Align corporate information security frameworks to best-practice standards (ISO 27002/17799) to achieve compliance objectives for IT governance

The ISO/IEC 27002 and ISO 17799 information security framework and standard provides concrete guidance and best-practice recommendations on information security management. Businesses can use this framework to meet regulatory requirements for IT governance. 

The ISO/IEC 27002 and ISO 17799 standards ensure that only authorized users can access particular information in order to protect the accuracy and completeness of information and processing methods and ensure that authorized users have access to information and associated assets when required.

These and other frameworks simplify compliance by preventing "silos" of redundant controls, policies and procedures, and avoiding duplicated efforts in documentation, training, deployment, enforcement, management, administration and auditing. The standards help satisfy multiple compliance and security requirements through a consistent set of controls that preserve information confidentiality, integrity and availability in a cost-effective, extensible, flexible and robust manner.
 

IT Governance Applications

NextLabs' solution is a set of applications which includes a comprehensive set of pre-built policy libraries and pre-built reports based on the ISO/IEC 27002:2005 and ISO 17799 frameworks and reporting structure.  Policy sets can be easily customized to the environment or used as templates to create new policies. The NextLabs IT Governance Solution can:

• Assess information risks to discover gaps in existing policies and procedures to help identify requirements and improve information risk management. This lets administrators rapidly identify and assess the effectiveness of internal controls in an IT Governance relevant context.
• Apply scalable, flexible controls mapped to IT governance and security frameworks that satisfy multiple compliance regulations and eliminate redundant controls, policies and procedures and duplicated efforts in application- or system-specific controls, letting you optimize corporate IT investments.
• Proactively enforce policy in real time by monitoring, detecting, preventing and reporting policy violations that risk the confidentiality, integrity and availability of regulated information.
• Remediate policy violations automatically or interactively, and handle policy exceptions automatically to demonstrate full compliance management and rapid intervention.
• Assess compliance in real time with reporting and dashboards to demonstrate effective compliance oversight.
• Log administration activity through a central audit point, thus meeting separation-of-duties requirements for security monitoring.

The NextLabs IT Governance Solution helps enterprises deploy a proactive, end-to-end IT security program that provides comprehensive IT governance and supports training of the workforce in proper IT security practices to support IT and information governance.