Information Security Standard

The ISO27001 best-practice approach helps organisations manage their information security by addressing not only processes and technolog, but also people.

Independently accredited certification to the Standard is recognised internationally, indicating that your ISMS is aligned with information security best practices.

Laneden can offer services to help achieve and maintain your accreditation.

"Information about technical vulnerabilities of information systems being used must be obtained in a timely fashion, the organisations exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk"

ISMS Online

"Any vulnerability is a weakness in security protection and must be dealt with effectively and efficiently where risk levels are unacceptable."

ISMS Online

Annex A.12.6.1 Management of Technical Vulnerabilities, this annex is about technical vulnerability management. The objective here is to prevent the exploitation of technical vulnerabilities.

Concentrating efforts on three key areas:

  • Timely identification of security vulnerabilities;

    • The sooner you discover a vulnerability, the more time you will have to correct it, or at least to warn the manufacturer about the situation, decreasing the opportunity window a potential attacker may have.

  • Assessment of organization's exposure to a vulnerability.

    • Not all organizations are affected the same way by a certain vulnerability, or set of vulnerabilities. You have to do a risk assessment to identify and prioritize those vulnerabilities that are more critical to your assets and business.

  • Proper measures considering the associated risks.

    • Once you have identified the most critical vulnerabilities, you need to think about the actions and allocation of the resources you have to deal with them - that's your risk treatment plan. The most prudent form is by considering the risk level associated with them.

Laneden can help build a program of works to help your organisation achieve regular security testing, to understand the effectiveness of your technical controls, and help ensure security risks are defined and mitigation understood.

Providing a thorough and independent examination to identify security vulnerabilities within the software, systems, and network configurations.

Laneden can provide an on-site debriefing of the findings explaining how attackers could potentially gain control of your systems and exfiltrate data.

A comprehensive report is written containing an executive summary and is consumable by anyone in the organisation regardless of their technical background.

Along with enough detail to allow you to not only understand the risks but also concise and clear guidance on how to either mitigate or remediate those concerns.

" Technical vulnerabilities have been at the heart of many large security breaches reported in the media (and those that aren't!) and so it is essential that formal managed process are in place at an adequate and proportionate level.

ISMS Online