ISO/IEC 27001 Compliance Solutions

Implementing ISO 27001 controls with Ekran System

Ekran System is an all-in-one insider threat management solution that covers six of the most important ISO 27001 controls:

Become ISO 27001 compliant with Ekran System

Organization of information security. Deploying Ekran System helps you establish a cybersecurity management framework. This platform provides you with the means to grant access privileges and monitor the activity of regular users, privileged users, and remote employees. By doing so, you’ll be able to meet the following requirements:

• A.6.1.2. Segregation of duties
• A.6.2.2. Teleworking

Asset management. You can detect, manage, manually or automatically approve, and block any connection of a USB device to an endpoint monitored with Ekran System. This functionality covers the following control:

• A.8.3.1. Management of removable media

Access control. Ekran System provides you with a robust access control and management toolset that includes an access request and approval workflow, secondary authentication, multi-factor authentication, and time-based access restrictions. With these tools, you’ll be able to granularly control access, manage user rights in a few clicks, and detect and stop security violations in real time.

Ekran’s password management functionality securely handles user credentials and secrets, providing an additional level of access protection.

This set of access management tools helps you comply with such ISO 27001 requirements:

• A.9.1.2. Access to networks and network services
• A.9.2.3. Management of privileged access rights
• A.9.2.4. Management of secret authentication information of users
• A.9.2.5. Review of user access rights
• A.9.2.6. Removal or adjustment of access rights
• A.9.4.1. Information access restriction
• A.9.4.2. Secure log-on procedures
• A.9.4.3. Password management system

Operations security. User activity monitoring is one of the core functionalities of Ekran System. This solution monitors and logs each user action on protected endpoints and couples context-rich recordings with searchable metadata: names of opened files and folders, connected USB devices, accessed URLs, executed commands, etc. Monitoring data is protected with AES-256 encryption and is easy to review and analyze. All encryption algorithms use FIPS 140-2 certified encryption implementations. With this functionality, you can implement these controls:

• A.12.1.2. Change management
• A.12.4.1. Event logging
• A.12.4.2. Protection of log information
• A.12.4.3. Administrator and operator logs
• A.12.7.1. Information systems audit controls

Supplier relationships. With Ekran System, you can monitor the activity of third-party vendors just as easily as the activity of your own employees. The software logs their activities, manages access, and controls privileges. Vendor actions can be reviewed online or in records. This functionality corresponds to the following control:

• A.15.2.1. Monitoring and review of supplier services

Information security incident management. Being a full-cycle cybersecurity platform, Ekran System provides you with the means to detect and respond to cybersecurity incidents. You can assess suspicious user actions online, educate users on security violations, and block suspicious processes, sessions, or users. After an event, you can review and analyze logs, generate reports on the event, and export data for forensic investigation. Using Ekran System, you can implement these ISO 27001 security controls:

• A.16.1.2. Reporting information security events
• A.16.1.4. Assessment of and decision on information security events
• A.16.1.5. Response to information security incidents
• A.16.1.7. Collection of evidence