Boosteroid project introduced International standard of information security management ISO 17799:2005 (ISO 27002:2005) early in August, 2017.
Certified ISO 17799:2005 (ISO 27002:2005) professional, Boosteroid CTO Ivan Sorbat audited Boosteroid infrastructure on the compliance with all aspects of International standard of information security management while the preparation to the second ICO stage that starts on November 27th, 2017.
Why did Boosteroid project applied ISO 17799:2005 standard?
The control objectives and controls in ISO/IEC 17799:2005 (27002:2005) are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.
ISO 17799:2005 certification shows business partners, investors and clients that the company cares about effective information security management. This is a distinct competitive advantage
that proves that the company is able to manage its information risks.
Audit was performed in several stages (14 days).
The first stage included the analysis of statutory documents on information security.
During the second stage a survey of competent persons involved in information risks management (IT-departments specialists) and randomly taken users of the project IT-system was carried out using the Condor methodology.
At the third stage, a technological verification of Boosteroid information system security was made.
Final conclusion on the compliance with the ISO 17799:2005 requirements
The results of the first and the second audit stage were analyzed and checked in accordance with the results of the third stage. Some vulnerabilities were detected and eliminated, comments on business processes were made, roles were identified and levels of access to categorized information were configured. Also, some practical recommendations were developed to manage information risks.
The auditor confirms that Boosteroid project is able to manage information risks, business processes and complies with ISO 17799:2005 (ISO/IEC 27002:2005) control objectives and controls in the following areas of information security management:
- security policy;
- organization of information security;
- asset management;
- human resources security;
- physical and environmental security;
- communications and operations management;
- access control;
- information systems acquisition, development and maintenance;
- information security incident management;
- business continuity management;
What is ISO/IEC?
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
Why information security is required?
Information and the supporting processes, systems, and networks are important business assets. Defining, achieving, maintaining, and improving information security may be essential to maintain competitive edge, cash flow, profitability, legal compliance, and commercial image.
Organizations and their information systems and networks are faced with security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Causes of damage such as malicious code, computer hacking, and denial of service attacks have become more common, more ambitious, and increasingly sophisticated.
Information security is important to both public and private sector businesses, and to protect critical infrastructures. In both sectors, information security will function as an enabler, e.g. to achieve e-government or e-business, and to avoid or reduce relevant risks. The interconnection of public and private networks and the sharing of information resources increase the difficulty of achieving access control. The trend to distributed computing has also weakened the effectiveness of central, specialist control.