Assessing Privileged Access Management (PAM) using ISO 27001:2013 Control

Abstract

ISO 27001 is one of the most widely adopted and respected information security standards in use today. It is promulgated by the International Standards Organization (ISO). Many organizations seek to be certified for the standard, which provides a framework for implementing an Information Security Management System (ISMS). The standard touches on virtually every aspect of information security. Access controls - including Privileged Access Management (PAM), thus figure prominently into the ISO 27001 certification and audit processes. In order to manage their privileged accounts, organization should be use PAM to protect critical IT assets, meet the compliance regulation and to prevent data breaches. But unfortunately many organizations do not have enough knowledge when they plan to build PAM solutions. Many organization do not have base-line when they acquire new PAM technology. This paper will help organization to acquire PAM solution that meet the ISO 27001 control. Our compliance matrix give organization a guideline to achieving the implementation of ISMS framework with PAM technology.