It-Auditing

INFO6008

Assignment Week-8 (ISO)

I.T. Auditing

Ans1:-

• ISO27001 is a standard that is needed by an organization to implement the Information Security Management System which depicts the procedure to explain, implement, monitor and review the IT system security, whereas ISO27002 provides the guidelines and standards which are used by an organization to improve its existing  IT infrastructure and resources.
• ISO27001 focuses on organization needs but ISO27002 emphasizes on individual needs.
• ISO27001 is mandatory requirement of any IT organization that is essential to be followed to certify it, whereas ISO27002 explains the best practices that an organization can follow to improve itself.
• ISO27001 explains the management controls that are needed to be followed by an organization but ISO27002 lists the operational controls.
• For example, ISO 27001  have a control that needs the organization to do backups and  ISO 27002  have the same control , but with more development, it means the backups should be done at planned intervals, that should be tested, that an organization should backup data and software, etc.

Answer 2.

1. Implement strong Security policies:

Always make strong security policies to make your organization's network more secure also make awareness among staff about security and how important it is to follow proper security standards etc.

2. AAA : Use Authentication Authorization and Accounting this will help in securing network with something you have and something you know also it will keep track of what user is doing in logs so that network admin can see what users are doing.