ISO 27001 is a detailed security standard and a comprehensive set of controls comprising best practices in information security. This standard was published in October 2005 as a replacement to the BS7799-2 standard. It is primarily referred to as the Information Security Management System (ISMS) certification standard. Organisations that seek to implement an ISMS are examined against ISO 27001.

There are 11 major controls in ISO 27001 that comprise best practices in information security including:

• Security Policy
• Organisation of Information Security
• Asset Management
• Human Resource Security
• Physical and Environment Security
• Communications and Operations Management
• Access Control
• Information Systems Acquisition, Development and     Maintenance
• Information Security Incident Management
• Business Continuity Management
• Compliance

ISO 27001 does not mandate specific procedures nor define the implementation techniques for getting certified. Thus, companies being audited for ISO 27001 compliance deal with issues that plague companies that face regulatory audits, how to effectively get to a state of being compliant, and after the audit, the cost of effectively maintaining that known state. This is where Tripwire can offer the following benefits:

• Quickly gain visibility into your compliance status
• Achieve, maintain and automate ISO 27001 compliance
• Reduce risk of data breaches

Tripwire and ISO 27001
Tripwire's configuration control solution provides powerful configuration assessment and change auditing capabilities to help organisations proactively assess their IT configurations to see how they measure up to ISO 27001. For configurations that don't measure up, there is remediation guidance which walks you through getting those settings to the correct values. Once this known state has been achieved, Tripwire's change auditing solution monitors for changes that could affect compliance to your ISO 27001 policies, maintaining a known state of your IT infrastructure.