ISO 27002 establishes guidelines and general principles for initiating, implementing, maintaining and improving information security management in an organization. ISO 27002 is used as the foundation and technical guidelines for many international and industry compliance standards and are generally good practices for all organizations.
Dependencies
The PCI compliance reports have the following dependencies.
| SA Rules | SA Lists | App Rules |
|---|---|---|
| Accounts Created Accounts Deleted Accounts Disabled Accounts Modified Admin Access to Compliance Systems Details Admin Access to Compliance Systems Summary Antivirus Signature Update Change in Audit Settings Encryption Failures Encryption Key Generation and Changes Failed Escalation of Privileges Details Failed Escalation of Privileges Summary Failed Remote Access Details Failed Remote Access Summary Firewall Configuration Changes Firmware Changes on Wireless Devices Logon Failures Details Logon Failures Summary Password Changes Password Changes Summary Router Configuration Changes Successful Escalation of Privileges Details Successful Escalation of Privileges Summary Successful Remote Access Details Successful Remote Access Summary Successful Use of Encryption System Clock Synchronization User Access Revoked User Access to Compliance Systems Details User Access to Compliance Systems Summary User Session Terminated Summary | Administrative Users Compliance Systems | account:created account:deleted account:disabled account:modified account:logon-success av:signature-update config:change-audit-setting encryption:failures encryption:key-gen-and-changes access:privilege-escalation-failure access:remote-failure access:remote-success config:fw-config-changes config:firmware-config-changes account:logon-failure account:password-change config:router-change access:privilege-escalation-success alm:system-clock-synch access:user-access-revoked account:logout |
Citations
The ISO 27002 reports have the following Citations.
| Report Rule | Citation Number | Citation Description |
|---|---|---|
| Accounts Created | 11.2.1 | A formal process should be in place for the granting and revoking of access to information systems. |
| Accounts Deleted | 11.2.1 | A formal process should be in place for the granting and revoking of access to information systems. |
| Accounts Modified | 11.2.1 | A formal process should be in place for the granting and revoking of access to information systems. |
| Antivirus Signature Update | 10.4.1 | The software should be set up to automatically download and update signature files to ensure the protection is kept up to date. |
| Change in Audit Settings | 12.52, 12.53 | When the operating system is changed, all critical applications should be tested and reviewed to ensure there are no adverse impacts on operations or security. |
| Encryption Failures | 15.1.6 | Cryptographic controls should be in compliance with all laws and regulations. |
| Key Generation and Changes | 12.3.2 | Key-management techniques should be in place. All keys should be protected against modification, loss, destruction, and unauthorized disclosure |
| Escalation of Privileges - Detail Escalation of Privileges - Top 25 | 10.10.4 | All activities by System Administrators and System Operators should be logged. |
| Failed Remote Access - Detail | 11.7.2 | Operational procedures and plans should be developed for use by teleworking employees |
| Failed Remote Access - Top 25 | 11.7.2 | Operational procedures and plans should be developed for use by teleworking employees |
| Firewall Configuration Changes | 12.52, 12.53 | When the operating system is changed, all critical applications should be tested and reviewed to ensure there are no adverse impacts on operations or security. |
| Firmware Changes Wireless Devices | 12.52, 12.53 | When the operating system is changed, all critical applications should be tested and reviewed to ensure there are no adverse impacts on operations or security. |
| Logon Failures - Detail | 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| Logon Failures - Top 25 | 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| Password Changes - Detail Password Changes - Top 25 | 11.3.1 | Passwords should be changed on a regular basis and when there is an indication of compromise. |
| Router Configuration Changes | 12.52, 12.53 | When the operating system is changed, all critical applications should be tested and reviewed to ensure there are no adverse impacts on operations or security. |
| Admin Access to Compliance Systems - Detail | 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| Admin Access to Compliance Systems - Top 25 | 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| Successful Remote Access - Detail | 11.7.2 | Operational procedures and plans should be developed for use by teleworking employees |
| Successful Remote Access - Top 25 | 11.7.2 | Operational procedures and plans should be developed for use by teleworking employees |
| Successful Use of Encryption | 15.1.6 | Cryptographic controls should be in compliance with all laws and regulations. |
| User Access to Compliance Systems - Detail | 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| User Access to Compliance Systems - Top 25 | 11.5.1 | All successful and unsuccessful logon attempts should be recorded. |
| System Clock Synchronization | 10.10.6 | All system clocks should be automatically synchronized with an accurate time source. |
| User Access Revoked | 11.2.1 | A formal process should be in place for the granting and revoking of access to information systems. |
| Account Management | 11.2.1 | A formal process should be in place for the granting and revoking of access to information systems. |
| User Session Terminated - Top 25 | 11.5.5 | Inactive sessions should be shut down after a period of time. |
