From Splunk Wiki
The ISO/IEC 27000 series is a set of security best practices and frameworks that are implemented by many companies. There are various sub-documents part of the 27000 series:
- ISO/IEC 27001 is an information security management system (ISMS) standard
- ISO/IEC 27002 is the Code of Practice for Information Security Management lists security control objectives and recommends a range of specific security controls. ISO 27002 is formerly known as ISO 17799 or BS 7799.
To implement ISO 27002 with Splunk, companies
- collect all the IT data centrally in Splunk
- build reports for the various ISO sections with Splunk
- set up alerts to proactively monitor control objectives
Many of the reports of the Splunk for Network Security or Splunk for PCI compliance' can be used as is to report on some of the sections. Other sections will need reports to be implemented from scratch.