access

ISO 27001 Annex : A.15 Supplier Relationships

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.15 Supplier Relationships in this article explaining Information Security in Supplier Relationships, and there policies . A.15.1  Information Security in Supplier Relationships It’s objective is ensuring the security of assets accessible to suppliers of the organization. A.15.1.1  Information Security Policy for Supplier Relationships Control- The supplier should be agreed with and documented information security requirements related to the risk mitigation of access by suppliers to organizational assets. “The company becomes more …

ISO 27001 Annex : A.15 Supplier Relationships Read More »

Physical-Location-and-Structural-Design-Considerations

Physical Location and Structural Design Considerations of Computer Forensics Lab

Leave a Comment / CHFI / By

Physical Location and Structural Design Considerations in this article explain how to design & structure forensic lab and where should be physically located . Physical Location Needs of a Forensics Lab The physical location needs of a forensics lab are Site of the lab: The site should have at least two directions of entry to ensure that one can access the lab despite heavy traffic conditions, street maintenance work, or any unexpected site disruptions. Access …

Physical Location and Structural Design Considerations of Computer Forensics Lab Read More »

For-a-hacker

For a hacker, chaos isn’t a pit, Chaos is ladder

Leave a Comment / CEH, Knowledge Base / By

For a hacker, chaos isn’t a pit, Chaos is ladder this idea is explained during this article with the assistance of some hacker and their terms. “To better describe hacking, one needs to first understand hackers.”  Who may be a Hacker? A hacker is a private who uses computer, networking or other skills to beat a technical problem. The term hacker may ask anyone with technical skills, but it often refers to an individual who …

For a hacker, chaos isn’t a pit, Chaos is ladder Read More »

ISO-27001-Annex-A.13-Communications-Security

ISO 27001 Annex : A.13 Communications Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13 Communications Security in this article explain A.13.1  Network Security Management, A.13.1.1  Network Controls, A.13.1.2  Security of Network Services, A.13.1.3  Segregation in Networks. A.13.1  Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1  Network Controls Control- To protect information in systems and applications, networks should be managed and monitored. Implementation Guidance – The monitoring of network information security …

ISO 27001 Annex : A.13 Communications Security Read More »

ISO-27001-Annex-A.12.7-Information-Systems-Audit-Considerations

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Its objective is minimizing the impact on operating systems of audit activities. A.12.7.1  Information Systems Audit Controls Control- The audit criteria and activities related to operating system verification should be carefully prepared and decided in order to reduce business process disturbance. Implementation Guidance – It is necessary to follow the following guidance: audit standards for access to systems and data should be negotiated with appropriate management; …

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Read More »

ISO-Annex-A.11.1.3-Securing-Offices-Rooms-and-Facilities

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas, A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control- Physical security should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance- The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The …

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas Read More »

ISO-27001-Annex-A.11.2 Equipment

ISO 27001 Annex : A.11.2 Equipment

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11.2 Equipment Its objective is to avoid loss, damage, theft, or compromise of assets and disrupt the operations of the organization. A.11.2.1  Equipment Siting and Protection Control- To mitigate the risk of environmental hazards, risks, and unauthorized access, the equipment should be sited and secured. Implementation Guidance- To protect equipment, the following directives should be considered: In order to minimize unnecessary access in work areas, equipment should be sited; Information processing …

ISO 27001 Annex : A.11.2 Equipment Read More »

ISO-27001-Annex-A.11-Physica- and-Environmental-Security

ISO 27001 Annex : A.11 Physical and Environmental Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls.  A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the organization’s information and information processing facilities. A.11.1.1 Physical Security Perimeter Control- Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance- When appropriate, for …

ISO 27001 Annex : A.11 Physical and Environmental Security Read More »

ISO-27001-Annex-A.9.4.4-Use-of-Privileged-Utility-Programs

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code this two topics are explain. A.9.4.4 Use of Privileged Utility Programs Control- The use of utility programs that could bypass system and application controls should be limited and tightly controlled. Implementation Guidance- The following guidelines should be taken into account when using utility programs that could override system and application controls: the use of …

ISO 27001 Annex : A.9.4.4 Use of Privileged Utility Programs & A.9.4.5 Access Control to Program Source Code Read More »