ISO 27001 La

ISO 27001 Annex : A.13.2 Information Transfer

ISO 27001 Annex : A.13.2 Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1 Information Transfer Policies and Procedures Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit …

ISO 27001 Annex : A.13.2 Information Transfer Read More »

ISO 27001 Annex : A.13 Communications Security

ISO 27001 Annex : A.13 Communications Security in this article explain A.13.1 Network Security Management, A.13.1.1 Network Controls, A.13.1.2 Security of Network Services, A.13.1.3 Segregation in Networks. A.13.1 Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1 Network Controls Control- To protect information in systems and applications, networks should be managed and monitored. Implementation Guidance – The monitoring of network information security …

ISO 27001 Annex : A.13 Communications Security Read More »

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Its objective is minimizing the impact on operating systems of audit activities. A.12.7.1 Information Systems Audit Controls Control- The audit criteria and activities related to operating system verification should be carefully prepared and decided in order to reduce business process disturbance. Implementation Guidance – It is necessary to follow the following guidance: audit standards for access to systems and data should be negotiated with appropriate management; …

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Read More »

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1 Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO 27001 Annex : A.12.5 Control of Operational Software

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.5 Control of Operational Software Its objective is to ensure operating system integrity. A.12.5.1 Installation of Software on Operational Systems Control- To control the installation of software on operating systems, procedures should be implemented. Implementation Guidance- To control changes in software on operational systems, the following guidelines should be considered: Trained administrators should only upgrade operational software, applications and libraries upon appropriate management permission; Only approved executable code and non-developed code …

ISO 27001 Annex : A.12.5 Control of Operational Software Read More »

ISO 27001 Annex : A.12.4 Logging and Monitoring

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.4 Logging and Monitoring Its objective is recording events and generating evidence. A.12.4.1 Event Logging Control- Event logs should be produced, retained, and regularly reviewed to record user activities, exceptions, defects, and information security events. Implementation Guidance- Where applicable, event logs should include: IDs of User; Activities of the system; dates, times and key events details, such as log-on and log-off; System ID or location and device recognition where possible; records …

ISO 27001 Annex : A.12.4 Logging and Monitoring Read More »

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1 Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO 27001 Annex : A.12.2 Protection from Malware

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.2 Protection from Malware It’s objective is ensuring that malware protection is provided to information and information processing facilities. A.12.2.1 Controls Against Malware Control- In combination with appropriate user awareness, the detection, prevention, and recovery controls to protect against malware should be implemented. Implementation guidance Malware protection should be supported by malware detection and repair software, awareness of the safety of information, and adequate system access and management reviews on changes. …

ISO 27001 Annex : A.12.2 Protection from Malware Read More »

ISO 27001 Annex : 12 Operations Security

14 Comments / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1 Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1 Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

In this article explain ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy A.11.2.7 Secure Disposal or Re-use of Equipment Control- To avoid the removal or overriding of sensitive data and software by the disposal or reuse of any device containing storage medium, all devices must be reviewed. Implementation Guidance- Equipment should be tested to ensure that the storage media is …

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy Read More »

ISO 27001 Annex : A.13.2 Information Transfer

ISO 27001 Annex : A.13 Communications Security

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

ISO 27001 Annex : A.12.5 Control of Operational Software

ISO 27001 Annex : A.12.4 Logging and Monitoring

ISO 27001 Annex : A.12.3 Backup

ISO 27001 Annex : A.12.2 Protection from Malware

ISO 27001 Annex : 12 Operations Security

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy

Course Categories

Quick Menu

Contact us

Recent Posts

Find Us Here