International Standard For Information Security (ISO 27001) : Designated Official

International Standard for Information Security (ISO 27001) Designated Official:
Time Period: Introduction to ISO 27001*1 What is ISO 27001? ISO 27001 is an International Standard for information security that requires organizations to implement security controls to accomplish certain objectives. The standard should be used as a model to build an Information Security Management System (ISMS). What is an ISMS? An ISMS is part of an organization's system that manages networks and systems. It aims to establish, implement, operate, monitor, review, maintain, and improve information security commensurate with the perceived security risks to the business of the organization. Who and what is affected by ISO 27001 As a model for information security, ISO 27001 is a generic standard designed for all sizes and types of organizations including governmental, non-governmental, and non-profit organizations. It requires the managing body of an organization to plan, implement, maintain, and improve an ISMS. *2 The ISMS model ensures the selection of adequate security controls based on organizational objectives to protect all information assets, including both wireline and wireless assets. When is ISO 27001 effective? ISO 27001 was published and came into effect on October 15, 2005. 1. The ISO 27001 standard is cited as ISO/IEC 27001:2005 International Standard. The ISO (International Organization for Standardization) and the IEC (International Electrotechnical Commission) are international bodies whose members participate in developing international standards through techical committees. The ISO/IEC 27001 was prepared by the Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC27, IT Security techniques. For more information see http://www.17799central.com/iso-27001.htm. 2. In the United Kingdom, ISO 27001 is a direct replacement for BS7799-2:2002. It is also the preferred operative business process management system even 14:34:17 Monday, January 29, 2007
Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM
How does an organization comply with ISO 27001? An organization's ISMS is driven by its business needs and objectives, security requirements, and processes in light of its size and organizational structure. To comply with ISO 27001, organizations must plan, establish, maintain, and improve an ISMS policy that includes objectives, processes, and procedures to manage risk and improve information security. Planning, implementing, and operating an ISMS uses the controls, processes, and procedures in ISO 27001, along with the implementation guidelines referenced in ISO/IEC 17799:2005 ( Information technology - Security techniques - Code of practice for information security management) ( Hereinafter ISO 17799).*3 Does an organization also have to comply with ISO 17799? No. ISO 17799 provides guidelines to implement the security controls required by ISO 27001. Organizations will comply with and be certified with ISO 27001. What exactly does an organzation have to do to comply with ISO 27001?*4 Implement plans, processes, and controls to attain certain objectives in information security that relate to an ISMS (Information Security Management System), management responsibility and review of the ISMS, internal ISMS audits, and ISMS improvements. The specific security controls to implement per ISO 27001 are found in Annex A of the International Standard. They are organized around clauses and can be directly referenced to ISO 17799 for implementation guidelines. The clauses are organized around the following numbered topics that correspond to the standard: 5. Security Policy 6. Organizing Information Security 7. Asset Management 8. Human Resources Security 9. Physical and Environmental Security 10. Communications and Operations Management 11. Access Control 12. Information Systems Acquisition, Development and Maintenance 13. Information Security Incident Management 14. Business Continuity Management 15. Compliance
3. The ISO/IEC 17799 was also prepared by the Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. 4. This report is not a contract and does not guarantee an organization's compliance with the ISO 27001 Standard. The organization is responsible for its correct application. Also note that compliance with the International Standard does not provide immunity from legal obligations.
How can AirMagnet help an organization comply with ISO 27001? AirMagnet helps an organization implement security controls for wireless networks and devices to help comply with the requirements of ISO 27001, an international industry standard for security. Using AirMagnet products, organizations can establish, maintain, and improve information security and obtain valuable reports to review whether specific wireless assets are within the organizaion's security requirements as identified by the ISO 27001 standard. AirMagnet will locate and identify wireless devices on an organization's network and provide device-level alarms to document and design an information security system. It performs stateful analysis of wireless communications to identify more than 135 classes of threats in real time and analyzes the effectiveness of implemented controls on all wireless devices. AirMagnet determines whether or not the wireless network and specific wireless devices are in compliance with the requirements set by the organization per the ISO 27001 standard. AirMagnet system-level and device-specific Compliance Reports for ISO 27001 will verify and record an organization's efforts to comply with ISO 27001 as well as other industry, legal, and regulatory requirements such as the PCI (Payment Card Industry) standard, GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Information Portability and Accounting Act), and Sarbanes Oxley Act of 2002.
AirMagnet Disclaimer
ISO 27001 Policy Compliance Reports AirMagnet Enterprise ISO 27001 Policy Compliance Reports provide a security framework to comply with ISO 27001 and enable an organization to plan, establish, maintain, and improve an Information Security Management System (ISMS). An ISMS includes objectives, processes, and procedures to manage risk and improve information security. The Policy Compliance Reports focus on wireless network security in an ISMS and aim to guide network administrators in documenting their wireless security policies and responding to wireless security threats and incidents in compliance with ISO 27001 and its implementation guidelines found in ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management. AirMagnet operation is limited to wireless networks and devices operating in the unregulated radio frequencies (2.4 - 5 GHz). It operates and reports on networks and devices that use wireless technologies. It does not apply to wire-line networks and devices not operating in the wireless spectrum. AirMagnet Policy Compliance Reports provide information about the law and are designed to help users satisfy government regulations. This information, however, is not legal advice. AirMagnet has gone to great lengths to ensure the information contained in the Policy Compliance Reports is accurate and useful. AirMagnet, Inc. recommends you consult legal counsel if you want legal advice on whether our information and software is interpreted and implemented to fully comply with industry regulations. The information contained in the Policy Compliance Reports are furnished under and subject to the terms of the Software License Agreement (License). The Policy Compliance Reports do not create a binding business, legal, or professional services relationship between you and Airmagnet, Inc. Because business
1/ System Level Compliance Report

AirMagnet ISO 27001 Compliance Reports This report summarizes your networks overall compliance with the ISO27001 on a per-policy basis. ISO 27001 Directive Section 4.1. General requirements: The organization shall establish, implement, operate, monitor, review, maintain and improve a documented ISMS within the context of the organization's overall business activities and the risks it faces. Section 4.2.1a) Define the scope and boundaries of the ISMS in terms of the characteristics of the business, the organization, its location, assets and technology, and including details of and justification for any exclusions from the scope. Compliance AirMagnet Compliance Reports and device-level alarms help establish and maintain a documented information security system for wireless networks and devices.
AirMagnet can define the scope of the organization's wireless devices and networks and provide asset and technology information.
Section 4.2.1b)2) that takes into account business and legal or regulatory requirements, and contractual security obligations. Section 4.2.1b)4) establishes criteria against which risk will be evaluated. Section 4.2.1d)1) Identify the assets within the scope of the ISMS, and the owners of these assets. Section 4.2.1d)2) Identify the threats to those assets. Section 4.2.1d)3) Identify the vulnerabilities that might be exploited by the threats.
AirMagnet includes Compliance Reports that verify and record an organization's efforts to meet legal requirements for wireless networks and devices. Compliance Reports include GLBA, HIPAA, and Sarbanes Oxley AirMagnet provides asset and technology information on wireless devices to add to the criteria against which an organization's risk will be evaluated. AirMagnet discovers wireless devices and their capabilities to determine wireless assets within the scope of the ISMS.
AirMagnet perform stateful analysis of all wireless devices and transmissions to identify more than 135 classes of threats in real time. AirMagnet System Level and Device-specific Compliance Reports identify controls currently implemented, and not implemented, on wireless assets.
ISO 27001 Directive Section 4.2.1f)1) Identify and evaluate options for the treatment of risks by applying the appropriate controls. Section 4.2.1f)3) Identify and evaluate options for the treatment of risks by avoiding risks. Section 4.2.1g) Select control objectives and controls for the treatment of risks.
Compliance AirMagnet's device-specific alarms determine the existence of appropriate controls for wireless assets in the ISMS.
AirMagnet identify and evaluate security controls on wireless devices and provides options to mitigate security concerns. AirMagnet monitors and reports on security controls applied to wireless devices to assess whether control objectives are satisfied using System Level and Device-specific Compliance Reports. AirMagnet Compliance Reports confirm or deny the implementation of security controls on wireless assets and assess whether the organization is in conformance with this international standard. Device-level Compliance Reports indicate the effectiveness of selected controls for wireless assets.
Section 4.2.2c) Implement the controls selected in 4.2.1g) to meet control objectives.
Section 4.2.2d) Define how to measure the effectiveness of the selected controls or groups of controls and specify how these measurements are to be used to assess control effectiveness to produce comparable and reproducible results.
Section 4.2.2f) Manage operation of the ISMS.
AirMagnet creates and enforces security policies for wireless LANs and devices focused on specific business needs and regulatory requirements to help manage the ISMS.
Section 4.2.2g) Manage resources for the ISMS.
AirMagnet creates and enforces security policies tied to specific business needs and regulatory requirements to manage the wireless components of the ISMS.
ISO 27001 Directive Section 4.2.3a)3) Allow management to determine whether the security activities delegated to people or implemented by information technology are performing as expected.
Compliance AirMagnet System Level and Device-level Compliance Reports enable management to determine whether wireless information technology is performing as expected.
Section 4.2.3b) Undertake regular reviews of the effectiveness of the ISMS (including meeting ISMS policy and objectives, and review of security controls) taking into account results of security audits, incidents, results from effectiveness measurements, suggestions and feedback from all interested parties.
AirMagnet Compliance Reports and notifications will enable organizations to undertake regular reviews of wireless networks and devices to determine the effectiveness of the wireless components in the ISMS.
Section 4.2.3c) Measure the effectiveness of controls to verify that security requirements have been met.
AirMagnet Compliance Reports measure the effectiveness of controls on wireless devices to determine conformance to this International Standard.
Section 4.2.3d)4) Monitor and review the ISMS to identify threats to the ISMS.
AirMagnet's security monitoring tools and Compliance Reports provide information on identified and perceived threats to wireless assets to help organizations review risk assessments. AirMagnet's security monitoring tools and Compliance Reports for wireless networks and devices identify changes to implemented controls and their effectiveness to add to an organization's review of risk assessment. AirMagnet Compliance Reports incorporate legal requirements to help organizations review and update risk assessments.
Section 4.2.3d)5) Monitor and review the ISMS to determine the effectiveness of the implemented controls. Section 4.2.3d)6) Review risk assessments at planned intervals, taking into account changes to external events, contractual obligations, and social climate.
Section 4.2.3e) Conduct internal ISMS audits at planned intervals.
AirMagnet Device-level Compliance Reports satisfy an organization's internal audit for the purposes of this international standard.
ISO 27001 Directive Section 4.2.3h) Record actions and events that could have an impact on the effectiveness or performance of the ISMS.
Compliance AirMagnet records diagnostic, performance, and security events occurring on wirless assets in the ISMS, as well as any automated actions based on those events.
Section 4.2.4b) Take appropriate corrective and preventive actions per Sections 8.2 and 8.3, below and apply the lessons learnt from the security experiences of this organization and other organizations.
AirMagnet can take automated actions based on events occurring on wireless assets using a Best Practice Policy Profile developed on the best practices of organizations implementing wireless devices.
Section 4.2.4d) Ensure that the improvements achieve their intended objectives.
AirMagnet Compliance Reports can determine whether improvements achieved their objectives on wireless devices in the ISMS.
Section 4.3.1b) ISMS documentation shall be comprehensive and include the entire scope of the ISMS. Section 4.3.1c) The ISMS documentation shall include procedures and controls to support the ISMS.
AirMagnet Compliance Reports help identify, locate, and determine the capabilities of wireless assets to help document the scope of the ISMS.
AirMagnet Compliance Reports document controls on wireless assets to include in ISMS documentation.
Section 4.3.3 Records shall be established and maintained to provide evidence of conformity to requirements and the effective operation of the ISMS. They shall be protected and controlled. The ISMS shall take account of any relevant legal or regulatory requirements and contractual obligations. Records shall remain legible, readily identifiable and retrievable. The controls needed for the identification, storage, protection, retrieval, retention time and disposition of records shall be doucmented and implemented.
AirMagnet records of events on wireless networks and devices is maintained in a centralized, secure database with password controlled access and assigned rights.
ISO 27001 Directive Section 5.1e) Management is responsible for providing sufficient resources to establish, implement, operate, montor, review, maintain, and improve the ISMS. Section 5.1g) Management shall ensure that internal ISMS audits are conducted.
Compliance Airmagnet can help management establish, implement, operate, monitor, review, maintain, and improve wireless technology in the ISMS.
Management can ensure internal audits of wireless assets in the ISMS using AirMagnet Device-level Compliance Reports.
Section 5.2.1a) Management is responsible to establish, implement, operate, monitor, review, maintain, and improve an ISMS. Section 5.2.1c) The organization shall determine and provide the resources needed to identify and address legal and regulatory requirements and contractual security obligations. Section 5.2.1d) The organization shall determine and provide the resources needed to maintain adequate security by correct application of all implemented controls
AirMagnet can help establish, implement, operate, monitor, review, maintain, and improve on the security of wireless assets in the ISMS.
AirMagnet Policy Profiles can help identify and address legal and regulatory requirements.
AirMagnet Device-level Compliance Reports can monitor wireless assets and ensure the correct application of implemented controls on wireless technology. AirMagnet security monitoring and reporting of wireless assets helps improve the effectiveness of the ISMS and identify threats and vulnerabilities to wireless technology. AirMagnet Device-level Compliance Reports run at regular intervals provide an internal audit of wireless assets to determine whether control objectives and specific controls conform to this International Standard as well as some legal requirements.
Section 5.2.1f) Management is responsible, where required, to improve the effectiveness of the ISMS. Section 6a) The organization shall conduct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes and procedures of its ISMS conform to the requirements of this international standard and relevant legislation or regulations.
ISO 27001 Directive Section 6b) The organization shall contuct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes, and procedures of its ISMS conform to the identified information security requirements.
Compliance AirMagnet Device-level Compliance Reports run at regular intervals to provide an internal audit of wireless assets to determine whether control objectives and specific controls conform to identified security requirements.
Section 6c) The organization shall conduct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes and procedures of its ISMS are effectively implemented and maintained.
AirMagnet Device-level Compliance Reports run at regular intervals to provide an internal audit of wireless assets to determine whether control objectives and specific controls are adequately maintained.
Section 6d) The organization shall conduct internal ISMS audits at planned intervals to determine whether the control objectives, controls, processes and procedures of its ISMS perform as expected.
AirMagnet Device-level Compliance Reports run at regular intervals to provide an internal audit of wireless assets to determine whether control objectives and specific controls perform as expected.
Section 7.2a) Management must review the results of ISMS audits and reviews.
AirMagnet System Level and Device-level Compliance Reports can be included in ISMS audits and reviews.
Section 7.2c) The input to a management review shall include techniques, products or procedures, which could be used in the organization to improve the ISMS performance and effectiveness. Section 7.2d) The input to a management review shall include the status of preventive and corrective actions.
AirMagnet diagnostic, performance, and security monitoring tools are products that can be used in the ISMS to improve performance and effectiveness.
Management can be notified of AirMagnet's automated actions to locate threats, trace devices, and stop wireless threats at the source. Automated actions are also logged in a secure, central database that can be retrieved and reported for management's review.
ISO 27001 Directive Section 7.2e) The input to a management review shall include vulnerabilities or threats not adequately addressed in the previous risk assessment. Section 7.2f) The input to a management review shall include results from effective measurements. Section 7.2h) The input to a management review shall include any changes that could affect the ISMS.
Compliance AirMagnet Device-level Compliance reports identify vulnerabilites and threats to wireless assets on an ongoing basis.
The absense of an alarm due to the implementation of an effective security control on a wireless device would be sufficient input to determine the effectiveness of the control. AirMagnet alarm notifications and Compliance Reports document changes to wireless assets that could affect the ISMS.
Section 7.2i) The input to a management review shall include recommendations for improvement. Section 8.3a) Improve the ISMS by identifying potential nonconformities and their causes.
AirMagnet makes specific recommendation for identified security threats and vulnerabilities that can be added to management's recommendations to improve the ISMS for wireless technology. AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable.
Section 8.3b) Improve the ISMS by evaluating the need for action to prevent occurrence of nonconformities.
AirMagnet diagnostic, performance, and security monitoring tools identify nonconfromities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable. AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable.
Section 8.3c) Determine the need for preventive action and take such action where necessary.
ISO 27001 Directive Section 8.3d) Improve the ISMS by recording results of actions taken.
Compliance AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organziations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable. Automated actions are logged in a secure, central AirMagnet diagnostic, performance, and security monitoring tools identify nonconformities in wireless devices in the ISMS. Organizations can use AirMagnet for advice on nonconformities and configure it for automated action where applicable. Organizations run Device-level Compliance Reports
Section 8.3e) Improve the ISMS by reviewing the preventive action taken on a regular basis.
Section A.10.10.1 Audit logs recording user activities, exceptions, and information security events shall be produced and kept for an agreed period to assist in future investigations and access control monitoring. Section A.10.10.3 Logging facilities and log information shall be protected against tampering and unauthorized access. Section A.10.10.4 System administrator and system operator activities shall be logged. Section A.10.10.5 Faults shall be logged, analyzed, and appropriate action taken. Section A.11.2.2 Ensure the correct and secure operation of information processing facilities by restricting, controlling, and allocating the use of privilges.
AirMagnet Enterprise maintains logs of user and devices in a central, secure data store.
AirMagnet Enterprise maintains logs of user and devices in a central, secure data store.
AirMagnet Enterprise maintains logs of user and devices in a central, secure data store. AirMagnet Enterprise logs all faults to a centralized, secure server.
The allocation and use of privileges shall be restricted and controlled.
AirMagnet Compliance Reports and configurable notifications report on Section A.13.1.1 security events in timely manner. Ensure information security events and weaknesses associated with information systems are communicated in a manner allowing timely corrective action to be taken.
ISO 27001 Directive Section A.13.2.1 Where a follow-up action against a person or organization after an information security incident involves legal action (either civil or criminal), evidence shall be collected, retained, and presented to conform to the rules for
Compliance AirMagnet's secure, centralized log file collects the anatomy of a security incident for future prosecution or litigation.
Section A.14.1.2 Counteract interruptions to business activities and protect critical business processes from the effects of major failures or natural disasters and ensure their timely resumptioin by identifying events that cause disruption along with the probability and impact of such interruptions and their consequences for information security. Section A.15.1.1 Avoide breaches of any law, statutory, regulatory, or contractual obligations.
AirMagnet Compliance Reports and notifications inform the organization of security incidents and provide the impact of the event on information security.
AirMagnet Compliance Reports help an organization satisfy legal requirements can be used to help an organization meet statutory and regulatory obligations.
Section A.15.3.2 Maximize the effectiveness of and minimize interference to and from the information systems audit process by protecting the systems' audit tools from possible misuse or compromise.
AirMagnet Enterprise secures audit information on wireless devices in the ISMS and uses a centralized database with authentication and distributed rights access. Changes to the database are logged and archived for a separate, independent audit of the AirMagnet system.
2/ Policy Level Compliance Report

This report summarizes your networks compliance on a per-policy basis, showing you the total number of devices that are in compliance or violation of each and every policy in the ISO 27001 Policy.
ISO 27001
A.9.2.4 A.15.2.2 10.9.1
10.9.1 10.9.2 4.2.2.h) 4.2.3a)1) 4.2.3a)2) 4.2.3a)4) A.10.1.2 A.10.3.1 A.10.6.1 A.10.8.1 A.10.8.3 A.10.8.4 A.10.8.5 A.11.1.1 A.11.2.1 A.11.4.1 A.11.4.2 A.11.4.3 A.11.4.6 A.11.7.1 A.12.2.2 A.12.2.3 A.12.3.1 A.12.3.2 A.12.5.1 A.12.5.3 A.15.1.4 A.15.1.6 A.15.2.1 A.15.2.2 A.9.2.4 Total: 1.8% 4.1% 9.5% 4.1% 9.4% 9.5% 7.0% 4.1% 9.4% 1.8% 1.8% 1.8% 1.8% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 1.8% 0.8% 2.1% 1.8% 1.8% 0.0% 0.0% 1.5% 1.5% 9.5% 9.5% 4.1% 100.0%
10.9.2 4.2.2.h)
A.15.1.6 A.15.2.1 A.15.1.4 A.12.3.2 A.12.3.1 A.12.2.3 A.12.2.2 A.11.7.1 A.10.8.5 A.10.8.4 A.10.8.3 A.10.6.1 A.10.8.1 A.10.3.1
4.2.3a)1) 4.2.3a)2)
4.2.3a)4)
A.10.1.2
ISO 27001
180 160 140 120
# of Devices
100 80 60 40 20 0
# Compliance Devices 105 132 105 105 132 108 132
# Violating Devices
Policy Violation
ISO 27001
4.2.2.h)Implement procedures and other controls capable of enabling prompt detection of security events and response to security incidents. 4.2.3a)1) Promptly detect errors in the results of processing. 4.2.3a)2) Promptly identify attempted and successful security breaches and incidents. 4.2.3a)4) Help detect security events and thereby prevent security incidents by the use of indicators. A.9.2.4 Prevent loss, damage, theft or compromise of assets and interruption to the organization's activities A.10.1.2 Ensure the correct and secure operation of information processing facilities. A.10.3.1 Minimize the risk of systems failures.
Live Capture P o we r e d by Ai r Ma g n e t
4. 2. 4. 2.h 2. ) 3a 4. )1 2. ) 3 4. a)2 2. ) 3a ) A. 4) 9. A. 2.4 10 . A. 1.2 10 . A. 3.1 10 . A. 6.1 10 . A. 8.1 10 . A. 8.3 10 . A. 8.4 10 .8 . 10 5 .9 . 10 1 .9 A. .2 11 . A. 1.1 11 . A. 2.1 11 . A. 4.1 11 . A. 4.2 11 . A. 4.3 11 . A. 4.6 11 . A. 7.1 12 . A. 2.2 12 . A. 2.3 12 . A. 3.1 12 . A. 3.2 12 . A. 5.1 12 . A. 5.3 15 . A. 1.4 15 . A. 1.6 15 . A. 2.1 15 .2 .2
Violating Device Compliance Device
Compliance % 64.02% 80.49% 64.02% 64.02% 80.49% 65.85% 80.49%
81 35 80 81 35 60 35
59 32 59 59 32 56 32
Monday, January 29, 2007
2:34:17PM
A.10.6.1 Ensure the protection of information in networks and the protection of the supporting infrastructure. A.10.8.1 To maintain the security of information and software exchanged within an organization and with any external entity. A.10.8.3 Maintain the security of information and software exchanged within an organization and with any external entity. A.10.8.4 Maintain the security of information and software exchanged within an organization and with any external entity. A.10.8.5 Maintain the security of information and software exchanged within an organization and with any external entity. 10.9.1 Ensure the security of electronic commerce services, and their secure use. 10.9.2 Ensure the security of electronic commerce services, and their secure use. A.11.1.1 Control access to information. A.11.2.1 Ensure the correct and secure operation of information processing facilities. A.11.4.1 Prevent unauthorized access to networked services. A.11.4.2 Prevent unauthorized access to networked services. A.11.4.3 Prevent unauthorized access to networked services. A.11.4.6 Prevent unauthorized access to networked services. A.11.7.1 Ensure information security when using mobile computing and teleworking facilities. A.12.2.2 Prevent errors, loss, unauthorized modification or misuse of information in applications. A.12.2.3 Prevent errors, loss, unauthorized modification or misuse of information in applications A.12.3.1 Protect the confidentiality, authenticity or integrity of information by cryptographic means. A.12.3.2 Protect the confidentiality, authenticity or integrity of information by cryptographic means. A.12.5.1 Maintain the security of application system software and information A.12.5.3 Maintain the security of application system software and information
80 15 15 15 15 15 35 0 0 0 0 0 0 15 7 18 15 15 0 0
59 15 15 15 15 15 32 0 0 0 0 0 0 15 6 16 15 15 0 0
105 149 149 149 149 149 132 164 164 164 164 164 164 149 158 148 149 149 164 164
64.02% 90.85% 90.85% 90.85% 90.85% 90.85% 80.49% 100.00% 100.00% 100.00% 100.00% 100.00% 100.00% 90.85% 96.34% 90.24% 90.85% 90.85% 100.00% 100.00%
2:34:17PM
A.15.1.4 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements. A.15.1.6 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements. A.15.2.1 Ensure compliance of systems with organizational security policies and standards. A.15.2.2 Ensure compliance of systems with organizational security policies and standards.
13 13 81 81
13 13 59 59
151 151 105 105
92.07% 92.07% 64.02% 64.02%
ISO 27001 Directive
# Compliance Devices
AirMagnet Alarms
4.2.2.h)Implement procedures and other controls capable of enabling prompt detection of security events and response to security incidents. Crackable WEP IV key used AP broadcasting SSID Exposed Wireless Station detected DoS: Unauthenticated association Device unprotected by TKIP AP operating in bridged mode detected Potential Pre-802.11n device detected Client with encryption disabled Device Probing for APs 4.2.3a)1) Promptly detect errors in the results of processing. Excessive low speed transmission Ad-hoc node using AP's SSID Higher speed not supported Unassociated station detected Excessive frame retries Excessive missed AP beacons 4 1 1 16 3 10 160 163 163 148 161 154 97.56% 99.39% 99.39% 90.24% 98.17% 93.90% 2 32 24 1 12 4 1 1 4 162 132 140 163 152 160 163 163 160 98.78% 80.49% 85.37% 99.39% 92.68% 97.56% 99.39% 99.39% 97.56%
4.2.3a)2) Promptly identify attempted and successful security breaches and incidents. Exposed Wireless Station detected DoS: Unauthenticated association Client with encryption disabled
24 1 1
140 163 163
Compliance Status 85.37% 99.39% 99.39%
# Violating Devices
Crackable WEP IV key used Device unprotected by TKIP AP operating in bridged mode detected AP broadcasting SSID Device Probing for APs
2 12 4 32 4
162 152 160 132 160
98.78% 92.68% 97.56% 80.49% 97.56%
4.2.3a)4) Help detect security events and thereby prevent security incidents by the use of indicators. Crackable WEP IV key used Device unprotected by TKIP Client with encryption disabled AP broadcasting SSID Exposed Wireless Station detected AP operating in bridged mode detected Potential Pre-802.11n device detected DoS: Unauthenticated association Device Probing for APs 2 12 1 32 24 4 1 1 4 162 152 163 132 140 160 163 163 160 98.78% 92.68% 99.39% 80.49% 85.37% 97.56% 99.39% 99.39% 97.56%
A.9.2.4 Prevent loss, damage, theft or compromise of assets and interruption to the organization's activities Higher speed not supported Unassociated station detected Excessive low speed transmission Ad-hoc node using AP's SSID Excessive frame retries Excessive missed AP beacons 1 16 4 1 3 10 163 148 160 163 161 154 99.39% 90.24% 97.56% 99.39% 98.17% 93.90%
A.10.1.2 Ensure the correct and secure operation of information processing facilities. Exposed Wireless Station detected AP operating in bridged mode detected AP broadcasting SSID A.10.3.1 Minimize the risk of systems failures.
24 4 32
140 160 132
85.37% 97.56% 80.49%
Excessive frame retries Excessive low speed transmission Excessive missed AP beacons Unassociated station detected Higher speed not supported Ad-hoc node using AP's SSID
3 4 10 16 1 1
161 160 154 148 163 163
98.17% 97.56% 93.90% 90.24% 99.39% 99.39%
A.10.6.1 Ensure the protection of information in networks and the protection of the supporting infrastructure. Client with encryption disabled Device Probing for APs Crackable WEP IV key used AP broadcasting SSID Exposed Wireless Station detected DoS: Unauthenticated association Device unprotected by TKIP AP operating in bridged mode detected 1 4 2 32 24 1 12 4 163 160 162 132 140 163 152 160 99.39% 97.56% 98.78% 80.49% 85.37% 99.39% 92.68% 97.56%
A.10.8.1 To maintain the security of information and software exchanged within an organization and with any external entity. Crackable WEP IV key used Device unprotected by TKIP Client with encryption disabled 2 12 1 162 152 163 98.78% 92.68% 99.39%
A.10.8.3 Maintain the security of information and software exchanged within an organization and with any external entity. Client with encryption disabled Crackable WEP IV key used Device unprotected by TKIP 1 2 12 163 162 152 99.39% 98.78% 92.68%
A.10.8.4 Maintain the security of information and software exchanged within an organization and with any external entity. Client with encryption disabled Crackable WEP IV key used
1 2
163 162
99.39% 98.78%
Device unprotected by TKIP
12
152
92.68%
A.10.8.5 Maintain the security of information and software exchanged within an organization and with any external entity. Client with encryption disabled Crackable WEP IV key used Device unprotected by TKIP 1 2 12 163 162 152 99.39% 98.78% 92.68%
10.9.1 Ensure the security of electronic commerce services, and their secure use. Device unprotected by TKIP Client with encryption disabled Crackable WEP IV key used 12 1 2 152 163 162 92.68% 99.39% 98.78%
10.9.2 Ensure the security of electronic commerce services, and their secure use. Excessive frame retries Higher speed not supported Unassociated station detected Ad-hoc node using AP's SSID Excessive missed AP beacons Excessive low speed transmission 3 1 16 1 10 4 161 163 148 163 154 160 98.17% 99.39% 90.24% 99.39% 93.90% 97.56%
A.11.7.1 Ensure information security when using mobile computing and teleworking facilities. Client with encryption disabled Crackable WEP IV key used Device unprotected by TKIP 1 2 12 163 162 152 99.39% 98.78% 92.68%
A.12.2.2 Prevent errors, loss, unauthorized modification or misuse of information in applications. Excessive low speed transmission Excessive frame retries 4 3 160 161 97.56% 98.17%
A.12.2.3 Prevent errors, loss, unauthorized modification or misuse of information in applications Excessive missed AP beacons Excessive low speed transmission
10 4
154 160
93.90% 97.56%
Excessive frame retries Higher speed not supported
3 1
161 163
98.17% 99.39%
A.12.3.1 Protect the confidentiality, authenticity or integrity of information by cryptographic means. Device unprotected by TKIP Client with encryption disabled Crackable WEP IV key used 12 1 2 152 163 162 92.68% 99.39% 98.78%
A.12.3.2 Protect the confidentiality, authenticity or integrity of information by cryptographic means. Crackable WEP IV key used Device unprotected by TKIP Client with encryption disabled 2 12 1 162 152 163 98.78% 92.68% 99.39%
A.15.1.4 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements. Client with encryption disabled Device unprotected by TKIP 1 12 163 152 99.39% 92.68%
A.15.1.6 Avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements. Client with encryption disabled Device unprotected by TKIP 1 12 163 152 99.39% 92.68%
A.15.2.1 Ensure compliance of systems with organizational security policies and standards. Device unprotected by TKIP Client with encryption disabled Device Probing for APs Exposed Wireless Station detected AP broadcasting SSID Potential Pre-802.11n device detected AP operating in bridged mode detected Crackable WEP IV key used DoS: Unauthenticated association
12 1 4 24 32 1 4 2 1
152 163 160 140 132 163 160 162 163
92.68% 99.39% 97.56% 85.37% 80.49% 99.39% 97.56% 98.78% 99.39%
A.15.2.2 Ensure compliance of systems with organizational security policies and standards. AP operating in bridged mode detected Potential Pre-802.11n device detected Client with encryption disabled Device Probing for APs Crackable WEP IV key used AP broadcasting SSID Exposed Wireless Station detected DoS: Unauthenticated association Device unprotected by TKIP 4 1 1 4 2 32 24 1 12 160 163 163 160 162 132 140 163 152 97.56% 99.39% 99.39% 97.56% 98.78% 80.49% 85.37% 99.39% 92.68%
Notes: 1) By default, your network fails to comply with the ISO 27001 Directive if one of the devices violates any of its policy sections. 2) Link: http://www.17799central.com/iso-27001.htm
3/ Device-Specific Compliance Report

This report contains detailed information about devices in compliance or violation of the ISO 27001 Directive. It checks the devices against each and every provision in the Directive to show what policy sections are violated or upheld to. It lists all wireless devices deployed on your WLAN. The devices can be sort by MAC address, media type, SSID, or vendor. Compliance % 76.67% 86.67% 63.33% 100.00% 100.00% 100.00%
2:34:17PM
Device Information MAC Address-Media CHANNEL VENDOR SSID 00:90:4B:BD:FC:3A-b Channel: ? GemTek QA_linksys2 00:16:B6:F9:2E:CC-b Channel: ? QA_linksys2 00:40:96:AF:8C:79-b Channel: ? Cisco dlinkG 98:06:9D:D5:FF:31-b Channel: ? Sensor Coverage Survey 00:90:7A:05:2F:CF-b Channel: 2 SpectraLink AirMagnetGuest
ISO 27001 Policy Sections

4.2.3a)1) 4.2.3a)2) 4.2.3a)4) A.10.1.2 A.10.3.1 A.10.6.1 A.10.8.1 A.10.8.3 A.10.8.4 A.10.8.5 A.11.1.1 A.11.2.1 A.11.4.1 A.11.4.2 A.11.4.3 A.11.4.6 A.11.7.1 A.12.2.2 A.12.2.3 A.12.3.1 A.12.3.2 A.12.5.1 A.12.5.3 A.15.1.4 A.15.1.6 A.15.2.1 A.15.2.2 A.9.2.4 4.2.2.h 10.9.1 10.9.2
F P F F P F P F P P P P
P P
P P P P P P P P P P P P P P P F F
P F P P F P F P P P
P P
P F
P P P P P P P P P P P P P P P P P
F F F F F F F F P P P P
P F
P P P P P P P P P P
P P
P P
P P P P P P P P P P
P P
P P
00:90:7A:05:12:AC-b Channel: 5 P P P P P P P P P P SpectraLink qa_wireless_11a_only@tv _cubicle
P P
P P
Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007
00:02:6F:20:2D:E7-b Channel: ? P P P P P P P P P P Senao qa_wireless_11a_only@tv _cubicle 60:1D:4D:7A:96:B2-b Channel: ? compg 72:ED:3F:67:E4:B3-b Channel: ? Buffalo 00:12:17:B5:AA:45-b Channel: 10 Cisco QA_linksys2 00:02:6F:22:36:6E-b Channel: 2 Senao NGbg 00:02:6F:22:7E:E9-b Channel: ? Senao Sensor Coverage Survey 00:02:6F:20:32:3D-b Channel: ? Senao Sensor Coverage Survey 00:14:F1:AF:1B:97-b Channel: 7 Cisco QA-1130-15 P P P P P P P P P P
P P
P P
100.00%
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
F F F F F F F F F F F F
F F
P P P P P P F F F F F P P F F F F
23.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
00:20:A6:52:8F:65-b Channel: 8 Proxim tv-Wireless Network B 00:0B:86:84:B5:30-b Channel: 8 Aruba aruba-engr-11g 00:11:5C:4D:E8:41-b Channel: 4 Cisco AirMagnetGuest 00:0E:35:C0:35:7D-g Channel: 4 Air2 00:0D:ED:AB:7C:23-b Channel: ? Cisco Netgear 00:40:96:A1:4A:F8-b Channel: ? Cisco BuffaloQA 00:16:6F:9C:00:A0-b Channel: 10 QA_linksys2 28:B7:C6:A0:0B:B7-b Channel: ? QA_linksys2 00:13:02:1F:F0:1D-b Channel: ? NGbg
P P
76.67%
P F
P P P P P P P P F P P P P P P F F
60.00%
P P
76.67%
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:0C:F1:3E:E6:58-b Channel: ? NGbg 00:14:A5:49:D3:3B-b Channel: ? GemTek Sensor Coverage Survey
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
00:14:A5:54:87:1A-b Channel: ? P P P P P P P P P P GemTek qa_wireless_11a_only@tv _cubicle 00:90:7A:05:2E:45-b Channel: 2 SpectraLink compa 00:02:6F:22:3B:D3-b Channel: ? Senao compa 32:64:0D:38:5B:8F-b Channel: ? NGbg 00:0C:41:A8:7A:C2-b Channel: 9 ENG-linksys_rtf 00:14:F1:AF:1B:96-b Channel: 7 Cisco QA-1130-14 P P P P P P P P P P
P P
P P
100.00%
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
F F
P P P P P P F P F F F P P F F F F
26.67%
P F
60.00%
00:12:17:DB:88:81-b Channel: 11 Cisco QA_linksys1 00:11:5C:4D:E8:40-b Channel: 4 Cisco Air2 00:0B:85:79:03:C0-b Channel: 11 Airespace QA-1130-15 00:15:2B:AC:CB:CF-b Channel: 7 Cisco AM_vofi 00:90:96:C6:C2:CE-b Channel: ? Askey Air3 00:0B:85:66:24:90-b Channel: ? Airespace <No current ssid> 00:0B:85:26:7F:80-b Channel: ? Airespace <No current ssid> 00:12:F0:1A:6C:5D-b Channel: ? <No current ssid> 00:90:7A:05:2E:AA-b Channel: 2 SpectraLink NETGEAR
P F
P P P P P P P F F P P P P P P F F
56.67%
F P F F P F P F F F F F
F P
P P P P P P F P P F F P P F F F F
43.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:02:6F:22:7E:E7-b Channel: ? Senao compg 04:83:6D:6C:AE:AA-b Channel: ? NGbg 00:14:F1:AF:1B:95-b Channel: 7 Cisco QA-1130-13 00:20:A6:53:8E:73-b Channel: 8 Proxim BuffaloQA 00:90:96:CB:2F:8B-b Channel: ? Askey Sensor Coverage Survey 00:13:02:1B:3A:AC-b Channel: ? <No current ssid> 00:0D:0B:4F:5E:00-b Channel: 6 BuffaloWing 00:14:F1:AF:1B:94-b Channel: 7 Cisco QA-1130-12 00:0F:34:A7:78:10-b Channel: 2 Cisco QAVOFI
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
F F
26.67%
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
F F
P P P P P P F F F F F P P F F F F
23.33%
P P
76.67%
P F P P F P F P P P
P P
P F
P P P P P P P F F P P P P P P P P
80.00%
2:34:17PM
00:0B:85:01:33:A0-b Channel: ? Airespace QA-1130-13 00:12:F0:9E:5D:01-b Channel: ? Sensor Coverage Survey 00:90:4B:BD:FC:46-b Channel: ? GemTek NGbg 00:0E:35:0D:DA:73-b Channel: ? QAVOFI 00:0C:F1:42:84:29-b Channel: ? QAVOFI 00:0C:F1:4C:27:6E-b Channel: ? NGbg B8:8D:56:46:54:8B-b Channel: ? NGbg 00:14:F1:AF:1B:93-b Channel: 7 Cisco QA-1130-11 00:0B:46:91:EA:72-b Channel: 1 Cisco BuffaloQA
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P F
60.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:0E:35:C0:5D:AE-g Channel: 2 QAVOFI 00:90:4B:BD:FC:34-b Channel: 8 GemTek HopOnWireless 00:90:4B:BD:FD:12-b Channel: ? GemTek HopOnWireless 68:B3:1E:94:E5:5B-b Channel: ? HopOnWireless 00:90:7A:05:2F:74-b Channel: 5 SpectraLink QAVOFI 00:16:6F:6D:57:FA-b Channel: ? Air2 00:13:02:1B:39:88-b Channel: ? aruba-engr-11a 00:14:A5:01:94:D0-b Channel: 8 GemTek tv-Wireless Network B 02:24:12:1D:E4:3D-b Channel: ? tv-Wireless Network B
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
F F F F F P F F F F F F
F F
P P P P P P F F F F F P P P P F F
33.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:02:6F:20:6C:90-b Channel: ? Senao Sensor Coverage Survey 00:14:F1:AF:1B:92-b Channel: 7 Cisco QA-1130-10 00:0B:85:01:33:AF-b Channel: 10 Airespace QA-1130-11 00:03:7F:BE:E0:35-b Channel: ? Atheros compg 00:40:96:A4:0E:EC-b Channel: ? Cisco compg 00:0E:35:7F:4E:29-b Channel: ? Sensor Coverage Survey 00:02:6F:20:32:6A-b Channel: ? Senao Sensor Coverage Survey 00:0B:7D:27:9C:EB-b Channel: ? Air2 00:40:96:59:A9:39-b Channel: 6 Cisco QA-350-2
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
F P
43.33%
2:34:17PM
00:14:F1:AF:1B:91-b Channel: 7 Cisco Sensor Coverage Survey 00:11:F5:43:B1:B9-b Channel: 1 Sensor Coverage Survey 96:20:7C:98:19:E6-b Channel: ? NGbg 00:90:4B:BD:FD:21-b Channel: ? GemTek NGbg 00:90:4B:BD:FC:43-b Channel: 10 GemTek Sensor Coverage Survey 00:59:29:6D:54:0D-b Channel: ? MetroFi-Free 00:02:6F:21:27:23-b Channel: 10 Senao Sensor Coverage Survey 00:90:7A:04:F0:C4-b Channel: 2 SpectraLink Sensor Coverage Survey 00:14:F1:09:12:D8-b Channel: ? Cisco Sensor Coverage Survey
P P P P P P P P P P
P P
P P
100.00%
P F
60.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:14:F1:AF:1B:90-b Channel: 7 Cisco AM_vofi 00:13:80:43:11:55-b Channel: 11 Cisco QA-1200-7 00:0B:85:52:FF:F0-b Channel: 11 Airespace QA-350-2 00:0B:85:54:D8:30-b Channel: ? Airespace QA_linksys2 6E:BB:13:70:43:A0-b Channel: ? QA_linksys2 00:12:F0:95:67:4B-b Channel: ? AirMagnetGuest 00:04:23:A2:81:E8-b Channel: ? Intel AirMagnetGuest 00:90:4B:BD:FD:0F-b Channel: ? GemTek compg 42:DE:6D:E4:F7:D0-b Channel: ? Buffalo
F P F F P P P F F F F F
F P
46.67%
F F
26.67%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:13:80:43:11:54-b Channel: 11 Cisco QA-1200-32 00:14:A5:54:85:67-b Channel: ? GemTek compg 00:02:6F:20:2D:88-b Channel: 8 Senao tv-Wireless Network B
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
00:02:6F:21:2A:43-b Channel: ? P P P P P P P P P P Senao qa_wireless_11a_only@tv _cubicle 6E:B0:18:D5:8B:09-b Channel: ? Sensor Coverage Survey 00:13:5F:F9:7F:00-b Channel: 10 compg 00:13:80:43:11:53-b Channel: 11 Cisco QA-1200-31 00:13:80:43:12:20-b Channel: 11 Cisco QA-1200-36 P P P P P P P P P P
P P
P P
100.00%
P P
P P
100.00%
P P
76.67%
F F
26.67%
P P
76.67%
00:13:80:43:15:20-b Channel: 2 Cisco QA_QATest4 00:90:4B:72:B8:6D-b Channel: ? GemTek P-780_g6 00:16:6F:6C:72:B4-b Channel: ? Monitored 00:16:6F:54:3C:95-b Channel: ? Sabre 00:14:A5:01:95:87-b Channel: 8 GemTek tv-Wireless Network B 00:0C:F1:42:8B:BC-b Channel: ? Sabre 00:90:4B:CC:75:7E-b Channel: ? GemTek NGbg 00:16:CF:9F:E8:EC-b Channel: ? compa D6:C2:55:CC:AA:FD-b Channel: ? compa
P F
60.00%
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
F F
30.00%
P P P P P P P P P P
P P
P P
100.00%
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:13:80:43:11:52-b Channel: 11 Cisco QA-1200-30 00:14:A8:53:4C:60-b Channel: 7 tech-1200 00:02:6F:3A:3F:B1-b Channel: ? Senao PRISM-SSID 00:02:6F:20:18:85-b Channel: ? Senao Sensor Coverage Survey 00:02:6F:22:37:52-b Channel: ? Senao Sensor Coverage Survey 00:02:6F:20:8A:BF-b Channel: 2 Senao NGbg 00:0E:35:89:B5:C3-b Channel: ? <No current ssid> 00:13:CE:CF:4A:D7-b Channel: ? NETGEAR 00:02:8A:A8:9A:15-b Channel: 11 Ambit QA-1200-26
P P
76.67%
P P
76.67%
P F
63.33%
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:13:80:43:11:51-b Channel: 11 Cisco QA-1200-26 00:12:F0:29:83:8A-b Channel: ? HopOnWireless 00:90:7A:05:07:F3-b Channel: 5 SpectraLink QAVOFI 00:02:6F:20:8C:E0-b Channel: ? Senao Sensor Coverage Survey 00:14:A5:54:77:FC-b Channel: 2 GemTek NGbg 00:40:96:AF:31:BC-b Channel: ? Cisco <No current ssid> 00:40:96:A1:49:BA-b Channel: ? Cisco <No current ssid> 00:13:80:43:11:50-b Channel: 11 Cisco QA-1200-25 00:09:5B:D6:5C:F8-b Channel: 2 Netgear NGbg
P P
76.67%
P F
63.33%
F F F F F P F F F F F F
F F
P P P P P P F F F F F P P P P F F
33.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
P P
76.67%
P P
76.67%
2:34:17PM
00:0B:85:54:EA:60-b Channel: 11 Airespace QA-1200-26 00:02:6F:21:C4:7C-b Channel: ? Senao BuffaloQA 00:02:6F:22:00:5E-b Channel: ? Senao BuffaloQA 00:09:7C:14:A7:0D-b Channel: ? Cisco ANY 00:02:6F:20:2E:0D-b Channel: ? Senao Sensor Coverage Survey 00:14:A5:01:95:84-b Channel: 2 GemTek NGbg 00:14:A5:01:95:EA-b Channel: 2 GemTek NGbg 00:14:A5:01:95:B7-b Channel: ? GemTek tv-Wireless Network B 00:CD:59:78:3C:00-b Channel: ? HopOnWireless
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
P P
76.67%
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:40:96:AB:51:F4-b Channel: ? Cisco Air2 00:0B:46:91:E2:48-b Channel: ? Cisco QA-1200-32 00:40:96:A8:2E:28-b Channel: ? Cisco QAVOFI 00:90:4B:BD:FC:D6-b Channel: ? GemTek NGbg 00:40:96:59:B9:44-b Channel: 6 Cisco QA-350-2 00:02:8A:A3:09:20-b Channel: 9 Ambit QA-1200-25 00:20:A6:4C:A6:A3-b Channel: ? Proxim AM_vofi 00:15:F9:41:C4:46-b Channel: 7 Cisco AM_vofi 00:02:6F:20:32:2F-b Channel: ? Senao Sensor Coverage Survey
P F
63.33%
P F P P F P F P P P
P P
P F
86.67%
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
F P
43.33%
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:02:6F:21:29:D7-b Channel: ? Senao compg 00:13:CE:C8:54:ED-b Channel: ? Air2 00:90:4B:BD:FD:09-b Channel: 10 GemTek tv-Wireless Network B 00:13:02:89:9F:86-b Channel: ? Sensor Coverage Survey 00:11:5C:4D:E9:11-b Channel: 4 Cisco AirMagnetGuest 00:07:85:B3:8A:E3-b Channel: 5 Cisco QAVOFI 00:0B:85:01:34:40-b Channel: 11 Airespace QA-350-2 00:0B:85:23:7B:00-b Channel: 11 Airespace QA-350-2 00:0B:85:08:12:D0-b Channel: 11 Airespace QA-350-2
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P
76.67%
P F P P F P F P P P
P P
P F
P P P P P P P P F P P P P P P P P
83.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
2:34:17PM
00:04:23:6C:CB:AC-b Channel: 11 Intel whitman_wireless 00:0B:85:54:E9:90-b Channel: ? Airespace EagerWireless 00:0B:85:04:3A:80-b Channel: ? Airespace EagerWireless 00:13:02:77:23:ED-b Channel: ? EagerWireless 00:13:02:31:12:22-b Channel: ? GoogleWiFi 5C:7B:25:56:9C:A1-b Channel: ? AM_vofi 00:0D:0B:1A:14:03-b Channel: 10 Buffalo 00:11:5C:4D:E9:10-b Channel: 4 Cisco Air2
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
P P P P P P P P P P
P P
P P
100.00%
P F
63.33%
P F
63.33%
P P P P P P P P P P
P P
P P
100.00%
F P
43.33%
F P
43.33%
Notes: 1) P = Pass and F = Fail. 2) Channel specific policy violations will not be included in the Device-Specific Compliance Report. 3) AirMagnet has enabled alarms relevant to theISO 27001 Directive in its Policy Compliance Reports.Disabling any alarms tied to the Reports will degrade their effectiveness and result in a wireless network that does not comply with the respective industry regulations.

International Standard For Information Security (ISO 27001) : Designated Official

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

International Standard For Information Security (ISO 27001) : Designated Official

Uploaded by

Copyright:

Available Formats

International Standard for Information Security (ISO 27001) Designated Official:

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

1/ System Level Compliance Report

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Section 4.2.2f) Manage operation of the ISMS.

Section 4.2.2g) Manage resources for the ISMS.

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Section 4.2.3e) Conduct internal ISMS audits at planned intervals.

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

The allocation and use of privileges shall be restricted and controlled.

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

2/ Policy Level Compliance Report

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

180 160 140 120

# Compliance Devices 105 132 105 105 132 108 132

Compliance % 64.02% 80.49% 64.02% 64.02% 80.49% 65.85% 80.49%

Monday, January 29, 2007

Monday, January 29, 2007

151 151 105 105

92.07% 92.07% 64.02% 64.02%

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

ISO 27001 Directive

140 163 163

Compliance Status 85.37% 99.39% 99.39%

162 152 160 132 160

98.78% 92.68% 97.56% 80.49% 97.56%

140 160 132

85.37% 97.56% 80.49%

161 160 154 148 163 163

98.17% 97.56% 93.90% 90.24% 99.39% 99.39%

Device unprotected by TKIP

Excessive frame retries Higher speed not supported

152 163 160 140 132 163 160 162 163

92.68% 99.39% 97.56% 85.37% 80.49% 99.39% 97.56% 98.78% 99.39%

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

3/ Device-Specific Compliance Report

ISO 27001 Policy Sections

00:90:7A:05:12:AC-b Channel: 5 P P P P P P P P P P SpectraLink qa_wireless_11a_only@tv _cubicle

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Monday, January 29, 2007

00:0C:F1:3E:E6:58-b Channel: ? NGbg 00:14:A5:49:D3:3B-b Channel: ? GemTek Sensor Coverage Survey

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007

Live Capture P o we r e d by Ai r Ma g n e t Monday, January 29, 2007 2:34:17PM

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007

Monday, January 29, 2007