ISO 27001/UNE 71502 Consulting

One of the main important things in organitzations is it's information, being able to endanger its continuity in case of confidenciality loss, integrity or availability . For that, are necessary some systems of adequate protection, as well as correct security management. The norm ISO 27001 (certifiable in Spain by previous UNITES-71502) borns with the purpose to establish the bases of a SGSI (System of Management of the Security of the Information) using as frame of reference the 11 areas of defined action in Code of Good Practices in Management of the Security information, identified in norm UNITES-ISO/IEC 17799:2005.

  • Clear definition and transmitted to all the organization of the objectives and security guidelines.
  • Systematization, objectivity and consistency through the years in security actions.
  • Analysis and prevention of the risks in Information Systems.
  • Improves of the processes and information management procedures.
  • Workers motivation of information value.
  • Fulfillment of actual legislation.
  • Quality Image against clients and suppliers.

Differential analysis

Internet Security Auditors proposes a Differential Analysis UNITES-ISO/IEC 17799:2005 as first step for a correct way of a SGSI according to the ISO/IEC 27001:2005 international norm. That analysis of the present situation of the security in systems information covers aspects of Management (policy, regulatory and documented procedures), Legal (laws and contracts) and Technical (architecture, tools and applied technologies).

The summary objectives of Differential Analysis are:

  • Knowing Enforceability and Differential: to know the enforceability and referring differential to UNITES-ISO/IEC 17799:2005 standards.
  • Appraisal of the Measures of present Security: to Obtain an independent appraisal for present state of organization security measures .
  • Security Improvement Plan: Determine a Security Improvement Plan, adapted and specific for the organization.
  • Make aware: Make aware the different business areas, security information importance since management. point of view.
  • SGSI Establishment Orinent: Is the first step to SGSI establishment according to the international ISO/IEC 27001:2005 norm.

SGSI establishment according to ISO/IEC 27001:2005

To success establishment of a SGSI is necessary the total implication and support of direction in project, and correct SGSI design. This design should identify and document the SGSI reach and objectivesI, making the organitzation security policy , inventorying assets to include in reach, carrying out a risk analysis to be able to carry out, from the threats, vulnerabilities and impacts, an appraisal and subsequent management of risk that permit us to select the necessary controls for minimize the existing risks and select Applicable of UNITES-ISO/IEC 17799:2005 norm.

The summary objectives of SGSI Establishment are:

  • Define Targets: Define security targets.
  • Analisis ang Risk Management: (MAGERIT, OCTAVE or CRAMM).
  • Director Plan: Director Plan creation of the establishment.
  • Establishment: SGSI Establishment.