ISO IEC 27002
            2013 Information Security Audit Tool

ISO IEC 27002 is a comprehensive information security management standard.
It takes a very broad approach and can be used by any organization to protect
and preserve the confidentiality, integrity, and availability of its information.

This page will describe our ISO IEC 27002 2013 Information Security Audit Tool.
However, it will not present the entire product. Instead, it will show you how it is
organized and it will introduce our approach (see PDF samples, below). Once you've
examined our approach, we hope you'll purchase our information security audit tool.

Our detailed audit process consists of fourteen questionnaires, one for
each of the fourteen parts (5 to 18) that make up the ISO IEC 27002 2013
information security standard. We also provide a mini audit questionnaire
(part 4) that you can use to carry out a quick information security audit or
to decide what general areas need more detailed attention.

For each question, three answers are possible: YES, NO, and EXCLUDE
(Y, N, X).  A YES answer means youíre in compliance with the standard,
a NO answer means youíre not in compliance, and an EXCLUDE answer
means that a question can be excluded because itís not applicable in your
situation. Next to the questions and response options, we also provide a
column that you can use to record brief notes and comments.

YES answers point to security controls that you've already implemented
and security practices that are already being followed. They require no
further action. In contrast, NO answers point to information security gaps
and weaknesses. Each NO answer reveals a gap that exists between the
ISO IEC 27002 2013 standard and your organizationís current activities.
NO answers point to security controls that should be implemented
and security practices that need to be followed.

Since ISO IEC 27002 distinguishes between information security controls
and information security guidelines, our audit questionnaires do as well.
Controls are any administrative, managerial, technical, or legal methods
and measures that are used to modify or manage information security
risks while guidelines explain how controls are implemented. Weíve
shortened these labels as follows: GUIDE and CTRL.

Once youíve completed your audit, you can summarize it using our
Security Performance Scores report (part 2, below). Security scores are
calculated by using your YES and NO answers. These scores can be used
in at least two ways. Firstly, they can give you a quick way of determining
which general areas you need to emphasize and therefore where remedial
resources ought to be allocated. Secondly, these scores can be used to
measure whether your performance is improving over time.

Once youíve completed your security audit and summarized the results,
youíre ready to put together your audit report. Your audit report should
summarize your information security gaps and weaknesses. It should
also make recommendations (assuming you're expected to do so).
Use NO answers to identify security gaps and weaknesses and
to prepare your information security recommendations.

Since our questionnaires can be used to identify the gaps that exist
between ISO's security standard and your security practices, it can also
be used to perform a detailed gap analysis. Once you've filled all the gaps,
you can be assured that you've done everything possible to protect your
organization's information. If you use our audit tool you will not only
comply with ISO's security standard but you will also improve the
performance of your information security management system.


ISO IEC 27002 2013 INFORMATION SECURITY AUDIT TOOL

PART

TABLE OF CONTENTS (TITLE 38)

PAGE

1

Audit Profile 

3

2

Audit Summary

4

3

Introduction to Audit

5

4

Mini Security Audit Tool

6

5

Security Policy Management Audit

13

6

Corporate Security Management Audit

16

7

Personnel Security Management Audit

PDF

Organizational Asset Management Audit

32

9

Information Access Management Audit

43

10

Cryptography Policy Management Audit

57

11

Physical Security Management Audit

62

12

Operational Security Management Audit

77

13

Network Security Management Audit

97

14

System Security Management Audit

106

15

Supplier Relationship Management Audit

PDF

16

Security Incident Management Audit

131

17

Security Continuity Management Audit

137

18

Security Compliance Management Audit

141

 


Attention

Now that you understand our approach, please purchase our:
Title 38: ISO IEC 27002 2013 Information Security Audit Tool.

If you purchase our ISO IEC 27002 2013 Audit Tool, you'll find
that it's integrated, detailed, exhaustive, and easy to understand.
You'll find that we've worked hard to create a high quality product.
In fact, we
guarantee the quality of our information security audit tool.

Title 38 is 151 pages long and comes in pdf and MS doc file formats.

See PDF Audit Sample Part 7

See PDF Audit Sample Part 15

Place Order 

Check Prices

See License


MORE ISO IEC 27002 PAGES

Introduction to ISO IEC 27002

Overview of ISO IEC 27002 2013

How to Use the ISO IEC 27002 2013

Information Security Control Objectives

ISO IEC 27002 Translated into Plain English

Plain English ISO IEC 27000 2014 Dictionary

Plain English ISO IEC 27002 2013 Checklist

ISO IEC 27002 2013 vs ISO IEC 27002 2005


Home Page

Our Libraries

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited            help@praxiom.com           780-461-4514

Updated on December 31, 2016. First published on April 21, 2014.

Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2014 - 2016 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom
            Research