ISO 17799
ISO 17799 was created in October 2000 as an international standard for information security and is widely regarded as the most complete security guideline in existence. NetIQ assists companies in their efforts to maintain adherence to ISO 17799 by providing best of breed, modularly integrated solutions in the areas of Performance & Availability Management, Security Management, Configuration & Vulnerability Management and Operational Change Control.
Business Problem
ISO 17799 contains 10 working sections that define the information security standard. These sections include, among others, standards for establishing Security Policy, Asset Classification and Control, Access Control and Compliance. However, ISO 17799 does not mandate specific procedures nor define how to implement the necessary controls. As such, companies who wish to adopt ISO 17799 are faced with these challenges:
- Assessing, planning and designing programs for ISO 17799 compliance
- Implementing and coordinating the people, processes and technology required to meet the standards
- Continually managing and maintaining the security controls and procedures put into place, along with the necessary oversight, correction and adjustments when standards are not met
The NetIQ Solution
NetIQ solutions across systems management, security management and administration assist you in the planning, implementation and management of controls necessary to meet the standards of ISO 17799. NetIQ has a variety of products for establishing written security policies, classifying and controlling access to systems and the information they contain and reporting on the areas of security weakness. NetIQ solutions also are successful in controlling system and service failures and detecting and eliminating viruses and worms.
- Performance Management – Meet service level commitment, end-user expectation and business-driven IT performance objectives, while reducing your operating costs.
- Security Management – Monitor your diverse security environment, resolve incidents and satisfy log management requirements without consuming all your time and resources.
- Configuration Management – Demonstrate IT compliance with policies and regulations through security configuration management, regulatory mapping and reporting.
- Change Control – Control and audit system changes to assure the integrity of your distributed IT infrastructure through time-based, task-specific permissions management.
- Windows Administration – Delegate and automate administrative tasks to streamline your work, while maximizing your return on Windows and Active Directory.
Key Features
In addressing the requirements to meet ISO 17799 standards across the working sections, NetIQ products can help in a number of areas, including:
- Security Policy. NetIQ VigilEnt Policy Center automates the process of information security policy establishment, review and approval. The first step in achieving ISO 17799 standards acceptance is the creation of a formal, written set of Information Security policies. VigilEnt Policy Manager enables companies of all sizes and industries to develop a set of policies, standards and other internal security guidelines, and publish them to all stakeholders for review.
- Access Control. NetIQ Security Administration Suite allows you to control access by internal and third party (partners, suppliers, contractors) individuals via roles-based access control for managing user accounts, computers, groups and local resources. It ensures consistency between the access controls of multiple systems and provides separation of duty enforcement between development and operation teams.
- Business Continuity Management. ISO 17799 standards require you to establish plans to reduce the risk of business interruption, limit the consequences of damaging incidents and ensure the timely resumption of operations.The NetIQ AppManager Suite provides you with the capability to manage service levels, ensure compliance with SLAs, decrease recovery time and more effectively resolve root causes of system and application problems that can result in outages. NetIQ Security Manager protects against intrusions, manages and correlates security events and sends notifications to appropriate personnel. It also delivers remediation, such as deletion of unauthorized processes or services and server shutdown upon virus detection.
- Compliance. To achieve success in acceptance and usage of the ISO 17799 standards, compliance to the standards must be demonstrated. NetIQ Secure Configuration Manager assists in this by identifying and reporting on observed or suspected security weaknesses, including malicious software, multiple user IDs and accounts, weak passwords, inappropriate user access rights and systems lacking proper audit enablement. The NetIQ Risk and Compliance Center solution provides the ability to quickly and easily view the status of ISO 17799 compliance efforts with graphs and charts showing those systems which are in compliance, not in compliance and pending assesment.
