The First International Cryptographic Module Conference
September 24-26, Gaithersburg, MD
Bringing experts together from around the world to confer on the topic of cryptographic modules.
Conference Website
ISO/IEC 27001
What atsec offers
atsec has extensive experience with ISO/IEC 27001. Please take a look at the list of some of our 
ISMS projects.
atsec’s qualified consultants offer these services related to establishing and operating an ISMS:
- Readiness assessment to help you understand the state of your ISMS before starting the full certification process according to the ISO/IEC 27001 standard.
- Consulting services to help you develop and implement a comprehensive, business-oriented information security solution qualified for ISO/IEC 27001 certification. This includes Risk management consulting to define appropriate methodologies and perform risk assessment.
- Education and training for your staff to optimize your ISO/IEC 27001 certification efforts.
- Internal audits performed on your behalf by atsec.
- Consulting on electronic signature compliance.
Note that atsec is not a Certification Body and does not perform the formal certification audits.
Why our services are important to you
ISO/IEC 27001 and its related code of practice, ISO/IEC 27002, provide internationally-accepted, standardized criteria for implementing an effective information security management system. The basis for this standard is that information is an organization’s most valuable asset, and as such, information must be managed and protected from internal and external threats. To protect its information assets, an organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27001 and ISO/IEC 27002 provide strategic and tactical direction for assessing, measuring, and preventing threats, and propose a range of security controls focused on safeguarding information assets.
For more information
Please refer to our resource pages.
ISO/IEC 27002 Controls Audit/Assessment Support
What atsec offers
Our qualified consultants have a range of technical expertise covering the ISO/IEC 27002 control list:
- General requirements
- Security Policy
- Organization of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communication and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
- Compliance
Customers often choose to complement the assessment of their security controls with a firewall audit, enhanced vulnerability analysis, or penetration testing.
Why our services are important to you
Many companies use ISO/IEC 27001/27002 as a basis for internal audits of information security controls. This key standard has been utilized in response to requirements for BS 7799, ISO/IEC 27001, FISMA, HIPAA, Sarbanes Oxley, Payment Card Industry, and a whole host of other audit requirements.
It is difficult for companies to find experienced and qualified in-house personnel who can cover every control in the list. Using atsec's security consultants provides you with an independent, third-party analysis of your deployment of these industry best-practice controls.
For more information
Please refer to our resource pages.
ISMS TRAINING
What atsec offers
atsec offers the following services related to establishing an ISMS:
- ISO/IEC 27001 implementation
- Risk management consulting to help you define appropriate methodologies and perform risk assessment
- ISO/IEC 27001 lead auditor (BSi or IRCA)
- Security Awareness training for your staff in support of ISO/IEC 27001 requirements
Why our services are important to you
ISO/IEC 27001 and its related code of practice, ISO/IEC 27002, provide internationally-accepted, standardized criteria to implement an effective information security management system. The basis for the standard is that information is an organization’s most valuable asset, and as such, it must be managed and protected from internal and external threats. To protect its information assets, an organization must develop sustainable security measures and integrate those measures into its business processes. ISO/IEC 27001 and ISO/IEC 27002 provide strategic and tactical direction for assessing, measuring, and preventing threats, and propose a range of security controls focused on safeguarding information assets.
Your staff will need to be trained to understand and properly use the ISMS you have established. Internal auditors will need to acquire specialized skills.
For more information
Please refer to our resource pages.
