Author
Abstract
The ISO 270011 standard from the ISO/IEC 27000 family is a well-known reference framework for information security management. It defines and details controls and processes required for compliance with security practices. It provides companies with guidance and tools to adequately protect their technological environment and their information against security breaches, thereby simultaneously increasing the trust of their customers. Being ISO 27001 compliant provides a real competitive advantage and is even a requirement for some RFP tenders. Being ISO 27001 compliant or other equivalent governance frameworks, such as COBIT,2 is not a luxury for certain companies, especially those offering cyber security services. This framework has become a must to work with certain companies who have specific regulatory and legal constraints, such as PCI and SOX for banking environments, SOC I & II or NERC for companies operating in operational technology (OT) (SCADA/ICS) environments in North America. This paper puts forth a practical use case inspired by a real project initiated to reinforce the security governance framework of a major IT company offering cyber security (Bell Multi Services [Bell MS]) to financial firms and OT (SCADA/ICS) companies. To avoid advertising or unintentionally revealing confidential information, some information which is too specific and not relevant to this paper has been removed. The security and compliance programme executed for this company will be identified by a fictive name: SecurePhoenix programme. The objective of this programme was clearly to enhance the level of security services (risk management, logging and monitoring management, incident management, vulnerability management, identity and access management, etc.) offered by Bell Canada3 Multi Services security team for multi clients (here referred to by the fictive name Bell Security Operational Center [Bell SOC]). A year after SecurePhoenix launched all projects, the triad parameters (budget, time, quality) were all in the red. Bell Canada — or, more specifically, Bell MS — therefore hired the current author’s company, project management, audit and cyber security expertise to bring it the programme back on track.
Suggested Citation
Cissé, Moh, 2019.
"An ISO 27001 compliance project for a cyber security service team,"
Cyber Security: A Peer-Reviewed Journal, Henry Stewart Publications, vol. 2(4), pages 346-359, June.
Handle:
RePEc:aza:csj000:y:2019:v:2:i:4:p:346-359
Download full text from publisher
As the access to this document is restricted, you may want to search for a different version of it.
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:aza:csj000:y:2019:v:2:i:4:p:346-359. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Henry Stewart Talks (email available below). General contact details of provider: .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.