ISO 27001 Certification and Network Infrastructure Enhancement
During my tenure as a system administrator, I spearheaded a crucial project that resulted in our organization achieving ISO 27001 certification. This undertaking involved significant transformations in our network infrastructure, with the primary objective of bolstering our information security measures. As part of this initiative, we implemented a range of enhancements and integrated various control systems to ensure compliance with ISO 27001 standards.
To begin, we thoroughly redesigned our network infrastructure schema, introducing a powerful firewall that offered comprehensive features such as Intrusion Prevention System (IPS), Intrusion Detection System (IDS), routing, and Network Address Translation (NAT). This firewall served as a protective barrier at the edge of our local network. We also introduced two top-of-the-rack switches to enhance network performance and redundancy. All switches were interconnected with these top-of-the-rack switches, ensuring a resilient and scalable network architecture.
In order to improve network security and optimize traffic management, we undertook the task of segregating our network into VLANs. Despite the lack of existing documentation, I collaborated closely with relevant stakeholders to identify the necessary VLAN requirements. Drawing upon this input, I devised a comprehensive plan for VLAN segmentation, enabling the logical division of our network into distinct subnetworks. Through meticulous configuration on our network switches, we effectively isolated and controlled access between different network segments.
Recognizing the need for a robust DNS filtering system, we embarked on finding and implementing a solution that would provide enhanced web filtering and protection against malicious websites. After careful evaluation, we selected and deployed Pihole as our DNS filtering system. This implementation enabled us to block access to known malicious domains and filter undesirable content, fortifying our organization's defenses.
In parallel to the infrastructure enhancements, we conducted an assessment of our existing systems to ensure compliance with ISO 27001 requirements. This included evaluating systems such as the Domain Controller, Zabbix monitoring system, Greylog log management system, and others. Any necessary configurations and adjustments were made to align these systems with the ISO 27001 controls and guidelines. We also ensured the implementation of appropriate logging and monitoring mechanisms to support compliance efforts and facilitate prompt incident response.
Throughout the project, we collaborated closely with internal and external auditors, who provided guidance and support during the certification process. We prepared the necessary documentation and evidence to demonstrate our adherence to ISO 27001 standards. Where non-conformities or gaps were identified, we promptly addressed them, implementing corrective actions as required. Ultimately, our efforts culminated in the successful achievement of ISO 27001 certification, signifying our organization's commitment to robust information security practices and adherence to internationally recognized standards.