ISO 27001

ISO 27001 defines an Information Security Management System (ISMS) and how to design, deploy, and maintain such a system. It has over 100 controls over 14 security control sections. ISO 27001:2013 is an update of the original 2005 release that aligns better with management standards such as ISO 9000 and ISO/IEC 20000.

Real-Time Notification of Unusual Activity

Cygna Auditor's built-in and custom alerting notifies you of unusual activity on secured systems such as scripted permission changes, or mass file updates typical of ransomware.

Real-Time Notification of Unusual Activity
Monitor Activity on Secured Systems

Monitor Activity on Secured Systems

Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.

Monitor Relevant Group Membership

Keep access to secured systems data to a minimum with Cygna Auditor's group reports that show membership of system users and administrators.

Monitor Relevant Group Membership
Monitor Secured System Permissions

Monitor Secured System Permissions

Keeping group membership current is only a partial solution; you must ensure that permissions on secured systems stay correct. Cygna Auditor's permissions reports enable you to be sure the system's configuration remains what it needs to be.

Examples of Addressed ISO 27001 Compliance Requirements

Most of the controls specified in ISO 27001 and applicable to Cygna Auditor are similar or identical to the controls specified in NIST Special Publication 800-53, the security control framework for the Federal Information Security Management Act of 2002 (FISMA) and a superset of the ISO 27001 controls. Appendix H of NIST 800-53 provides a mapping of ISO 27001 to NIST 800-53 controls; what follows is a sampling of controls that Cygna Auditor satisfies.

Organization of (internal) Information Security: 6.1.2, 6.1.5
Human Resource Security: 7.2.3, 7.3.1
Access Control: 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.3.1, 9.4.1, 9.4.2, 9.4.3
Operations Security: 12.1.2, 12.1.3, 12.4.1, 12.4.2, 12.4.3, 12.7.1
Communications Security: 13.1.1, 13.1.3, 13.2.1, 13.2.3
System acquisition, development and maintenance: 14.2.2, 14.2.3, 14.2.6, 14.2.9
Supplier Relationships: 15.2.1
Information security incident management: 16.1.2, 16.1.4, 16.1.5, 16.1.7
Information security aspects of business continuity management: 17.1.2, 17.1.3
Compliance: 18.1.3, 18.1.4, 18.2.2, 18.2.3