Tuesday, October 21, 2008

BTA Bank pioneered information Security Management System in Kazakhstan

The FINANCIAL -- BTA Bank JSC is a sole bank in Kazakhstan to successfully introduce the Information Security Management System (ISMS) in compliance with ISO 27001 of the British Standards Institute (BSI).

ISMS covers BTA-Online system that provides entities with online banking services. Within this certification international experts have named BTA-Online the product with a highest level of protection.

ISO/IEC 27001:2005 certificate will enhance confidence of both investment companies and borrowers in BTA Bank to as regards its ability to protect information entrusted to it since the ISMS eliminates a risk of threat to information security.

ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System. Only this standard can be used in a certification by an international standard that specifies requirements to the ISMS.

Development and introduction of the ISMS in compliance with ISO 27001 is a vital part of the IT strategy of Bank’s development and in general BTA strategy of turning into an international financial institution and raning among the major world’s banks.

Russia-based InformZaschita has designed the ISMS for BTA Bank JSC and introduced it.

Source: http://finchannel.com

Monday, October 20, 2008

"The Renaissance the Credit" has passed ISO 27001 certification

«The Renaissance the Credit» has confirmed conformity of a control system with information safety to requests of international standard ISO/IEC 27001:2005. ISO/IEC 27001:2005 establishes requests concerning definition, introductions, managements, monitoring, an estimation, support and constant perfection of a documentary control system by information safety (further – SUIB). This standard is the only thing suitable for certification by the international standard defining requests to SUIB.

«The qualitative system of information safety is one of necessary and priority conditions of successful business dealing of the credit organisations, therefore we always watch closely conformity of our internal procedures to the international and Russian standards, – the Chairman of board of KB« has commented on the Renaissance the Capital »Alexey Levchenko. – In our bank one of the most advanced IT Infrastructures is created, and we should be assured of reliable protection of confidential data».

Procedure of certification of a control system by information safety has been executed by the British institute of standards (British Standards Institution, further BSI) - the most authoritative service provider of certification of Control systems in the international market. It is remarkable, that «the Renaissance the Credit» became the first bank certificated BSI in Russia and the second Russian bank, received the certificate of conformity ISO 27001.

It is necessary to notice, that «the Renaissance the Credit» has conducted preparation for certification independently, without attraction of foreign advisers that confirms high qualification of the experts supplying information safety of bank, and also active sharing of a management in safety issues. The bank is not intended to remain in current borders of certification and plans its further expansion for all basic business processes.

Source: http://fin-forex.com

NCR Facility Attains ISO/IEC 27001 Certification

NCR Corp. announced its eCommerce Managed Hosting Services facility has achieved ISO/IEC 27001 certification recognizing the data center for meeting the International Standards Organization's exacting specifications for information security management. According to company officials, NCR's eCommerce Managed Hosting Services provides maximum secure protection of customer data for businesses running applications over the Internet."The ISO/IEC 27001 certification helps facilitate NCR's international expansion strategy to provide businesses in Europe and Asia Pacific with hosting solutions that deliver value for existing customer applications and help drive future capabilities including self-service and mobile transactions," said Chris Shea, NCR vice president, WCS Global Services Operations. "This certification explicitly underscores our ability to securely manage a customer's confidential data, provide highly compliant hosting services and address additional industry specific certifications and requirements."

The eight-month ISO/IEC 27001 certification process involved process documentation and numerous site audits by ISO inspection teams and BSI Management Systems, a management systems certification body.

"BSI was enthusiastic about the commitment and resources NCR implemented to ensure compliance with the rigorous ISO/IEC 27001 certification requirements," said Todd VanderVen, president of BSI Management Systems America. "With high standards of security, availability and risk management practices in place, NCR is well-positioned to provide customers with information security management processes and has established a structured framework to promote continuous improvement in meeting the specific needs of its diverse customers."

Source: http://www.tradingmarkets.com/

Tuesday, October 14, 2008

M I G awarded ISO 27001

ISO Certifications awarded to M I G Investments for meeting quality and security standards
M I G Investments has been awarded the ISO 9001:2000 certification in recognition of its standardized Quality Management best-practices, and the ISO 27001:2005 certification for standardized Information Security techniques. The move comes as M I G Investments leverages its international expertise as a major Swiss, online FX broker by bringing customers quality services, innovation, technology and high security standards.

Source: http://www.forex-blogs.net/

Saturday, October 11, 2008

Affinion Group Receives ISO Certification

The Affinion Group, a global leader in affinity marketing, has been awarded the esteemed ISO 27001 certification, the highest international standard for information security management in the world.

The group was lauded for their high information security practices and policies. Due to the global affinity marketing firm’s dedication to shield its clients from identity theft and scammers, the Affinion Group is the only company in the industry and one of the 50 companies in the United States that was given the prestigious ISO 27001 Certification. Only 4,100 companies all over the world hold the same recognition.

Apart from the Affinion Group, other U.S. organizations that share the same commendation are Sun Microsystems, Bechtel Corp., Reuters America, The World Bank, Citigroup Technology, and Xerox Corp. among others.

The ISO Certification establishes Affinion’s longstanding commitment in seeking innovations that would further improve information security and reduce the incidences of identity theft and scams in their industry. Robert G. Rooney, Vice-President of the Affinion Group, stated the company strives to “raise the bar for the practices in our industry.”

An ISO certification indicates that a company has put into practice an information security management system that surpasses even the strictest security standards on a global scale.

The following are several factors that contributed to Affinion’s ISO Certification:

  • Implementation of best practice across all information security domains;
  • Putting up of a strong security outline that entails operation, monitoring, review, maintenance and development;
  • Systematic management of incidents with clear and timely escalation paths.

With its ISO certification, the Affinion Group has a strong foundation from where they could base their information security framework for 2008.

Operating for 35 years, the Affinion Group continues to enhance the value of its partners’ customer relationships by strengthening and marketing valuable loyalty, membership, checking account, insurance and other compelling products and services.

View the source press release from the Affinion Group.

Friday, October 10, 2008

EOL earns its fourth ISO accolade

VAR EOL IT has bagged an International Standards Organisation (ISO) certification in security management and plans to use it to push into the public sector.

The firm has completed certification for the ISO 27001 for information security management systems, which less than one per cent of all UK firms have so far completed.

This brings the firm’s number of ISO qualifications to four; the others being ISO 18001 for occupational health and safety management, ISO 9001 for quality administration systems and ISO 14001 for environmental management systems.

Richard Parker, managing director of EOL IT, said: “This latest ISO is all about data security. A number of our competitors have this, but the immediate benefit for us is when tendering to clients.”

Parker added that the firm intends to go for larger public sector contracts now that it has four ISO standards. “There is only one other firm that I know in our sector with all four ISO certifications. It is all about putting in best practice to the business.”

Source: http://www.channelweb.co.uk/crn/news/2227374/eol-earns-fourth-iso-accolade-4253635

Thursday, October 9, 2008

ISO-27001 Quick Reference

I waffle on about this thing a lot - because I like it.

The fundamental triangle of all ISO business standards now rests upon ISO9001, ISO14001 and ISO27001. The documentation is meant to be structured in such a way that the “01″ document is the standard and the “02″ document is the guide. So ISO27001 is the standard and ISO27002 is the guide to that standard (neat).

Here’s a handy spider diagram that gives you all the headings from ISO27002. I use it as a quick tick list to guide people towards making a “scope of applicability” for their business security needs.

Note that the headings go from (4) to (15)…there is no (1) to (3)…this is one of the great unfathomable mysteries of ISO. We are unworthy of controls (1) to (3), perhaps in an afterlife these ultimate truths will be revealed to us…or maybe they just forget to include them, I dunno…

Anyway, I hope some folk find this useful

Source: http://ipvideo.ie/

Friday, October 3, 2008

ISO 27000 Serie Update!

The ISO/IEC 27000-series numbering (“ISO27k”) has been reserved for a family of information security management standards, similar to the very successful ISO 9000 family of quality assurance standards and derived from a British Standard called BS 7799.
  • The following standards are either already published (shown in red) or works in progress:
    ISO/IEC 27000 - will provide an overview/introduction to the ISO27k standards as a whole plus the specialist vocabulary used in ISO27k. Once approved by the members of ISO/IEC JTC1/SC27, it should be published later this year.
  • ISO/IEC 27001:2005 is the Information Security Management System requirements standard (specification) against which over 4,700 organizations have been certified compliant.
  • ISO/IEC 27002:2005 is the code of practice for information security management describing a comprehensive set of information security control objectives and a set of generally accepted good practice security controls.
  • ISO/IEC 27003 will provide implementation guidance for ISO/IEC 27001.
  • ISO/IEC 27004 will be an information security management measurement standard to help improve the effectiveness of your ISMS.
  • ISO/IEC 27005:2008 is a new information security risk management standard released in June 2008.
  • ISO/IEC 27006:2007 is a guide to the certification or registration process for accredited ISMS certification or registration bodies.
  • ISO/IEC 27007 will be a guideline for auditing Information Security Management Systems.
  • ISO/IEC TR 27008 will provide guidance on auditing information security controls.
  • ISO/IEC 27010 will provide guidance on sector-to-sector interworking and communications for industry and government, supporting a series of sector-specific ISMS implementation guidelines starting with ISO/IEC 27011.
  • ISO/IEC 27011 will be information security management guidelines for telecommunications (also known as X.1051) and will be released soon.
  • ISO/IEC 27031 will be an ICT-focused standard on business continuity.
  • ISO/IEC 27032 will be guidelines for cybersecurity.
  • ISO/IEC 27033 will replace the multi-part ISO/IEC 18028 standard on IT network security.
  • ISO/IEC 27034 will provide guidelines for application security.
  • ISO 27799, although not strictly part of ISO27k, provides health sector specific ISMS implementation guidance.
  • Other ISO27k is a holding page with preliminary information on more ISO27k standards including sector/industry-specific ISMS implementation guidelines whose scopes and ISO27k numbers have not yet been determined.

The names and content of as-yet unpublished standards may well change prior to their publication, especially the early drafts.

Source: http://www.iso27001security.com