(Source: Tripwire) The ISO 27001 standard is primarily referred to as the Information Security Management System (ISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. As with several global standards, the scope of this standard is far reaching, with several sets of control objectives and guidelines. Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance.

ISO 27001 is recognized internationally as a structured methodology for information security. Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security, however it does not mandate specific procedures nor define the implementation techniques for gaining certification. Thus, companies being audited for ISO 27001 compliance deal with the same issues that plague companies facing regulatory audits: how to effectively achieve compliance and, following an audit, cost-effectively maintain it.

The Tripwire Enterprise solution provides organizations with powerful configuration control through its configuration assessment and change auditing capabilities. In this white paper, learn how with Tripwire Enterprise, organizations can quickly achieve IT configuration integrity by proactively assessing how their current configurations measure up to specifications as given in ISO 27001. This provides immediate visibility into the state of their systems, and through automating the process, saves time and effort over a manual efforts.