ISO 27002 Gap Analysis

Challenge & Solution Why Fishnet Security Service Details  

Challenge

The International Electrotechnical Commission (IEC) ISO/IEC 27001/2 combine to create a set of best practice security controls and guidance for the development of information security management systems requirements (ISO 27001). ISO 27002 is an internationally accepted code of practice for information security, establishing guidelines and general principles for initiating, implementing, maintaining and improving information security management in an organization. Incorporating a set of 39 key control objectives for information security, it acts as a comprehensive set of best practice security controls. Understanding and acting on the breadth of the requirements of ISO 27002 is a formidable undertaking, and it requires significant resources and commitment from any organization.

Solution

The FishNet Security ISO 27002 Gap Analysis service provides an assessment of an organization's implementation of ISO 27002 control recommendations. The gap analysis is a good step toward understanding the effectiveness of the control environment and is a potential starting point for eventual Information Security Management System (ISMS) certification. FishNet Security reviews the organization's current implementation of ISO 27002 control recommendations and creates a gap analysis that clearly identifies the remediation steps required to achieve alignment with ISO 27002.

Our experts discover, analyze and report on data findings relevant to implementation —  verifying your current ISO 27002 requirements, providing a roadmap for continuous compliance and delivering an overview of the project. We also provide knowledge transfer and recommendations after the engagement to assist organizations with their ongoing initiatives.

Benefits

  • Through pre-assessment, assists organizations in preparations for onsite audits, providing a detailed roadmap of remediation steps
  • Deploys FishNet Security experts to apply an internationally accepted list of security control objectives and recommendations across a range of 11 security domains
  • Provides comprehensive analysis to align organizations with security controls and best practices for potential ISO/ISMS certification
  • Aligns the organization with industry-regarded security best practices

FishNet Security's comprehensive ISO 27002 Gap Analysis service is designed to align organizations with the security controls and best practices required for ISO certification. Pre-assessment services help define the applicable scope for an ISO assessment, and FishNet Security consultants assist with remediation of identified issues. Services include:

  • Review of current audit preparedness for compliance with standards
  • Preparation of a gap analysis that clearly identifies the remediation steps required to achieve ISO 27002 compliance
  • Discovery, analysis and reporting on data findings relevant to compliance, thereby verifying the current status of compliance with ISO 27002 requirements
  • Development of a roadmap for continuous complianceDelivery of an overview and summary of the completed project

A company committed to information security excellence, FishNet Security has a long history of assessing, designing, building and managing security and compliance programs for clients of all types and sizes that operate within all industries. With unprecedented knowledge and expertise, our security and compliance professionals stay on top of new and emerging threats and regulatory requirements and are intimately familiar with the accompanying security challenges and proven mitigation processes.

By engaging FishNet Security for your compliance needs, you can leverage our:

  • Deep experience and institutional knowledge related to the ISO 27002 domains
  • Trusted advisor and strategic approach
  • ISO lead auditors
  • Comprehensive experience with product-based solutions
  • Broad industry experience
  • Comprehensive, customizable offerings