How to use the NIST SP800 series of standards for ISO 27001 implementation?

 


Although ISO 27001 Certification in Dubai, an international standard for information security management, provides control objectives and controls that cover a wide range of security issues, they are not exhaustive. Thus, ISO 27001 clauses 6.1.3 b) and c) note that an organization can go beyond the standard’s controls to set proper security levels, by developing its own solutions or using other knowledge sources. This article will show you an alternative to ISO 27002 as guidance to support ISO 27001 controls implementation: the NIST SP 800 series. You will see what they are about and their general structure compared to those of ISO 27001 and ISO 27001 Services in Saudi Arabia.

The NIST SP 800 series

The NIST SP 800 series is a set of free-to-download documents from the United States federal government, describing computer security policies, procedures, and guidelines, published by the NIST (National Institute of Standards and Technology), containing more than 130 documents.

NIST SP 800 series documents for information security management and risk assessment Like the ISO 27001 in Dubai series, the SP 800 series provides information covering management and operational information security practices, but in a greater number of documents. To provide specific guidance for integrating information security risk management with organizational operations, the NIST 800 SP series has the document SP 800-39 – Managing Information Security Risk. For risk assessment, the SP 800 series has a documentation set created using a six-step risk methodology:

1.      Categorize: prioritization of information systems based on impact assessment. Detail is found in the document SP 800-60 rev.1.

2.      Select: definition of controls to be used, based on the impact assessment and baselines. SP 800-53 Rev.4 is the reference document for this step.

3.      Implement: implementation of the controls and document elaboration. Detail is found in the document SP 800-160.

4.      Assess: confirmation that controls are implemented correctly, operate as intended, and produce the desired outcomes. Detail is found in the document SP 800-53 A rev.4.

5.      Authorize: acceptance of the risk scenario, and authorization for information systems operation and use. Detail is found in the document SP 800-37 rev.1.

6.      Monitor: accompaniment on an ongoing basis of information systems and operational environment to determine controls’ effectiveness and compliance. Detail is found in the document SP 800-137.

 

NIST SP 800 series documents for ISO 27001 consultant in Dubai controls implementation

The SP 800 series has numerous standards that cover 256 safeguards. This is where SP800-53 is very useful, because it organizes all those safeguards into 18 categories:

1.      SP 800-61 rev. 2: guidelines for detecting, analyzing, prioritizing, and handling incidents to respond to them effectively and efficiently (supporting ISO 27001 A.16).

2.      SP 800-50: guidelines for designing, developing, implementing, and evaluating an awareness and training program (supporting ISO 27001 consultant in Saudi Arabia A.7.2.2).

3.      SP 800-116: risk-based approach for selecting appropriate authentication mechanisms to manage physical access (supporting ISO 27001 A.11.1.2).

4.      SP 800-46 rev. 1: practices for mitigating the risks associated with technologies used for telework (supporting ISO 27001 consultant in Saudi Arabia A.6.2.2).

5.      SP 800-122: orientations for protecting the confidentiality of personally identifiable information (PII) in information systems (supporting ISO 27001 A.18.1.4).

6.      SP 800-161: guidance on identifying, assessing, selecting, and implementing risk management and controls to manage ICT supply chain risks (supporting ISO 27001 Certification in Saudi Arabia A.15).

7.      SP 800-92: guidance on developing, implementing, and maintaining effective log management practices (supporting ISO 27001 A.12.4).

8.      SP 800-88 rev.1: recommendations for implementing a media sanitization program, considering techniques and controls for sanitization and disposal of sensitive information (supporting ISO 27001 A.8.3.2 and A.11.2.7).

9.      SP 800-83 rev.1: guidance on preventing malware incidents and responding to malware incidents (supporting ISO 27001 A.12.2.1).

10.  SP 800-64 rev.2: description of key security roles and responsibilities required in development of information systems, and information about the relationship between information security and the Software Development Life Cycle (supporting ISO 27001 A.14.2).

11.  SP 800-45 rev.2: provides security practices for designing, implementing, and operating email systems on public and private networks (supporting ISO 27001 A.13.2.3).

12.  SP 800-44 rev.2: presents security practices for designing, implementing, and operating publicly accessible Web servers and related network infrastructure (supporting ISO 27001 A.14.1.2).

13.  SP 800-41 rev.1: provides guidance on developing firewall policies and selecting, configuring, testing, deploying, and managing firewalls (supporting ISO 27001 A.13.1).

14.  SP 800-34 rev.1: provides information about information system contingency planning and other types of security and emergency contingency plans (SDLC) (supporting ISO 27001 Implementation in Dubai A.17).

Improve your options through multiple knowledge sources

The security implementation must have a holistic view to be effective, and for that, the more input to define the controls the better.

 

How to get ISO 27001 Consultant in Dubai?

Are you looking to get certified the new version of ISO 27001 in Dubai? Certvalue is Having Top Consultant to give ISO 27001 Services in Dubai.it helps the organization to meet its Customer Requirements. After getting Certified under ISO 27001 Consultant in Dubai it helps to get more income and business for new customers. We are the top Certvalue Service provider for each one of your necessities. Feel free to send an inquiry to certvalue.com

 

Comments

Post a Comment

Popular posts from this blog

High PR Do-follow Backlinks.

High PR backlinks square measure once you get a link to your web site from an internet site that encompasses a high level of authority or page rank. they're thought of to be the foremost powerful sort of backlink you'll be able to get, A few years past high PR backlinks from manual diary commenting exploded and have become one in every of the foremost in style ways in which to create high PR links quickly and effectively. Way some time past they were terribly powerful particularly if you leveraged the strength of high PR comment links. It was implausibly straightforward to rank pages with nothing however diary comments on the other hand tools like Scrape box came on and ruined the party eachone|for everybody as every man and his dog was blasting many thousands of comments out per day and that they settle down effective,If you wish to spice up your websites traffic and ranking in Google and alternative search engines, then this list of High PR do-follow Backlinks sites assist yo...
Read more

High PR do-follow blog submission.

Communication becomes the most powerful overpass between website and visitors; every website requires demand SEO efforts to make it famous and popular among the visitors. Link building is the most virtual way to get backlinks for your website and the blog commenting method is one of these link building methods, It helps to raise the popularity of your website and also get conversions for your products and services, Blog commenting method not only support to get more backlinks but also create contact between visitors and website owners, Blog commenting is specially made for blog sites in which bloggers, blogs and blog reader keep connected and readers can give instant reactions about the blog. In this process, bloggers and readers communicate with each other, where readers directly express their judgment about the content of blogs and bloggers also make aware of the response of their blogs.    Benefits of Using Blog Submission Sites Lists Blog submission directories are h...
Read more

Private Limited Company Registration.

Image
Private limited company is the most conventional legitimate corporate element in India. A company enroll is an enlist of association in the purview they work under Companies Act, 2013 and CIR 2014. The private limited company has at least 2 to 200 individuals and chiefs from 2 to 50 individuals. Any individual can be both either Director or investor. Investors with limited obligation and its offers may not be offered to the overall population, Private limited company can raise the assets from outside nationals, NRI's, remote direct speculator. It additionally issues value shares, debentures with RBI consent. A private limited company's exposure prerequisites are lighter, yet its offers may not be offered to the overall population and in this manner can't be exchanged on an open stock trade, CA ADDA is the quickest developing company registration benefits in India, giving the Pvt.Ltd, LLP, Public Ltd company, one individual company registration. Our company gave a more prom...
Read more