audit

ISO 27001 Annex : A.12.5 Control of Operational Software

ISO 27001 Annex : A.12.5 Control of Operational Software Its objective is to ensure operating system integrity. A.12.5.1 Installation of Software on Operational Systems Control- To control the installation of software on operating systems, procedures should be implemented. Implementation Guidance- To control changes in software on operational systems, the following guidelines should be considered: Trained administrators should only upgrade operational software, applications and libraries upon appropriate management permission; Only approved executable code and non-developed code …

ISO 27001 Annex : A.12.5 Control of Operational Software Read More »

ISO 27001 Annex : A.12.4 Logging and Monitoring

ISO 27001 Annex : A.12.4 Logging and Monitoring Its objective is recording events and generating evidence. A.12.4.1 Event Logging Control- Event logs should be produced, retained, and regularly reviewed to record user activities, exceptions, defects, and information security events. Implementation Guidance- Where applicable, event logs should include: IDs of User; Activities of the system; dates, times and key events details, such as log-on and log-off; System ID or location and device recognition where possible; records …

ISO 27001 Annex : A.12.4 Logging and Monitoring Read More »

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1 Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO-27001-Annex-A.11-Physica- and-Environmental-Security

ISO 27001 Annex : A.11 Physical and Environmental Security

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls. A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the organization’s information and information processing facilities. A.11.1.1 Physical Security Perimeter Control- Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance- When appropriate, for …

ISO 27001 Annex : A.11 Physical and Environmental Security Read More »

ISO 27001 Annex : A.9.3 User Responsibilities

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »

Life Cycle of forensics information in the system

Leave a Comment / ECIH / By Tushar Panhalkar

Forensics Information Life Cycle of forensics information in the system Forensics information in order to efficiently handle the numerous incidents that an organization may come across, it’s essential that the forensic issues be implemented into the existing system life cycle. A few such examples are as given below: • Maintaining a backup of the system on a regular basis• For securing centralized log servers, audit reports should be forwarded by auditing the workstations, servers, and …

Life Cycle of forensics information in the system Read More »

Scope and Limitations of Ethical Hacking

3 Comments / CEH, CyberSecurity / By Tushar Panhalkar

Ethical hacking Scope and Limitations of Ethical Hacking, It is a structured and organized security assessment, usually as part of a penetration test. Security audit and is a crucial component of risk assessment, and information systems security best practices. It is used to identify risks and highlight remedial actions, and also to reduce Information and Communications Technology (ICT) costs by resolving those vulnerabilities. An ethical hacker should understand the penalties of unauthorized hacking into a …

Scope and Limitations of Ethical Hacking Read More »

ISO 27001 Annex : A.12.5 Control of Operational Software

ISO 27001 Annex : A.12.4 Logging and Monitoring

ISO 27001 Annex : A.12.3 Backup

ISO 27001 Annex : A.11 Physical and Environmental Security

ISO 27001 Annex : A.9.3 User Responsibilities

Life Cycle of forensics information in the system

Scope and Limitations of Ethical Hacking

Course Categories

Quick Menu

Contact us

Recent Posts

Find Us Here