ISMS
ISO/IEC 27001:2013 Consultancy for Implementation
ISMS in detail…
Pardazeshgaran has a very innovative methodology in ISMS (Information Security Management System) based on ISO/IEC 27001 implementation. This methodology is based on a belief that ISMS should be implemented in all organizations and companies whether it is small or medium or huge. Because in every organization, ISMS implementation should be customized, Pardazeshgaran decided to define some themes and assign one theme for the organization at the early stages of ISMS implementation. This theme was chosen based on the classification that Pardazeshgaran had by its experiences and was based on the organization’s ICT maturity, complexity, number of ICT staff, the organization of ICT, the ICT or security budget, and so on.
ISMS needs a lot of steps to be completed and for each step, Pardazeshgaran has produced some separates documents in MS Excel and MS Word, and the efficiency and correctness of all these documents have been tested and the customers had been certified in ISO/IEC 27001 by the accredited bodies. In these type of services (e.g. consultancy) the most important factor is time and to overcome this shortage Pardazeshgaran started developing a windows application for ISMS containing these documents and forms but it had some difficulties for implementation and maintenance in the organization and it needs a lot of simplifications or training staff and troubleshooting and updating and then Alireza Sajjadieh and his team decided to make all these changes and develop it as a SaaS for a lot of companies in the world.
SaaS in detail…
iSecureData is an Information Security SaaS that helps solve the ever-increasing need of organizations in implementing ISMS (Information Security Management System) based on ISO/IEC 27001 and other information security standards and best practices and frameworks.
iSecureData will be implemented on a secure cloud and provides services as SaaS but it is possible to be implemented on a private cloud based on customers’ requests.
Implementing a management system for information security is a growing concern for all SMBs and enterprise companies in Canada and the USA as well as other countries. Choosing the right solution for information security and addressing the information security concerns is not just a challenge in the cost but a challenge for experts and consultants serving organizations. iSecureData is a SaaS for all organizations to help solve this problem. The key value proposition is iSecureData’s systematic approach and its methodology to implement ISMS; which is based on more than 15 years of experience in implementing ISMS in a variety of organizations.
iSecureData is a service business. iSecureData will help individuals to manage InfoSec for their information assets. Also, iSecureData SaaS will offer organizations the ability to Implement ISMS as follows:
Based on the ISMS phases which are specified in ISO/IEC 27001 standard, in a step by step process, the system asks very simple but deep questions to help the organization identify its information security risks and then based on related standards and best practices and using recommendation system based on AI, it will suggest managerial or systematic or technical tasks and solutions mitigate these risks. These tasks and solutions are assigned to designated staff and they can update their task status so the managers can get sufficient reports and tracking the progress of the ISMS in the organization. If the organization prefers to be certified based on ISO/IEC 27001, the auditors can get helpful reports from this software. This software can be used to implement all other standards and best practices and framework which are related to information security (e.g. GDPR, PCI DSS, NIST800-53, etc.). The most valuable of this system is its simplicity and effectiveness in implementing ISMS which is mostly considered complex and not efficient implementation for organizations.
This SaaS has some innovation especially in its Risk Treatment Plan suggestion and recommendation system which is based on AI. The AI technics is rooted in the M.S. thesis of Mr. Alireza Sajjadieh and is fully explained in his IEEE paper in France. The Risk Treatment Plans are suggested to the organization based on what is their Risk and what plans were chosen by similar organizations with similar risk.
IEEE-conference-A-Hybrid-Framework-for-a-Personalized-Document-Filtering-System
SaaS
iSecureData startup for AI based ISMS implementation on clouds
Chabok Plan
An agile implementation for ITIL and ISO 20000
Chabok Plan in detail…
Pardazeshgaran contracted some projects for ICT strategic planning and Information Security Strategic Planning and implementing ISO 20000 for ITSM (IT Service Management) and ITIL (IT Infrastructure Library); with a very specific plan named Chabok; which is the translation for agile; to do a very specific implementation of ITIL by deploying some functions like help desk and change management, etc. After 2009 when the ISMS projects became so much extended and Pardazeshgaran decided to focus only on ISMS projects and tenders and all employees’ expertise was used in ISMS projects and that decision help Pardazeshgaran to do gigantic projects in ISMS implementation.
Amin Plan in detail…
Amin Plan is an innovation from Pardazeshgaran and it was started by realizing a very big problem in organizations that wants security and they were forced to implement ISMS by regulations but they had no maturity to implement a management system for their information security. Pardazeshgaran started a plan to help those organizations to implement all the technical controls in accordance with ISO 27001 and then after fixing their technical security concerns, they could implement all phases of ISMS. Those security controls were about one-third of all controls in annex A of ISO 27001 and were describing all technical controls in detail. Pardazeshgaran had used a lot of InfoSec documents of DoD (Department of Defense of the USA), CISCO best practices, and Microsoft guidelines in writing the Amin Plan. Amin plan was chosen as the de facto standard for most information security tenders and RFPs in Iran and was announced as the selected InfoSec plan by the” Iran ICT Guild organization”. In this plan, Pardazeshgaran had described most of the activities about planning minimum requirements of network topology and also minimum requirements for hardening.
Amin Plan
Details for implementing technical controls of information security
