Does your organization do all that is required to ensure information security and cybersecurity?
Do you experience security breaches, or do you need to demonstrate to your customer or clients compliance with certain Information Security Management Standards?
ISO 27001:2013 Information Security Management System standard, also known as ISMS is the international standard that sets out the specification for an ISMS (Information Security Management Systems) recognized all over the world.
Its best-practice approach helps organizations to manage and maintain their information security ensuring that they are addressing security of their people and processes as well as technology.
An ISMS is a holistic approach to securing the CONFIDENTIALITY – INTEGRITY – AVAILABILITY (CIA) of corporate information assets.
It consists of policies, procedures and other controls involving people, processes and technology.
Informed by regular information security risk assessments, an ISMS is an efficient, risk-based and technology-neutral approach to keeping your information assets secure.
The Standard outlines 14 control categories with 114 standard information security management system controls but does not mandate that all 114 controls be implemented. Instead, the risk assessment should define which controls are required, and a justification provided as to why other controls are excluded from the ISMS.
ISO 27001:2013 – ANNEX A – THE 14 CONTROL CATEGORIES
• A.5 Information security policies
• A.6 Organization of information security
• A.7 Human resource security
• A.8 Asset management
• A.9 Access control
• A.10 Cryptography
• A.11 Physical and environmental security
• A.12 Operations security
• A.13 Communications security
• A.14 System acquisition, development and maintenance
• A.15 Supplier relationships
• A.16 Information security incident management
• A.17 Information security aspects of business continuity management
• A.18 Compliance
BENEFITS OF IMPLEMENTING ISO 27001:2013
ISO 27001 is the most highly regarded information security standards in existence. Independently accredited certification to the Standard is recognized around the world and its popularity has grown in the ANSI National Accreditation Board (ANAB) by more than 450% in the past ten years. Implementing ISO 27001 helps you meet the legal information security requirements in the USA:
DATA PROTECTION, PRIVACY LAWS, NIST, NETWORK AND INFORMATION DATA PROTECTION & CMMC.
• Having implemented ISMS controls helps to reduce the costs associated with data breaches;
• It protects your data, wherever it lives;
• It protects all forms of information, whether digital, hard copy or in the Cloud;
• It increases your organization wide attack resilience;
• It increases your organization’s resilience to cyberattacks;
• It also reduces information security costs;
BEST PRACTICE IMPLEMENTATION
Choosing JJK CONSULTING as your implementation partner, ensures your organization will implement only the security controls you really need, helping maximize your budget.
Our ISMS experts are all ISO27001:2013 certified Lead Auditors with many years of implementation experience and can make sure, that you will respond to evolving security threats in the best ways. This will lead to a more agile organization, one in which you can constantly adapt to changes externally and within the organization. Improved information security and company culture is the outcome.
An ISMS encompasses people, processes, and technology, ensuring staff understand risks and embraces security as part of their everyday practice. If meeting contractual obligations or demonstrating ISO 27001:2013 Certification to your customers is required, you will be able to do so, by easily demonstrating your organization’s commitment to information security.
This provides a valuable credential when seeking new business opportunities.
HOW TO ACHIEVE COMPLIANCE TO ISO 27001:2013
JJK CONSULTING is here for your organization to help you implement an ISO 27001-compliant ISMS. Our effective and budget friendly “hands-on” implementation services involve…
• SCOPING THE PROJECT
• Securing management commitment and budget;
• Identifying interested parties, and legal, regulatory, and contractual requirements.
• Conducting a risk assessment;
• Reviewing and implementing the required controls;
• Developing internal competence to manage the project;
• DEVELOPMENT OF YOUR APPROPRIATE ISMS DOCUMENTATION
• Reporting (e.g. the Statement of Applicability and risk treatment plan);
• Continually measuring, monitoring, reviewing, and auditing the ISMS; and
• Implementing the necessary corrective and preventive actions.
• And finally CONDUCTING STAFF AWARENESS TRAINING
This way your organization will be ready for ISO Certification Audit soon.
GET ISO 27001:2013 CERTIFIED ON TIME & BUDGET
We offer everything you need to implement an ISO 27001-compliant ISMS – you don’t need to go anywhere else.
We guarantee certification (provided you follow our advice!).
You benefit from real-world practitioner expertise, not just academic knowledge.
We have a proven and pragmatic approach to assessing compliance with international standards, no matter the size or nature of your organization.
Our pricing and proposals are completely transparent, so you won’t get any surprises.
We can help small organizations prepare for ISO 27001 certification in three months.
The US Department of Defense (DoD) has developed a new certification framework to address cyber risks in supply chains. The new “Cybersecurity Maturity Model Certification” (CMMC) establishes a 5-stage maturity approach for cybersecurity requirements. From June 2020 onwards, the requirements are to be established as part of Sections L and M of the “Request for information” (RFI) and in the tendering process from around September 2020 onwards.
Now let’s read on about the most important aspects of the CMMC and what is necessary to coordinate security processes, specifications and practices in compliance with the CMMC. The CMMC offers the DoD an instrument to enforce the current Defense Federal Acquisition Regulation Supplement (DFARS) requirements (DFARS clause 252.204-7012) in your contracts. Functionally, the CMMC is based on various standards, such as ISO 27001:2013, but has the highest degree of coverage with the “National Institute of Standards and Technology Special Publication 800-171”, the current standard for the protection of “controlled unclassified information” (CUI ).
What to do when my organization is working on the requirements from DFARS or NIST SP 800-171?
Organizations that already meet the requirements of NIST SP 800-171, are in a good position to look after certification of the CMMC Level 3. 130 controls are congruent with those of NIST SP 800-171; however, there are still 20 different controls in CMMC Level 3 added…
• Identification, classification – Identification of information
• Storage and analysis
• Audit Logs
• Event management
• Incident management
• Storage of backup data and Perform recovery tests
• Conducting code reviews In software development
• Cyberthreat Intelligence Management
• Network security
• Implementation of DNS filtering
• Use of email security (Spam filter, encryption, etc.)
How should organizations prepare for the CMMC?
If you are currently working with the DoD or will do so in the future structured preparation is essential. Even if still not everything about the CMMC is finalized, so many are already central Information and requirements are available on the DoD’s publications. The information are sufficient to prepare for the expected finalization of the framework in autumn 2020 to prepare.
With this in mind, we recommend the following steps over the coming weeks and months initiate:
• Identification of the information that is subject of the DoD contract and their complementary Processes, Systems and Applications. Consolidation this to reduce the “compliance footprint”.
• If you use CUI or “covered defense information” (CDI) yourself and already meet the requirements from DFARS which you need to follow, you should focus on at least one.
Set up for Level 3 certification.
• Carry out a detailed gap analysis to determine the current level of maturity and identify any gaps.
• Develop a roadmap to get the gaps structured close.
• As a subcontractor, you should look after your customers approach and find out whether this is already received information regarding CMMC.
How can JJK Consulting support your organization?
• analysis of information, processes and systems to identify the scope
• Assessments to determine the current degree of maturity and any gaps
• Development of a roadmap to fill gaps in a structured manner close & enable a higher degree of maturity
• Establishment of “security controls” and processes based on the required level
Our cybersecurity experts are happy to support you.
Ready to Explore New Possibilities?
Please contact JJK Consulting at your convenience for an initial consultation.
We’ll work with you one on one to determine a roadmap to success.
Call Today: 973-402-5889