With data breaches increasing at a record pace, an Information Security Management System (ISMS) has transformed from an IT buzzword into a necessity for most organizations. According to a report recently released by the Identify Theft Resource Center, there were nearly 1,600 data breaches reported in the United States in 2017. This represents an increase of 44% from figures reported in 2016. More alarming is the average cost of a breach, estimated to be roughly $3.6 million per incident, according to a report conducted by Ponemon Institute. These numbers are only expected to increase in 2018, necessitating a proactive approach to cybersecurity.
To address the increasing occurrence of data breaches, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) published an updated version of ISO 27001 in 2013. Part of the ISO 27000 family of standards, ISO 27001 outlines the policies, processes, and procedures required to implement an ISMS. Regardless of organizational size or type, ISMS can be applied to secure information assets and manage information in all its forms. Organizations that meet these standards may pursue ISO 27001 certification following a successful audit. Not only is certification useful for protecting valuable data and information assets, but ISO 27001 covers many of the requirements necessary to adhere to the new General Data Protection Regulation (GDPR) that will be in effect May 25, 2018.
To account for updates to ISO 27001, we have released an enhancement to our Information Security Management System offering in version 6.4, released last week. Features new to the release include:
- Automatic risk scoping that allows for the simultaneous generation of ISMS risk and control records.
- ISMS Risks application that generates a snapshot of each risk facing ISMS assets at a point in time.
- ISMS Controls application that catalogs all control procedures applied to risks.
- ISMS Audit application that provides a taxonomy for reviewing risks and controls, generating findings, and applying exception requests.
- ISO 27001 questionnaire that identifies key gaps in the organization’s risk posture.
- Ability to apply ISO 27002 control procedures to mitigate inherent risks.
- Personas and record permissions necessary to managing an ISMS and enforcing role-based access control.
- Generation of a Statement of Applicability that can be provided to external auditors for ISO 27001 certification.
ISMS General Information Section
There are three components crucial to managing an ISMS:
- Determining key organizational assets
- Identifying potential risks
- Applying mitigating controls
As an organizational ISMS continues to evolve, these components must be regularly evaluated and refined to ensure risks facing crucial assets are properly mitigated. The RSA Archer ISMS use case sits at the convergence of these components, allowing users to seamlessly scope assets and stakeholders, manage inherent risk, and apply mitigating controls from a library of ISO 27002 content.
With RSA Archer ISMS users can:
- Protect the confidentiality, availability, and integrity of data
- Reduce costs associated with information security
- Provide a centrally managed framework for information security
- Ensure that information in all forms are secured
Interested in learning more? Join us for our Free Friday Tech Huddle this Friday, April 27 to hear more about the offering and see a live demo. The Free Friday Tech Huddles are available to existing RSA Archer customers. If you are not yet a customer but interested in learning more, please contact your local representative or authorized reseller—or visit us at www.rsa.com.