reports iso 27001

International Standard for Information Security (ISO 27001)

14:34:17 Monday, January 29, 2007 Time Period:

Designated Official:

Introduction to ISO 27001*1

What is ISO 27001?

ISO 27001 is an International Standard for information security that requires organizations to implement security controls to accomplish certain objectives. The standard should be used as a model to build an Information Security Management System (ISMS).

What is an ISMS?

An ISMS is part of an organization's system that manages networks and systems. It aims to “establish, implement, operate, monitor, review, maintain, and improve information security” commensurate with the perceived security risks to the business of the organization.

Who and what is affected by ISO 27001

As a model for information security, ISO 27001 is a generic standard designed for all sizes and types of organizations including governmental, non-governmental, and non-profit organizations. It requires the managing body of an organization to plan, implement, maintain, and improve an ISMS.*2

The ISMS model ensures the selection of adequate security controls based on organizational objectives to protect all information assets, including both wireline and wireless assets.

When is ISO 27001 effective?

ISO 27001 was published and came into effect on October 15, 2005.

1. The ISO 27001 standard is cited as ISO/IEC 27001:2005 International Standard. The ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) are international bodies whose members participate in developing international standards through techical committees. The ISO/IEC 27001 was prepared by the Joint Technical Committee ISO/IECJTC 1, Information technology, Subcommittee SC27, IT Security techniques. For more information see http://www.17799central.com/iso-27001.htm.

2. In the United Kingdom, ISO 27001 is a direct replacement for BS7799-2:2002. It is also the preferred operative business process management system even

P o we r e d b y Ai r Ma g n e t 2:34:17PMMonday, January 29, 2007

Live Capture

How does an organization comply with ISO 27001?

An organization's ISMS is driven by its business needs and objectives, security requirements, and processes in light of its size and organizational structure.

To comply with ISO 27001, organizations must plan, establish, maintain, and improve an ISMS policy that includes objectives, processes, and procedures to manage risk and improve information security.

Planning, implementing, and operating an ISMS uses the controls, processes, and procedures in ISO 27001, along with the implementation guidelines referenced in ISO/IEC 17799:2005 ( Information technology - Security techniques - Code of practice for information security management) (Hereinafter ISO 17799).*3

Does an organization also have to comply with ISO 17799?

No. ISO 17799 provides guidelines to implement the security controls required by ISO 27001. Organizations will comply with and be certified with ISO 27001.

What exactly does an organzation have to do to comply with ISO 27001?*4

Implement plans, processes, and controls to attain certain objectives in information security that relate to an ISMS (Information Security Management System), management responsibility and review of the ISMS, internal ISMS audits, and ISMS improvements.

The specific security controls to implement per ISO 27001 are found in Annex A of the International Standard. They are organized around clauses and can be directly referenced to ISO 17799 for implementation guidelines. The clauses are organized around the following numbered topics that correspond to the standard:

5. Security Policy6. Organizing Information Security7. Asset Management8. Human Resources Security9. Physical and Environmental Security10. Communications and Operations Management 11. Access Control12. Information Systems Acquisition, Development and Maintenance13. Information Security Incident Management14. Business Continuity Management15. Compliance

3. The ISO/IEC 17799 was also prepared by the Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.4. This report is not a contract and does not guarantee an organization's compliance with the ISO 27001 Standard. The organization is responsible for its correct application. Also note that compliance with the International Standard does not provide immunity from legal obligations.


Live Capture

How can AirMagnet help an organization comply with ISO 27001?

AirMagnet helps an organization implement security controls for wireless networks and devices to help comply with the requirements of ISO 27001, an international industry standard for security.

Using AirMagnet products, organizations can establish, maintain, and improve information security and obtain valuable reports to review whether specific wireless assets are within the organizaion's security requirements as identified by the ISO 27001 standard.

AirMagnet will locate and identify wireless devices on an organization's network and provide device-level alarms to document and design an information security system. It performs stateful analysis of wireless communications to identify more than 135 classes of threats in real time and analyzes the effectiveness of implemented controls on all wireless devices. AirMagnet determines whether or not the wireless network and specific wireless devices are in compliance with the requirements set by the organization per the ISO 27001 standard.

AirMagnet system-level and device-specific Compliance Reports for ISO 27001 will verify and record an organization's efforts to comply with ISO 27001 as well as other industry, legal, and regulatory requirements such as the PCI (Payment Card Industry) standard, GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Information Portability and Accounting Act), and Sarbanes Oxley Act of 2002.


Live Capture

AirMagnet Disclaimer

ISO 27001 Policy Compliance Reports™

AirMagnet Enterprise ISO 27001 Policy Compliance Reports™ provide a security framework to comply with ISO 27001 and enable an organization to plan, establish, maintain, and improve an Information Security Management System (ISMS). An ISMS includes objectives, processes, and procedures to manage risk and improve information security.

The Policy Compliance Reports focus on wireless network security in an ISMS and aim to guide network administrators in documenting their wireless security policies and responding to wireless security threats and incidents in compliance with ISO 27001 and its implementation guidelines found in ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management.

AirMagnet operation is limited to wireless networks and devices operating in the unregulated radio frequencies (2.4 - 5 GHz). It operates and reports on networks and devices that use wireless technologies. It does not apply to wire-line networks and devices not operating in the wireless spectrum.

AirMagnet Policy Compliance Reports provide information about the law and are designed to help users satisfy government regulations. This information, however, is not legal advice. AirMagnet has gone to great lengths to ensure the information contained in the Policy Compliance Reports is accurate and useful. AirMagnet, Inc. recommends you consult legal counsel if you want legal advice on whether our information and software is interpreted and implemented to fully comply with industry regulations.

The information contained in the Policy Compliance Reports are furnished under and subject to the terms of the Software License Agreement (“License”). The Policy Compliance Reports do not create a binding business, legal, or professional services relationship between you and Airmagnet, Inc. Because business


Live Capture

1/ System Level Compliance Report

This report summarizes your network’s overall compliance with the ISO27001 on a per-policy basis.

Section 4.1.General requirements: The organization shall establish, implement, operate, monitor, review, maintain and improve a documented ISMS within the context of the organization's overall business activities and the risks it faces.

AirMagnet Compliance Reports and device-level alarms help establish and maintain a documented information security system for wireless networks and devices.

Section 4.2.1a)Define the scope and boundaries of the ISMS in terms of the characteristics of the business, the organization, its location, assets and technology, and including details of and justification for any exclusions from the scope.

AirMagnet can define the scope of the organization's wireless devices and networks and provide asset and technology information.

ISO 27001 Directive Compliance

Section 4.2.1b)2)that takes into account business and legal or regulatory requirements, and contractual security obligations.

AirMagnet includes Compliance Reports that verify and record an organization's efforts to meet legal requirements for wireless networks and devices. Compliance Reports include GLBA, HIPAA, and Sarbanes Oxley

Section 4.2.1b)4)establishes criteria against which risk will be evaluated.

AirMagnet provides asset and technology information on wireless devices to add to the criteria against which an organization's risk will be evaluated.

Section 4.2.1d)1)Identify the assets within the scope of the ISMS, and the owners of these assets.

AirMagnet discovers wireless devices and their capabilities to determine wireless assets within the scope of the ISMS.

Section 4.2.1d)2)Identify the threats to those assets.

AirMagnet ISO 27001 Compliance Reports

AirMagnet perform stateful analysis of all wireless devices and transmissions to identify more than 135 classes of threats in real time.

Section 4.2.1d)3)Identify the vulnerabilities that might be exploited by the threats.

AirMagnet System Level and Device-specific Compliance Reports identify controls currently implemented, and not implemented, on wireless assets.


Live Capture


Section 4.2.1f)1)Identify and evaluate options for the treatment of risks by applying the appropriate controls.

AirMagnet's device-specific alarms determine the existence of appropriate controls for wireless assets in the ISMS.

Section 4.2.1f)3)Identify and evaluate options for the treatment of risks by avoiding risks.

AirMagnet identify and evaluate security controls on wireless devices and provides options to mitigate security concerns.

Section 4.2.1g)Select control objectives and controls for the treatment of risks.

AirMagnet monitors and reports on security controls applied to wireless devices to assess whether control objectives are satisfied using System Level and Device-specific Compliance Reports.

Section 4.2.2c)Implement the controls selected in 4.2.1g) to meet control objectives.

AirMagnet Compliance Reports confirm or deny the implementation of security controls on wireless assets and assess whether the organization is in conformance with this international standard.

Section 4.2.2d)Define how to measure the effectiveness of the selected controls or groups of controls and specify how these measurements are to be used to assess control effectiveness to produce comparable and reproducible results.

Device-level Compliance Reports indicate the effectiveness of selected controls for wireless assets.

Section 4.2.2f)Manage operation of the ISMS.

AirMagnet creates and enforces security policies for wireless LANs and devices focused on specific business needs and regulatory requirements to help manage the ISMS.

Section 4.2.2g)Manage resources for the ISMS.

AirMagnet creates and enforces security policies tied to specific business needs and regulatory requirements to manage the wireless components of the ISMS.


Live Capture


Section 4.2.3a)3)Allow management to determine whether the security activities delegated to people or implemented by information technology are performing as expected.

AirMagnet System Level and Device-level Compliance Reports enable management to determine whether wireless information technology is performing as expected.

Section 4.2.3b)Undertake regular reviews of the effectiveness of the ISMS (including meeting ISMS policy and objectives, and review of security controls) taking into account results of security audits, incidents, results from effectiveness measurements, suggestions and feedback from all interested parties.

AirMagnet Compliance Reports and notifications will enable organizations to undertake regular reviews of wireless networks and devices to determine the effectiveness of the wireless components in the ISMS.

Section 4.2.3c)Measure the effectiveness of controls to verify that security requirements have been met.

AirMagnet Compliance Reports measure the effectiveness of controls on wireless devices to determine conformance to this International Standard.

Section 4.2.3d)4)Monitor and review the ISMS to identify threats to the ISMS.

AirMagnet's security monitoring tools and Compliance Reports provide information on identified and perceived threats to wireless assets to help organizations review risk assessments.

Section 4.2.3d)5)Monitor and review the ISMS to determine the effectiveness of the implemented controls.

AirMagnet's security monitoring tools and Compliance Reports for wireless networks and devices identify changes to implemented controls and their effectiveness to add to an organization's review of risk assessment.

Section 4.2.3d)6)Review risk assessments at planned intervals, taking into account changes to external events, contractual obligations, and social climate.

AirMagnet Compliance Reports incorporate legal requirements to help organizations review and update risk assessments.

Section 4.2.3e)Conduct internal ISMS audits at planned intervals.

AirMagnet Device-level Compliance Reports satisfy an organization's internal audit for the purposes of this international standard.


Live Capture

Section 4.2.3h)Record actions and events that could have an impact on the effectiveness or performance of the ISMS.

AirMagnet records diagnostic, performance, and security events occurring on wirless assets in the ISMS, as well as any automated actions based on those events.

Section 4.2.4b)Take appropriate corrective and preventive actions per Sections 8.2 and 8.3, below and apply the lessons learnt from the security experiences of this organization and other organizations.

AirMagnet can take automated actions based on events occurring on wireless assets using a Best Practice Policy Profile developed on the best practices of organizations implementing wireless devices.

Section 4.2.4d)Ensure that the improvements achieve their intended objectives.

AirMagnet Compliance Reports can determine whether improvements achieved their objectives on wireless devices in the ISMS.

Section 4.3.1b)ISMS documentation shall be comprehensive and include the entire scope of the ISMS.

AirMagnet Compliance Reports help identify, locate, and determine the capabilities of wireless assets to help document the scope of the ISMS.

Section 4.3.1c)The ISMS documentation shall include procedures and controls to support the ISMS.

AirMagnet Compliance Reports document controls on wireless assets to include in ISMS documentation.

Section 4.3.3Records shall be established and maintained to provide evidence of conformity to requirements and the effective operation of the ISMS. They shall be protected and controlled. The ISMS shall take account of any relevant legal or regulatory requirements and contractual obligations. Records shall remain legible, readily identifiable and retrievable. The controls needed for the identification, storage, protection, retrieval, retention time and disposition of records shall be doucmented and implemented.

AirMagnet records of events on wireless networks and devices is maintained in a centralized, secure database with password controlled access and assigned rights.

ComplianceISO 27001 Directive


Live Capture


Section 5.1e)Management is responsible for providing sufficient resources to establish, implement, operate, montor, review, maintain, and improve the ISMS.

Airmagnet can help management establish, implement, operate, monitor, review, maintain, and improve wireless technology in the ISMS.

Section 5.1g)Management shall ensure that internal ISMS audits are conducted.

Management can ensure internal audits of wireless assets in the ISMS using AirMagnet Device-level Compliance Reports.

Section 5.2.1a)Management is responsible to establish, implement, operate, monitor, review, maintain, and improve an ISMS.

AirMagnet can help establish, implement, operate, monitor, review, maintain, and improve on the security of wireless assets in the ISMS.

Section 5.2.1c)The organization shall determine and provide the resources needed to identify and address legal and regulatory requirements and contractual security obligations.

AirMagnet Policy Profiles can help identify and address legal and regulatory requirements.

Section 5.2.1d)The organization shall determine and provide the resources needed to maintain adequate security by correct application of all implemented controls

AirMagnet Device-level Compliance Reports can monitor wireless assets and ensure the correct application of implemented controls on wireless technology.

Section 5.2.1f)Management is responsible, where required, to improve the effectiveness of the ISMS.

AirMagnet security monitoring and reporting of wireless assets helps improve the effectiveness of the ISMS and identify threats and vulnerabilities to wireless technology.

Section 6a)The organization shall conduct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes and procedures of its ISMS conform to the requirements of this international standard and relevant legislation or regulations.

AirMagnet Device-level Compliance Reports run at regular intervals provide an internal audit of wireless assets to determine whether control objectives and specific controls conform to this International Standard as well as some legal requirements.


Live Capture

Section 6b)The organization shall contuct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes, and procedures of its ISMS conform to the identified information security requirements.

AirMagnet Device-level Compliance Reports run at regular intervals to provide an internal audit of wireless assets to determine whether control objectives and specific controls conform to identified security requirements.

Section 6c)The organization shall conduct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes and procedures of its ISMS are effectively implemented and maintained.

AirMagnet Device-level Compliance Reports run at regular intervals to provide an internal audit of wireless assets to determine whether control objectives and specific controls are adequately maintained.

Section 6d)The organization shall conduct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes and procedures of its ISMS perform as expected.

AirMagnet Device-level Compliance Reports run at regular intervals to provide an internal audit of wireless assets to determine whether control objectives and specific controls perform as expected.

Section 7.2a)Management must review the results of ISMS audits and reviews.

AirMagnet System Level and Device-level Compliance Reports can be included in ISMS audits and reviews.

Section 7.2c)The input to a management review shall include techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness.

AirMagnet diagnostic, performance, and security monitoring tools are products that can be used in the ISMS to improve performance and effectiveness.

Management can be notified of AirMagnet's automated actions to locate threats, trace devices, and stop wireless threats at the source. Automated actions are also logged in a secure, central database that can be retrieved and reported for management's review.

Section 7.2d)The input to a management review shall include the status of preventive and corrective actions.



Live Capture


Section 7.2e)The input to a management review shall include vulnerabilities or threats not adequately addressed in the previous risk assessment.

AirMagnet Device-level Compliance reports identify vulnerabilites and threats to wireless assets on an ongoing basis.

Section 7.2f)The input to a management review shall include results from effective measurements.

The absense of an alarm due to the implementation of an effective security control on a wireless device would be sufficient input to determine the effectiveness of the control.

Section 7.2h)The input to a management review shall include any changes that could affect the ISMS.

AirMagnet alarm notifications and Compliance Reports document changes to wireless assets that could affect the ISMS.

Section 7.2i)The input to a management review shall include recommendations for improvement.

AirMagnet makes specific recommendation for identified security threats and vulnerabilities that can be added to management's recommendations to improve the ISMS for wireless technology.

Section 8.3a)Improve the ISMS by identifying potential nonconformities and their causes.

AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable.

Section 8.3b)Improve the ISMS by evaluating the need for action to prevent occurrence of nonconformities.

AirMagnet diagnostic, performance, and security monitoring tools identify nonconfromities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable.

Section 8.3c)Determine the need for preventive action and take such action where necessary.

AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable.


Live Capture


Section 8.3d)Improve the ISMS by recording results of actions taken.

AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organziations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable. Automated actions are logged in a secure, central

Section 8.3e)Improve the ISMS by reviewing the preventive action taken on a regular basis.

AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable. Organizations run Device-level Compliance Reports

Section A.10.10.1Audit logs recording user activities, exceptions, and information security events shall be produced and kept for an agreed period to assist in future investigations and access control monitoring.

AirMagnet Enterprise maintains logs of user and devices in a central, secure data store.

Section A.10.10.3Logging facilities and log information shall be protected against tampering and unauthorized access.


Section A.10.10.4System administrator and system operator activities shall be logged.


Section A.10.10.5Faults shall be logged, analyzed, and appropriate action taken.

AirMagnet Enterprise logs all faults to a centralized, secure server.

Section A.11.2.2Ensure the correct and secure operation of information processing facilities by restricting, controlling, and allocating the use of privilges.

The allocation and use of privileges shall be restricted and controlled.

Section A.13.1.1Ensure information security events and weaknesses associated with information systems are communicated in a manner allowing timely corrective action to be taken.

AirMagnet Compliance Reports and configurable notifications report on security events in timely manner.


Live Capture

Section A.13.2.1Where a follow-up action against a person or organization after an information security incident involves legal action (either civil or criminal), evidence shall be collected, retained, and presented to conform to the rules for

AirMagnet's secure, centralized log file collects the anatomy of a security incident for future prosecution or litigation.

Section A.14.1.2Counteract interruptions to business activities and protect critical business processes from the effects of major failures or natural disasters and ensure their timely resumptioin by identifying events that cause disruption along with the probability and impact of such interruptions and their consequences for information security.

AirMagnet Compliance Reports and notifications inform the organization of security incidents and provide the impact of the event on information security.

Section A.15.1.1Avoide breaches of any law, statutory, regulatory, or contractual obligations.

AirMagnet Compliance Reports help an organization satisfy legal requirements can be used to help an organization meet statutory and regulatory obligations.

Section A.15.3.2Maximize the effectiveness of and minimize interference to and from the information systems audit process by protecting the systems' audit tools from possible misuse or compromise.

AirMagnet Enterprise secures audit information on wireless devices in the ISMS and uses a centralized database with authentication and distributed rights access. Changes to the database are logged and archived for a separate, independent audit of the AirMagnet system.



Live Capture

10.9.110.9.2

4.2.2.h)

4.2.3a)1)

4.2.3a)2)

4.2.3a)4)

A.10.1.2

A.10.3.1A.10.6.1

A.10.8.1A.10.8.3

A.10.8.4

A.10.8.5

A.11.7.1A.12.2.2A.12.2.3

A.12.3.1

A.12.3.2

A.15.1.4

A.15.1.6A.15.2.1

A.15.2.2

A.9.2.410.9.1 1.8%

10.9.2 4.1%

4.2.2.h) 9.5%

4.2.3a)1) 4.1%

4.2.3a)2) 9.4%

4.2.3a)4) 9.5%

A.10.1.2 7.0%

A.10.3.1 4.1%

A.10.6.1 9.4%

A.10.8.1 1.8%

A.10.8.3 1.8%A.10.8.4 1.8%

A.10.8.5 1.8%

A.11.1.1 0.0%

A.11.2.1 0.0%

A.11.4.1 0.0%

A.11.4.2 0.0%

A.11.4.3 0.0%

A.11.4.6 0.0%

A.11.7.1 1.8%

A.12.2.2 0.8%

A.12.2.3 2.1%

A.12.3.1 1.8%

A.12.3.2 1.8%

A.12.5.1 0.0%

A.12.5.3 0.0%

A.15.1.4 1.5%

A.15.1.6 1.5%

A.15.2.1 9.5%

A.15.2.2 9.5%

A.9.2.4 4.1%

Total: 100.0%

ISO 27001

2/ Policy Level Compliance Report

This report summarizes your network’s compliance on a per-policy basis, showing you the total number of devices that are in compliance or violation of each and every policy in the ISO 27001 Policy.


Live Capture

0

20

40

60

80

100

120

140

160

180

4.2.2.h)

4.2.3a)1)

4.2.3a)2)

4.2.3a)4)

A.9.2.4

A.10.1.2

A.10.3.1

A.10.6.1

A.10.8.1

A.10.8.3

A.10.8.4

A.10.8.5

10.9.1

10.9.2

A.11.1.1

A.11.2.1

A.11.4.1

A.11.4.2

A.11.4.3

A.11.4.6

A.11.7.1

A.12.2.2

A.12.2.3

A.12.3.1

A.12.3.2

A.12.5.1

A.12.5.3

A.15.1.4

A.15.1.6

A.15.2.1

A.15.2.2

Violating Device Compliance Device

# of

Dev

ices

ISO 27001

Compliance %

# C

omp

lian

ce

Dev

ices

# V

iola

tin

g D

evic

es

Pol

icy

Vio

lati

on

ISO 27001

64.02%4.2.2.h)Implement procedures and other controls capable of enabling prompt detection of security events and response to security incidents.

81 59 105

80.49%4.2.3a)1) Promptly detect errors in the results of processing. 35 32 132

64.02%4.2.3a)2) Promptly identify attempted and successful security breaches and incidents.

80 59 105

64.02%4.2.3a)4) Help detect security events and thereby prevent security incidents by the use of indicators.

81 59 105

80.49%A.9.2.4 Prevent loss, damage, theft or compromise of assets and interruption to the organization's activities

35 32 132

65.85%A.10.1.2 Ensure the correct and secure operation of information processing facilities.

60 56 108

80.49%A.10.3.1 Minimize the risk of systems failures. 35 32 132


Live Capture

64.02%A.10.6.1 Ensure the protection of information in networks and the protection of the supporting infrastructure.

80 59 105

90.85%A.10.8.1 To maintain the security of information and software exchanged within an organization and with any external entity.

15 15 149

90.85%A.10.8.3 Maintain the security of information and software exchanged within an organization and with any external entity.

15 15 149


15 15 149


15 15 149

90.85%10.9.1 Ensure the security of electronic commerce services, and their secure use.

15 15 149

80.49%10.9.2 Ensure the security of electronic commerce services, and their secure use.

35 32 132

100.00%A.11.1.1 Control access to information. 0 0 164

100.00%A.11.2.1 Ensure the correct and secure operation of information processing facilities.

0 0 164

100.00%A.11.4.1 Prevent unauthorized access to networked services. 0 0 164




90.85%A.11.7.1 Ensure information security when using mobile computing and teleworking facilities.

15 15 149

96.34%A.12.2.2 Prevent errors, loss, unauthorized modification or misuse of information in applications.

7 6 158

90.24%A.12.2.3 Prevent errors, loss, unauthorized modification or misuse of information in applications

18 16 148

90.85%A.12.3.1 Protect the confidentiality, authenticity or integrity of information by cryptographic means.

15 15 149

90.85%A.12.3.2 Protect the confidentiality, authenticity or integrity of information by cryptographic means.

15 15 149

100.00%A.12.5.1 Maintain the security of application system software and information

0 0 164

100.00%A.12.5.3 Maintain the security of application system software and information

0 0 164


Live Capture

92.07%A.15.1.4 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements.

13 13 151

92.07%A.15.1.6 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements.

13 13 151

64.02%A.15.2.1 Ensure compliance of systems with organizational security policies and standards.

81 59 105

64.02%A.15.2.2 Ensure compliance of systems with organizational security policies and standards.

81 59 105


Live Capture

# V

iola

tin

g D

evic

es

# C

omp

lian

ce

Dev

ices

Com

pli

ance

S

tatu

s

AirMagnet Alarms

ISO 27001 Directive

4.2.2.h)Implement procedures and other controls capable of enabling prompt detection of security events and response to security incidents.

162 2Crackable WEP IV key used 98.78%

132 32AP broadcasting SSID 80.49%

140 24Exposed Wireless Station detected 85.37%

163 1DoS: Unauthenticated association 99.39%

152 12Device unprotected by TKIP 92.68%

160 4AP operating in bridged mode detected 97.56%

163 1Potential Pre-802.11n device detected 99.39%

163 1Client with encryption disabled 99.39%

160 4Device Probing for APs 97.56%

4.2.3a)1) Promptly detect errors in the results of processing.

160 4Excessive low speed transmission 97.56%

163 1Ad-hoc node using AP's SSID 99.39%

163 1Higher speed not supported 99.39%

148 16Unassociated station detected 90.24%

161 3Excessive frame retries 98.17%

154 10Excessive missed AP beacons 93.90%

4.2.3a)2) Promptly identify attempted and successful security breaches and incidents.





Live Capture






4.2.3a)4) Help detect security events and thereby prevent security incidents by the use of indicators.










A.9.2.4 Prevent loss, damage, theft or compromise of assets and interruption to the organization's activities







A.10.1.2 Ensure the correct and secure operation of information processing facilities.




A.10.3.1 Minimize the risk of systems failures.


Live Capture







A.10.6.1 Ensure the protection of information in networks and the protection of the supporting infrastructure.









A.10.8.1 To maintain the security of information and software exchanged within an organization and with any external entity.




A.10.8.3 Maintain the security of information and software exchanged within an organization and with any external entity.








Live Capture






10.9.1 Ensure the security of electronic commerce services, and their secure use.




10.9.2 Ensure the security of electronic commerce services, and their secure use.







A.11.7.1 Ensure information security when using mobile computing and teleworking facilities.




A.12.2.2 Prevent errors, loss, unauthorized modification or misuse of information in applications.



A.12.2.3 Prevent errors, loss, unauthorized modification or misuse of information in applications




Live Capture



A.12.3.1 Protect the confidentiality, authenticity or integrity of information by cryptographic means.




A.12.3.2 Protect the confidentiality, authenticity or integrity of information by cryptographic means.




A.15.1.4 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements.



A.15.1.6 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements.



A.15.2.1 Ensure compliance of systems with organizational security policies and standards.











Live Capture

A.15.2.2 Ensure compliance of systems with organizational security policies and standards.










Notes:

1) By default, your network fails to comply with the ISO 27001 Directive if one of the devices violates any of its policy sections.2) Link: http://www.17799central.com/iso-27001.htm


Live Capture

3/ Device-Specific Compliance Report

This report contains detailed information about devices in compliance or violation of the ISO 27001 Directive. It checks the devices against each and every provision in the Directive to show what policy sections are violated or upheld to. It lists all wireless devices deployed on your WLAN. The devices can be sort by MAC address, media type, SSID, or vendor.

Device Information ISO 27001 Policy Sections

MAC Address-Media

Com

pli

ance

%

VENDORSSID

CHANNEL

A.1

0.8.

5

A.1

0.8.

4

A.1

0.8.

3

A.1

0.8.

1

A.1

0.6.

1

A.1

0.3.

1

A.1

0.1.

2

A.9

.2.4

4.2.

3a)4

)

4.2.

3a)2

)

4.2.

3a)1

)

4.2.

2.h

10.9

.1

10.9

.2

A.1

1.1.

1

A.1

1.2.

1

A.1

1.4.

1

A.1

1.4.

2

A.1

1.4.

3

A.1

1.4.

6

A.1

1.7.

1

A.1

2.2.

2

A.1

2.3.

1

A.1

2.2.

3

A.1

2.3.

2

A.1

2.5.

1

A.1

2.5.

3

A.1

5.1.

4

A.1

5.1.

6

A.1

5.2.

1

A.1

5.2.

2

F P F F P F P F P P P 76.67%Channel: ?

P

00:90:4B:BD:FC:3A-b

QA_linksys2

GemTekP P P P P P P P P P P P P P P P P F F

P F P P F P F P P P P 86.67%Channel: ?

P

00:16:B6:F9:2E:CC-b

QA_linksys2

P F P P P P P P P P P P P P P P P P P

F F F F F F F F P P P 63.33%Channel: ?

P

00:40:96:AF:8C:79-b

dlinkG

CiscoP F P P P P P P P P P P P P P P P F F

P P P P P P P P P P P 100.00%Channel: ?

P

98:06:9D:D5:FF:31-b

Sensor Coverage Survey

P P P P P P P P P P P P P P P P P P P

P P P P P P P P P P P 100.00%Channel: 2

P

00:90:7A:05:2F:CF-b

AirMagnetGuest

SpectraLinkP P P P P P P P P P P P P P P P P P P


P

00:90:7A:05:12:AC-b

qa_wireless_11a_only@tv_cubicle



Live Capture


P

00:02:6F:20:2D:E7-b


SenaoP P P P P P P P P P P P P P P P P P P


P

60:1D:4D:7A:96:B2-b

compg



P

72:ED:3F:67:E4:B3-b

Buffalo


F F F F F F F F F F F 23.33%Channel: 10

F

00:12:17:B5:AA:45-b

QA_linksys2

CiscoF F P P P P P P F F F F F P P F F F F


P

00:02:6F:22:36:6E-b

NGbg



P

00:02:6F:22:7E:E9-b




P

00:02:6F:20:32:3D-b



F P F F P F P F P P P 76.67%Channel: 7

P

00:14:F1:AF:1B:97-b

QA-1130-15

CiscoP P P P P P P P P P P P P P P P P F F


Live Capture


P

00:20:A6:52:8F:65-b

tv-Wireless Network B

ProximP P P P P P P P P P P P P P P P P F F

F F F F F F F F P P P 60.00%Channel: 8

P

00:0B:86:84:B5:30-b

aruba-engr-11g

ArubaP F P P P P P P P P F P P P P P P F F


P

00:11:5C:4D:E8:41-b

AirMagnetGuest



P

00:0E:35:C0:35:7D-g

Air2

P F P P P P P P P P P P P P P P P F F


P

00:0D:ED:AB:7C:23-b

Netgear

CiscoP P P P P P P P P P P P P P P P P P P


P

00:40:96:A1:4A:F8-b

BuffaloQA



P

00:16:6F:9C:00:A0-b

QA_linksys2



P

28:B7:C6:A0:0B:B7-b

QA_linksys2



P

00:13:02:1F:F0:1D-b

NGbg



Live Capture


P

00:0C:F1:3E:E6:58-b

NGbg

P P P P P P P P P P P P P P P P P F F


P

00:14:A5:49:D3:3B-b


GemTekP P P P P P P P P P P P P P P P P P P


P

00:14:A5:54:87:1A-b




P

00:90:7A:05:2E:45-b

compa



P

00:02:6F:22:3B:D3-b

compa



P

32:64:0D:38:5B:8F-b

NGbg



F

00:0C:41:A8:7A:C2-b

ENG-linksys_rtf

F F P P P P P P F P F F F P P F F F F


P

00:14:F1:AF:1B:96-b

QA-1130-14

CiscoP F P P P P P P P P F P P P P P P F F


Live Capture


P

00:12:17:DB:88:81-b

QA_linksys1

CiscoP F P P P P P P P F F P P P P P P F F

F P F F P F P F F F F 43.33%Channel: 4

F

00:11:5C:4D:E8:40-b

Air2

CiscoF P P P P P P P F P P F F P P F F F F


P

00:0B:85:79:03:C0-b

QA-1130-15

AirespaceP P P P P P P P P P P P P P P P P P P


P

00:15:2B:AC:CB:CF-b

AM_vofi



P

00:90:96:C6:C2:CE-b

Air3

AskeyP P P P P P P P P P P P P P P P P P P


P

00:0B:85:66:24:90-b

<No current ssid>



P

00:0B:85:26:7F:80-b

<No current ssid>



P

00:12:F0:1A:6C:5D-b

<No current ssid>



P

00:90:7A:05:2E:AA-b

NETGEAR



Live Capture


P

00:02:6F:22:7E:E7-b

compg



P

04:83:6D:6C:AE:AA-b

NGbg



P

00:14:F1:AF:1B:95-b

QA-1130-13



F

00:20:A6:53:8E:73-b

BuffaloQA

ProximF F P P P P P P F P F F F P P F F F F


P

00:90:96:CB:2F:8B-b


AskeyP P P P P P P P P P P P P P P P P F F


P

00:13:02:1B:3A:AC-b

<No current ssid>



F

00:0D:0B:4F:5E:00-b

BuffaloWing

F F P P P P P P F F F F F P P F F F F


P

00:14:F1:AF:1B:94-b

QA-1130-12


P F P P F P F P P P P 80.00%Channel: 2

P

00:0F:34:A7:78:10-b

QAVOFI

CiscoP F P P P P P P P F F P P P P P P P P


Live Capture


P

00:0B:85:01:33:A0-b

QA-1130-13



P

00:12:F0:9E:5D:01-b




P

00:90:4B:BD:FC:46-b

NGbg



P

00:0E:35:0D:DA:73-b

QAVOFI



P

00:0C:F1:42:84:29-b

QAVOFI



P

00:0C:F1:4C:27:6E-b

NGbg



P

B8:8D:56:46:54:8B-b

NGbg



P

00:14:F1:AF:1B:93-b

QA-1130-11



P

00:0B:46:91:EA:72-b

BuffaloQA



Live Capture


P

00:0E:35:C0:5D:AE-g

QAVOFI



P

00:90:4B:BD:FC:34-b

HopOnWireless



P

00:90:4B:BD:FD:12-b

HopOnWireless



P

68:B3:1E:94:E5:5B-b

HopOnWireless


F F F F F P F F F F F 33.33%Channel: 5

F

00:90:7A:05:2F:74-b

QAVOFI

SpectraLinkF F P P P P P P F F F F F P P P P F F


P

00:16:6F:6D:57:FA-b

Air2



P

00:13:02:1B:39:88-b

aruba-engr-11a



P

00:14:A5:01:94:D0-b




P

02:24:12:1D:E4:3D-b




Live Capture


P

00:02:6F:20:6C:90-b




P

00:14:F1:AF:1B:92-b

QA-1130-10



P

00:0B:85:01:33:AF-b

QA-1130-11



P

00:03:7F:BE:E0:35-b

compg

AtherosP P P P P P P P P P P P P P P P P F F


P

00:40:96:A4:0E:EC-b

compg



P

00:0E:35:7F:4E:29-b




P

00:02:6F:20:32:6A-b




P

00:0B:7D:27:9C:EB-b

Air2



F

00:40:96:59:A9:39-b

QA-350-2



Live Capture


P

00:14:F1:AF:1B:91-b




P

00:11:F5:43:B1:B9-b


P F P P P P P P P P F P P P P P P F F


P

96:20:7C:98:19:E6-b

NGbg



P

00:90:4B:BD:FD:21-b

NGbg



P

00:90:4B:BD:FC:43-b




P

00:59:29:6D:54:0D-b

MetroFi-Free



P

00:02:6F:21:27:23-b




P

00:90:7A:04:F0:C4-b




P

00:14:F1:09:12:D8-b




Live Capture

F P F F P P P F F F F 46.67%Channel: 7

F

00:14:F1:AF:1B:90-b

AM_vofi



F

00:13:80:43:11:55-b

QA-1200-7

CiscoF F P P P P P P F P F F F P P F F F F


P

00:0B:85:52:FF:F0-b

QA-350-2



P

00:0B:85:54:D8:30-b

QA_linksys2



P

6E:BB:13:70:43:A0-b

QA_linksys2



P

00:12:F0:95:67:4B-b

AirMagnetGuest



P

00:04:23:A2:81:E8-b

AirMagnetGuest

IntelP P P P P P P P P P P P P P P P P P P


P

00:90:4B:BD:FD:0F-b

compg



P

42:DE:6D:E4:F7:D0-b

Buffalo



Live Capture


P

00:13:80:43:11:54-b

QA-1200-32



P

00:14:A5:54:85:67-b

compg



P

00:02:6F:20:2D:88-b




P

00:02:6F:21:2A:43-b




P

6E:B0:18:D5:8B:09-b




P

00:13:5F:F9:7F:00-b

compg



F

00:13:80:43:11:53-b

QA-1200-31

CiscoF F P P P P P P F P F F F P P F F F F


P

00:13:80:43:12:20-b

QA-1200-36



Live Capture


P

00:13:80:43:15:20-b

QA_QATest4



P

00:90:4B:72:B8:6D-b

P-780_g6

GemTekP F P P P P P P P P P P P P P P P F F


P

00:16:6F:6C:72:B4-b

Monitored



P

00:16:6F:54:3C:95-b

Sabre



F

00:14:A5:01:95:87-b


GemTekF F P P P P P P F P P F F P P F F F F


P

00:0C:F1:42:8B:BC-b

Sabre



P

00:90:4B:CC:75:7E-b

NGbg

GemTekP F P P P P P P P P P P P P P P P F F


P

00:16:CF:9F:E8:EC-b

compa



P

D6:C2:55:CC:AA:FD-b

compa



Live Capture


P

00:13:80:43:11:52-b

QA-1200-30



P

00:14:A8:53:4C:60-b

tech-1200



P

00:02:6F:3A:3F:B1-b

PRISM-SSID

SenaoP F P P P P P P P P P P P P P P P F F


P

00:02:6F:20:18:85-b


SenaoP P P P P P P P P P P P P P P P P F F


P

00:02:6F:22:37:52-b




P

00:02:6F:20:8A:BF-b

NGbg



P

00:0E:35:89:B5:C3-b

<No current ssid>



P

00:13:CE:CF:4A:D7-b

NETGEAR



P

00:02:8A:A8:9A:15-b

QA-1200-26

AmbitP P P P P P P P P P P P P P P P P P P


Live Capture


P

00:13:80:43:11:51-b

QA-1200-26



P

00:12:F0:29:83:8A-b

HopOnWireless


F F F F F P F F F F F 33.33%Channel: 5

F

00:90:7A:05:07:F3-b

QAVOFI

SpectraLinkF F P P P P P P F F F F F P P P P F F


P

00:02:6F:20:8C:E0-b




P

00:14:A5:54:77:FC-b

NGbg



P

00:40:96:AF:31:BC-b

<No current ssid>



P

00:40:96:A1:49:BA-b

<No current ssid>



P

00:13:80:43:11:50-b

QA-1200-25



P

00:09:5B:D6:5C:F8-b

NGbg

NetgearP P P P P P P P P P P P P P P P P F F


Live Capture


P

00:0B:85:54:EA:60-b

QA-1200-26



P

00:02:6F:21:C4:7C-b

BuffaloQA



P

00:02:6F:22:00:5E-b

BuffaloQA



P

00:09:7C:14:A7:0D-b

ANY



P

00:02:6F:20:2E:0D-b




P

00:14:A5:01:95:84-b

NGbg



P

00:14:A5:01:95:EA-b

NGbg



P

00:14:A5:01:95:B7-b




P

00:CD:59:78:3C:00-b

HopOnWireless



Live Capture


P

00:40:96:AB:51:F4-b

Air2


P F P P F P F P P P P 86.67%Channel: ?

P

00:0B:46:91:E2:48-b

QA-1200-32

CiscoP F P P P P P P P P P P P P P P P P P


P

00:40:96:A8:2E:28-b

QAVOFI



P

00:90:4B:BD:FC:D6-b

NGbg



F

00:40:96:59:B9:44-b

QA-350-2



P

00:02:8A:A3:09:20-b

QA-1200-25

AmbitP P P P P P P P P P P P P P P P P P P


P

00:20:A6:4C:A6:A3-b

AM_vofi

ProximP P P P P P P P P P P P P P P P P F F


P

00:15:F9:41:C4:46-b

AM_vofi



P

00:02:6F:20:32:2F-b




Live Capture


P

00:02:6F:21:29:D7-b

compg



P

00:13:CE:C8:54:ED-b

Air2



P

00:90:4B:BD:FD:09-b




P

00:13:02:89:9F:86-b




P

00:11:5C:4D:E9:11-b

AirMagnetGuest


P F P P F P F P P P P 83.33%Channel: 5

P

00:07:85:B3:8A:E3-b

QAVOFI

CiscoP F P P P P P P P P F P P P P P P P P


P

00:0B:85:01:34:40-b

QA-350-2



P

00:0B:85:23:7B:00-b

QA-350-2



P

00:0B:85:08:12:D0-b

QA-350-2



Live Capture


P

00:04:23:6C:CB:AC-b

whitman_wireless

IntelP F P P P P P P P P P P P P P P P F F


P

00:0B:85:54:E9:90-b

EagerWireless



P

00:0B:85:04:3A:80-b

EagerWireless



P

00:13:02:77:23:ED-b

EagerWireless



P

00:13:02:31:12:22-b

GoogleWiFi



P

5C:7B:25:56:9C:A1-b

AM_vofi



F

00:0D:0B:1A:14:03-b

Buffalo

F P P P P P P P F P P F F P P F F F F


F

00:11:5C:4D:E9:10-b

Air2



Live Capture

Notes:

1) P = Pass and F = Fail. 2) Channel specific policy violations will not be included in the Device-Specific Compliance Report. 3) AirMagnet has enabled alarms relevant to theISO 27001 Directive in its Policy Compliance Reports.Disabling any alarms tied to the Reports will degrade their effectiveness and result in a wireless network that does not comply with the respective industry regulations.


Live Capture

reports iso 27001

Documents