Even though ISO 27001 and ISO 27002 are robust frameworks generally used by large enterprise, they are starting to be seen as a requirement for some companies in the mid-market. Silent Sector works with organizations to build and mature proactive cybersecurity programs aligned to the ISO frameworks. Our techniques and services can then be used as the foundation for your long-term cyber risk management program.
Silent Sector's team of industry experts supports your objectives through the framework alignment process. From ISO 27001 gap assessments to implementation of specific controls, our team provides the guidance and expertise to meet the compliance requirements and simplify the audit process.
Silent Sector advances cyber risk management initiatives with effective solutions tailored to the size and industry of your company.
Contact Silent Sector today to find out more about aligning to the appropriate cybersecurity framework for your organization.
ISO 27001 is an internationally recognized framework that consists of standards developed by the International Organization for Standardization and the International Electrotechnical Commission. The organizations defined 14 control categories. These include Information security policies, organization of information security, human resource security, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier relationships, information security incident management, information security aspects of business continuity management, and compliance. This framework can be used to manage medium to large companies and can be used in multiple industries such as finance, telecom, and IT companies.
ISO 27002 is supplementary to ISO 27001, meaning to use ISO 27002, the organization must have already adopted the ISO 27001 framework. The biggest difference between the two frameworks is the amount of detail each gives and the application of the framework's controls. ISO 27002 goes into a deeper level of detail about each control and what is needed to be considered compliant. This framework is geared towards very large companies that already have a strong grasp on the ISO 27001 framework and have the resources to carry out a very strict and detailed control schema.
Not sure if the ISO 27001 or ISO 27002 frameworks are right for your organization? Contact Silent Sector for complementary consultation.