ISO Compliance Suite

Automate Alerting & Reporting

ISO and the International Electrotechnical Commission (IEC) jointly develop worldwide standards. National bodies that are members of ISO or IEC participate in the development of international standards through technical committees established by these organizations to deal with particular fields of international activity. Other international organizations, governmental and non-governmental, liaise with ISO and IEC in order to participate in the development of technical standards.

Overview and History

“Customers typically experience a return on investment of three months or less by automating the collection and storage of log data for PCI compliance and then using that data for audit. LogLogic’s Compliance Suite: PCI edition automates the process of validating, reporting and alerting on business and IT policies related to PCI compliance at a fraction of the cost of homegrown solutions.”

Pat Sueltz, CEO, LogLogic

ISO/IEC 27002:2005 is a code of practice for information security that was first released in 2000. As such, it offers guidelines and voluntary directions for information security management. As information security becomes increasingly important to the continued success of businesses, many are seeking an appropriate security framework. The ISO/IEC 27002 standard is widely becoming the choice for many.

ISO/IEC 27002:2005 is meant to provide a high level, general description of the areas currently considered important when initiating, implementing or maintaining information security in an organization. While the initial version of the ISO standard (ISO/IEC 27002:200O) document, while providing substantial guidelines on critical security issues, still did not cover all areas of importance. Oliver Weissman from Germany and Angelika Plate from the UK, have over the last four years acted as joint project editors to update the original ISO document, and in June of 2005 ISO released a more comprehensive version of the standard. ISO/IEC 27002 is now one of the few accepted worldwide standards for information security. It has been adopted as a guideline by companies around the world, and the major consultancies have invested very heavily in developing ISO/IEC 27002 implementation programs, including training and certification of auditors.

Due to its worldwide acceptance, other standards, such as Japan’s Information Security Management System (ISMS) and ITIL’s Security Management book, have based their security recommendations on ISO/IEC 27002.

Key Elements of ISO/IEC 27002

ISO/IEC 27002:2005 addresses topics in terms of policies and general good practices. The document specifically identifies itself as “a starting point for developing organization specific guidance.” It states that not all of the guidance and controls it contains may be applicable and that additional controls not contained may be required. It is not intended to give definitive details or “how-to’s”. Given such caveats, the document briefly addresses the following major topics:

  • Security Policy
  • Organizing Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information Systems Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Benefits

The LogLogic Compliance Suite for the ISO/IEC 27002 Standard is the first solution of its kind. It delivers automated process validation, reporting and alerts based on infrastructure data to evidence and enforce business, and IT policies related to compliance. By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite removes the complexity and resource requirements for implementing control frameworks like ISO.

LogLogic’s Compliance Suite:

  • Automates compliance activities and dramatically improves audit accuracy.
  • Accelerates time to risk mitigation.
  • Allows organizations to use infrastructure data to provide evidence of and enforce IT controls.
  • Provides industry-leading reporting depth and breadth, including real-time reporting and alerting on ISO/IEC 27002 compliance.
  • Delivers 80 out-of-the-box Compliance Reports and 50 out-of-box alerts with executive-level views.
  • Enables customization of any Compliance Report to map reports against your company’s policies.

Organizations can use the LogLogic Compliance Suite: ISO/IEC 27002 Edition to:

  • Enforce controls using LogLogic technologies
  • Show auditors alerts and reports to prove your compliance status with LogLogic
  • Monitor continuously with LogLogic to ensure continuous compliance
  • Provide auditors LogLogic unaltered evidence of log data review and follow-up
  • Provide assurances of the integrity of the log data collected and reports
  • Log data allows organizations to manage the extreme challenges of meeting major ISO controls.

Identity and Access

LogLogic Compliance Suite: ISO/IEC 27002 Edition includes reports and alerts to show that all ISO-related systems (i.e., networks, applications, and databases) are appropriately secured to prevent unauthorized use, disclosure, modification, damage or loss of data. The risks of non-compliance may result in unauthorized and/or inappropriate access to key systems, which may negatively impact the security, integrity, accuracy and completeness of information.

Monitoring and Reporting

LogLogic Compliance Suite: ISO/IEC 27002 Edition includes reports and alerts to allow customers to continuously monitor the IT infrastructure for any security violations. Reports are provided in a format meaningful to the stakeholders. The monitoring statistics should be analyzed and acted upon to identify negative and positive trends for individual services as well as for services overall.

The risks of non-compliance in this area could significantly impact service availability as well as security of the IT infrastructure, which may negatively impact the security, integrity, accuracy and completeness of information.

Change Management

LogLogic Compliance Suite: ISO/IEC 27002 Edition includes reports and alerts to show that all systems and system changes are appropriately requested, approved, tested, and validated by authorized personnel prior to implementation to the production environment. These reports and alerts can also show that division of roles and responsibilities have been implemented to reduce the possibility for a single individual to subvert a critical process. Management needs to make sure that personnel are performing only authorized duties relevant to their respective jobs and positions.

The risks of non-compliance may result in unauthorized changes and/or improper roll-out of new source code to key systems. This may negatively impact the security, integrity, accuracy and completeness of information.

Security Management

LogLogic Compliance Suite: ISO/IEC 27002 Edition includes reports and alerts to show that all network security devices, including firewalls which control computer traffic into a company’s network, as well as IDS systems which monitor the computer traffic, have been configured appropriately to allow only the requested and approved traffic in and out of the network.

The risks of non-compliance may result in unauthorized access from the Internet. Often, seemingly insignificant paths to and from the Internet can provide unprotected pathways into key systems. Firewalls are a key protection mechanism for any computer network.

Availability Management

LogLogic Compliance Suite: ISO/IEC 27002 Edition includes reports and alerts to monitor the availability of critical IT infrastructure components. Alerts can be setup to monitor when critical components are sending abnormal amount of log data, which could indicate attacks on the component or that there are system errors, or have stopped sending log data, which could indicate failure of these components.

The risk of non-compliance could significantly impact the business viability and could prevent an organization from recording transactions and thereby undermine its integrity.

Continuity Management

LogLogic Compliance Suite: ISO/IEC 27002 Edition includes reports and alerts to monitor that data are backed up on a regular basis. Reports can be automatically generated to ensure that backups and restores are performed successfully.

Deficiencies in this area could impact the resilience of the infrastructure as well as the availability of critical resources.

Alerting & Reporting

The LogLogic Compliance Suite is the first solution of its kind to provide “out-of-the-box” support for COBIT 4.0 and ITIL, which are common frameworks used frequently by businesses to help achieve Sarbanes-Oxley Act compliance, and ensuresecurity and availability of IT assets in general.

The reports and alerts monitor the majority of controls defined in the new COBIT 4.0 IT audit framework specifically and cover all four sections broadly. The COBIT controls and corresponding LogLogic reports and alerts cover six important areas of IT risk management:

  • Access: Identity and access monitoring
  • Activity: User activity monitoring
  • Change: Change control monitoring
  • Security: Security monitoring
  • Infrastructure: IT infrastructure monitoring
  • Continuity: Business continuity management

By automating compliance reporting and alerting based on critical infrastructure data collected and stored by LogLogic’s appliances, the LogLogic Compliance Suite removes the complexity and resource requirements from implementing policies such as COBIT and ITIL to successfully meet SOX and other regulations.

Compliance reporting and alerting from LogLogic is ideal for IT administrators, auditors and financial executives who want to reduce time to compliance and realize dramatic improvements in risk mitigation and audit accuracy.

LogLogic allows for ongoing data monitoring and reporting and long-term archival so you can attest compliance activities on an ongoing basis. Breakthrough Log Learning technology delivers the industry’s first smart behavioral alerts, which can be set by device, device group or network. Adaptive baseline, network policy and ratio-based alerts are all powered by artificial intelligence and machine learning technology. Managers receive early warning of insider misuse and unusual or suspicious behavior they can act quickly.

Customizable Compliance Reporting

LogLogic Compliance Suite uses LogLogic’s unique Agile Reporting Engine to allow on-the-fly customization of templates. Using Agile Reporting functionality, customers can match information log data against specific corporate controls and policies. Agile Reporting differentiates LogLogic’s compliance solution from industry alternatives based on static reports. Instead of having to write Perl scripts of statements to customize reports, Agile Reports can be customized with a few simple mouse clicks.

Real Alerts and Reports Based on Real Data

LogLogic Compliance Suite delivers reports and alerts on all four areas of the IT risk management framework defined by COBIT:

  • Plan and organize (PO): This domain covers strategy and tactics, and identifying the way can best contribute to achieving business objectives.
  • Acquire and implement (AI): To realize the IT strategy, IT solutions need to be identified, develop or acquired, as well as implemented and integrated into the business process.
  • Delivery and support (DS): This domain is concerned with the actual delivery of required services, which includes service delivery, security and continuity management, service support for users, and data and operational facilities management.
  • Monitor and evaluate (ME): All IT processes need to be regularly assessed over time for quality and compliance with control requirements. This domain addresses performance management, internal control monitoring, regulatory compliance and governance.

ROI

LogLogic customers normally experience a return on their investment of six months or less. The ROI of deploying the LogLogic solution can be measured in terms of:

  • Reduced cost and complexity of log management. LogLogic accelerates the time to identifying and reporting on critical log data and significantly reduces the infrastructure and labor costs associated with log management.
  • Improved storage and log data retention, reducing the amount of storage required and better utilizing existing NAS and SAN resources.
  • Better utilization of existing network and IT management systems. Log Routing technology directs critical log data, alerts and reports to the application of your choice, reducing the need to manage multiple systems and the associated costs of training, maintenance and support.
  • The ability to capture log data from virtually any application or device, eliminating the need for multiple systems. You can capture and store your data once, then report and alert to many different applications.
  • Reduced downtime and accelerated threat remediation — LogLogic protects valuable data, saving resources and reducing downtime.
  • Automate key compliance activities such as log data collection, retention and analysis. LogLogic generates reports in real-time for proof of compliance.
  • Improved business continuity through mitigating the risk of network incidents and attacks.
  • Improved security by deterring IP theft and malicious attacks, and achieving greater insight into user activity

Learn More