This guide describes how to implement the LogRhythm ISO 27001 Compliance Automation Suite. This suite provides pre-bundled content such as AIE Rules, Alarms, Investigations, Lists, and Reports that help organizations pursuing compliance and certification around ISO 27001. This guide provides control mapping between LogRhythm SIEM content and control objectives contained within Annex A of the ISO 27001 publication. Monitoring and awareness of risk exposures across an organization's Information Security Management System (ISM) are foundational aspects of ISO 27001 adherence. The LogRhythm SIEM serves as an essential mitigating aspect along the journey as an organization matures its compliance and security posture. The utilization of the content within this compliance automaton suite helps empower executive management's adherence to Management Clauses and the ISO 27001 certification phases:
- Audit Scope & Planning
- Risk & Control Gap Analysis
- Roadmap & Remediation
- ISMS implementation
- Policy Development
- Personnel Training
- Internal & External Audit Cycle
Many of these phases include key resources that can be leveraged in the deployment of the compliance suite. The ISO 27001 Compliance Automation Suite provides pre-bundled content available through the Knowledge Base and part of the foundation around the Consolidated Compliance Framework (CCF) methodology. An organization, with confirmation from auditors, can utilize the module content to augment control objective and support efforts of pursuing ISO 27001 certification. This minimum standard of security requirements ensures continuity of system and information protection across an organization’s operations. AIE alarms assist with quickly identifying risk exposures, while Case Management provides a central collection of forensic data, including audit evidence to support incident reporting, response time, and remediation requirements. The essential premise of the ISO 27001 is to establish a compliance program and culture where ISMS and risk management are brought under control of management. As detailed within the ISO 27001 - Management Clauses, the cultural shift begins with training personnel and implementation of policies. As a result of policy and procedure implementation, control guidance should be derived from the Annex A controls. This pre-bundled content is automatically associated with the current ISO 27001 (2017) control objectives that are supported by LogRhythm Enterprise. Various lists are also available, some of which are preconfigured and others that can be catered to your environment, processes, and system classifications.
Of the 114 substantive and auditable controls, LogRhythm SIEM supports 61 controls (~55%) through utilization of the ISO 27001 Automation Suite and various SIEM functionality. Collectively, this provides a road map including additional LogRhythm features that can be utilized to help organizations transition from compliance readiness to a true security, risk-based organization. Our team’s interpretations of the augmented controls can be found in the matrices of this module. LogRhythm’s core set of content offered through the Consolidated Compliance Framework (CCF) is mapped to ISO 27001, Annex A controls, offering a streamlined approach to compliance through SIEM technology. LogRhythm SIEM technology and content align with the ISO 27001 control families of user access management, privileged access management, data retention, business continuity, incident response, data protection, and overall assistance as a safeguarding mechanism to strengthen the organization’s security posture.
After you configure the automation suite, the LogRhythm Platform Manager includes the proper components needed to support ISO 27001 control adherence. As AIE rules, alarms, reports, and investigations are correlated with in-scope log sources and hosts, powerful data to enable your compliance and security teams can be utilized. You can then schedule Reports for periodic generation and delivery or generate them on demand for various audiences. To identify areas of non-compliance in real-time, you can leverage Investigations and Alarms for immediate analysis of activities that impact your organization's cardholder data systems. Once a control failure or risk exposure is realized, quickly use Case Management to organize and understand this event. This helps the organization reduce the Mean Time To Detection (MTTD) and Mean Time To Respond (MTTR) to not only ensure reporting time requirements are met, but help limit the time of risk realization and damage.
LogRhythm content is designed to be utilized by various audiences including internal and external audit, executive management, control owners, program developers, IT security, IT operations, and other individuals or groups involved in the audit cycle.
This guide is intended for LogRhythm Enterprise administrators and analysts who are responsible for maintaining compliance with various ISO 27001 requirements. Further, monthly and weekly Reporting Packages can be established to provide forensic evidence and audit data to appropriate audiences for distribution. These groups include Security Operations, Security Management, IT Operations, Audit, and Executive Management. These reporting packages, the content included, and the frequency can be adjusted according to the needs of your audience.
This guide details the installation, configuration, and verification of objects used in the ISO 27001 Compliance Automation Suite. When this section is complete, the LogRhythm Platform Manager enabled content will begin to provide value around your ISO 27001 efforts. The process involves the following steps: