Information Security Blog

ISO 27002 Gap Assessment vs BITS Shared Assessment

ISO 27002 Gap Assessment vs BITS Shared Assessment

1 Flares

1 Flares


×

security assessmentDuring a recent discussion, a customer asked John Verry what the differences are between an ISO 27002 Gap Assessment and a BITS Shared Assessment. As usual, we decided to educate our blog readers with the answer to that question.

ISO 27002 Gap Assessment

An ISO 27002 Gap Assessment provides an assessment of an organization’s implementation of ISO 27002 control recommendations. The gap analysis is a good step toward understanding the effectiveness of the control environment and is a potential starting point for eventual Information Security Management System (ISMS) certification. It results in a gap analysis that clearly identifies the remediation steps required to achieve alignment with ISO 27002.

BITS Shared Assessment

A BITS Shared Assessment provides an assessment of an organization’s implementation of its controls using a standardized questionnaire which is based on the ISO 27002 standard, with additional input from Shared Assessments Program members. The approach is more rigidly defined (e.g., answers are Yes, No, or N/A, making the completed SIG easy to read by machine. The original idea was that service providers could complete the SIG just once, and then provide the completed SIG to multiple clients.

In short, the BITS Shared Assessment cost is a little more and is a little less flexible – but it provides a higher level of interim attestation in return.

0


Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

About the Author:

Marketing at Pivot Point Security

Add a Comment

1 Flares Twitter 0 Facebook 0 Google+ 1 Pin It Share 0 LinkedIn 0 Reddit 0 StumbleUpon 0 Email -- 1 Flares ×