IT Security
Information Security Management System (ISMS)
The main body of ISO/IEC 27001 formally specifies a number of mandatory requirements that must be fulfilled in order for an Information Security Management System (ISMS) to be certified compliant with the standard. The ISO standard requires management control to determine the organization's information security risks, assess them, decide how those risks are to be treated, treat them and monitor them, using the policies and procedures defined in the ISMS.
Nemo's evaluation process includes the following 13 main business areas
IT Organization and Policies
Vendor's Management
Security Awareness
Information Management
Configuration Management
Access to Programs and Data
Change Management
OS and Network Security
Encryption
Remote Access
IT Business Operations
Incident Management
Confidentiality - Integrity - Availability
Security governance, management concepts and principles are inherent elements in a security policy and in a solution deployment. They define Goals and Objectives useful for the Policy maker, and the designer/ implementer. The primary goals and objectives of security are contained within the CIA triad. Confidentiality, Integrity, and Availability. Security controls typically evaluate how well they address these three core information security tenets. Overall a complete security solution should adequately address these. Vulnerabilities and Risks are also evaluated based on the threat they pose against one or more of the CIA principles.