ISO 27001/02

ISO 27002 Risk Assessment

If you are in any type of business, the legal and regulatory penalties or fines enforced by the Federal or State government always fall on top management to make the company and/or its top management personally liable and responsible for wrongdoing by not the following industry defined stringent security, corporate, and other compliance standards and regulations. Our mission is “Make Enterprise Cyber-Secure and Regulatory Compliant”.

It is solely on the top management’s responsibility and burden to perform reasonable due care and due diligence to implement proper security policies, procedures, and standards and provide reasonable protections and safeguards to company assets, people, data and mission-critical business operation.

If you do not have time or a skilled and qualified resource, we can help your organization in planning, assessing current and desire security posture along with identifying all risks, vulnerabilities, and operational and processes driven fatal red flags followed by working to deploy all required countermeasure security controls to reduce, mitigate, or transfer risk.

Since 2000, Our professional team members have assisted U.S. Federal Government Agencies, State of California Government Agencies, and Fortune 100, 500, and 1000 public and private world-class international companies to identify cybersecurity threats, vulnerabilities, business and processes gaps, and red flag, and able to timely deploy security countermeasure solutions and/or compensating or alternative controls which reduce or eliminate security risks, threats, and vulnerabilities.

We specialize in Enterprise Security Strategies and Planning, Risk Assessment, Infrastructure, and Web Application Cyber Security Threats Assessment, Cloud Security, Security Compliance Standard (SOX, PCI-DSS v3.1, HIPAA, FISMA, NIST-800), Security Awareness, Policy Program along with unique and hybrid expertise evaluating and assessing Vendors and Business Partner Security Risk Assessment. Our mission: Your Rock-Solid Security is Our # 1 Priority. With our years of real-world hands-on work expertise, special skills, and our unique methodologies, we can make your company “Hack-proof, Hack-resilient, and Security-compliant!”

Call us today at 951-267-1000 or email us at Info@eSecurityAuditors.Com.

What is ISO 27001/02 (Formally Known 17799) Compliance?

ISO 27001/02 is an information security code of practice. It includes a number of sections, covering a wide range of security issues. Very broadly, the code’s sections are as follows:

1. Risk Assessment and Treatment

This addition to the latest version of the code deals with the fundamentals of security risk analysis.

2. System Policy

Objective: Provide management direction and support for information security.

3. Organizing Information Security


a) Manage information security within the organization.

b) Maintain the security of information and processing facilities with respect to external parties.

4. Asset Management


a) Achieve and maintain appropriate protection of organizational assets.

b) Ensure that information receives an appropriate level of protection.

5. Human Resources Security


a) Ensure that employees, contractors, and third parties are suitable for the jobs they are considered for and understand their responsibilities; reduce the risk of abuse (theft, misuse, etc).

b) Ensure that the above persons are aware of IS threats and their responsibilities, and able to support the organization’s security policies.

c) Ensure that the above persons exit the organization in an orderly and controlled manner.

6. Physical and Environmental Security


a) Prevent unauthorized physical access, interference, and damage to the organization’s information and premises.

b) Prevent loss, theft, and damage to assets.

c) Prevent interruption from the organization’s activities.

7. Communications and Operations Management


a) Ensure the secure operation of information processing facilities.

b) Maintain the appropriate level of information security and service delivery, aligned with third-party agreements.

c) Minimize the risk of system failures.

d) Protect the integrity of information and software.

e) Maintain the availability and integrity of information and processing facilities.

f) Ensure the protection of information in networks and of the supporting infrastructure.

g) Prevent unauthorized disclosure, modification, removal, or destruction of assets.

h) Prevent unauthorized disruption of business activities.

i) Maintain the security of information and/or software exchanged internally and externally.

j) Ensure the security of e-commerce services.

k) Detect unauthorized information processing activities.

8. Access Control


a) Control access to information.

b) Ensure authorized user access.

c) Prevent unauthorized access to information systems.

d) Prevent unauthorized user access and compromise of information and processing facilities.

e) Prevent unauthorized access to networked services.

f) Prevent unauthorized access to operating systems.

g) Prevent unauthorized access to the information within application systems.

h) Ensure information security with respect to mobile computing and teleworking facilities.

9. Information Systems Acquisition, Development, and Maintenance


a) Ensure that security is an integral part of information systems.

b) Prevent loss, errors, or unauthorized modification/use of information within applications.

c) Protect the confidentiality, integrity, or authenticity of information via cryptography.

d) Ensure the security of system files.

e) Maintain the security of application system information and software.

f) Reduce/manage risks resulting from the exploitation of published vulnerabilities.

10. Information Security Incident Management


a) Ensure that security information is communicated in a manner allowing corrective action to be taken in a timely fashion.

b) Ensure a consistent and effective approach is applied to the management of IS issues.

11. Business Continuity Management


a) Counteract interruptions to business activities and protect critical processes from the effects of major failures/disasters.

b) Ensure timely resumption of business activities and critical processes in the event of failure/disaster.

12. Compliance


a) Avoid the breach of any law, regulatory or contractual obligation, or any security requirement.

b) Ensure systems comply with internal security policies/standards.

c) Maximize the effectiveness of and minimize associated interference from and to the systems audit process.

Right Menu Icon