ISO Compliance Management and Compliant Hosting

ISO 27002 is recognized as an international information security standard that provides information management security recommendations to those who are responsible for security in their organization. ISO standards, when compared with current controls, enable organizations to proactively identify weaknesses and threats before the auditor does. The ISO standard specifically mandates audit logging in section 10.10.1, but also mandates monitoring of system use in section 10.10.2 and monitoring of administrative and operator activity in section 10.10.4. In addition, log data can evidence that many other measures are implemented properly, such as identity management (8.8.3, timely removal of access rights) and change management (10.1.2).

The Stone Street Open Log Management platform builds the foundation to monitor user and system activity. Stone Street also provides an ISO Edition with the Stone Street Compliance Suite as an add-on reporting package to Stone Street Open Log Management Platform. Stone Street Security Event Manager and Stone Street Database Security Manager provide more granular threat detection and can even block suspicious activity in real-time (for example DS5.5 and DS 5.10). Stone Street Security Event Manager adds security event correlation for advanced threat detection and can help prioritize the daily stream of event and automate incident management follow-up. Stone Street Database Security Manager adds specialized monitoring for your databases, including real-time blocking of suspicious activities.

Key Elements of ISO/IEC 27002:

• Security policy.
• Organizing information security.
• Asset management.
• Human resources security.
• Physical and environmental security.
• Communications and operations management.
• Access control.
• Information systems acquisition, development and maintenance.
• Information security incident management.
• Business continuity management.
• Compliance.