confidentiality

ISO-27001-Annex-A.12.6-Technical-Vulnerability-Management

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.6  Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1  Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO-27001-Annex-12-Operations-Security

ISO 27001 Annex : 12 Operations Security

14 Comments / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1  Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1  Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

ISO-27001-Annex : A.11.2.7-Secure-Disposal-or-Re-use-of-Equipment

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.11.2.7  Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy A.11.2.7  Secure Disposal or Re-use of Equipment Control- To avoid the removal or overriding of sensitive data and software by the disposal or reuse of any device containing storage medium, all devices must be reviewed. Implementation Guidance- Equipment should be tested to ensure that the storage media is …

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy Read More »

ISO-27001-Annex-A.11.2.4-Equipment-Maintenance

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article is explained ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises. A.11.2.4  Equipment Maintenance Control- To ensure its continued availability and integrity, the equipment should be correctly maintained. Implementation Guidance- The following equipment maintenance guidelines should be taken into account: Equipment should be maintained according to the service intervals and specifications recommended by the supplier; Repair and service equipment should only be …

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises Read More »

ISO-27001-Annex-A.10-Cryptography

ISO 27001 Annex : A.10 Cryptography

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

ISO-27001-Annex-A.9.3-User-Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »

ISO-27001-Annex - A.8.3-Media-Handling

ISO 27001 Annex : A.8.3 Media Handling

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.3 Media Handling Its objective is to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media. A.8.3.1 Management of Removable Media Control- Procedures shall be implemented for the management of removable media in accordance with the classification scheme adopted by the organization. Implementation Guidance- The following guidelines should be considered for the management of removable media: If not needed, the contents of any reusable media that are …

ISO 27001 Annex : A.8.3 Media Handling Read More »

Annex A.8.2.2 Labeling of Information

ISO 27001 Annex : A.8.2 Information Classification

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.2 Information Classification Its objective is To ensure that the information is properly secured, in accordance with its significance to the organization. A.8.2.1 Classification of Information Control- Information should be classification the basis of their legal provisions, criticality, and vulnerability to unwanted release or alteration Implementation Guidance- Classifications and associated information security measures will also include regulatory standards, which take into account market demands for information sharing or restriction. Assets other …

ISO 27001 Annex : A.8.2 Information Classification Read More »

ISO-27001-Annex : A.6-Organization-of-Information-Security

ISO 27001 Annex : A.6 Organization of Information Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

6.1 Internal Organization ISO 27001 Annex : A.6 Organization of Information Security its object is to establish a management framework for initiating and controlling the implementation and functioning of information security within the organization. 6.1.1 Information Security Roles and Responsibilities Control- All responsibilities related to information security should be well defined and assigned. Implementation Guidance- Allocation of information security responsibilities should be carried out in compliance with information security policies (Refer A.5.1.1). Responsibilities for the …

ISO 27001 Annex : A.6 Organization of Information Security Read More »

Overview of Network Security Objectives

Leave a Comment / CCNA / By

Overview of Network Security Objectives this blog is based on Understanding Network and Information Security with it’s objective Confidentiality, Integrity and Availability etc. Understanding Network and information Security Basics Security is very important, and therefore the lack of it risks financial, legal, political, and PR implications. This section covers a number of the concepts, terms, and methodologies employed in preparing for and dealing with secure networks. Network Security Objectives When considering networks, you’ll view them …

Overview of Network Security Objectives Read More »