ISO 27001 is a framework for an Information Security Management System (ISMS) to address the management of information risks. Annex A of the 27001 specification documents specific information security controls, which ISO/IEC 27002 further expands upon.
These information security controls protect the confidentiality, integrity, and availability of information with risk management as the primary driver of the control objectives.
The standard is structured logically around 14 security control families, 35 control objectives, and more than 114 individual controls.
Continuous Compliance Solution with RiskForesight
Caveonix RiskForesight implements continuous compliance of controls critical to ISO 27001 evaluation and reporting for identifying risk across infrastructure and applications. Risk management is a critical component of ISO/IEC for the effective migitation of risk. RiskForesight performs thousands of checks mapped to ISO 27001 sections and more than 20 other common security and privacy frameworks such as the NIST Cyber Security Framework, PCI, and NIST 800-53. Caveonix RiskForesight tracks and reports your adherence to requirements and determines the impact of vulnerabilities and configuration changes to your secure compliance baseline.
RiskForesight detects compliance drift, intelligently analyzes risk and provides recommendations to bring your applications back into compliance.