controls

Understand-Laws-and-Regulations

Understand Laws and Regulations

Leave a Comment / CHFI, Knowledge Base / By

Understand Laws and Regulations in this there are many laws that affect digital forensics investigation; for example, some jurisdictions have passed laws that require the investigator to be either a law enforcement officer or a licensed private investigator to extract the evidence. Of course, that does not prevent a forensic investigator from working with information someone else extracted or extracting evidence if the information owner gave his or her permission. It is important to be …

Understand Laws and Regulations Read More »

ISO-27001-Annex-A.17.1.3-Verify-Review-and-Evaluate-Information-Security-Continuity

ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity In order to ensure accurate and productive to adverse circumstances, the company must review on-going controls on safety information defined and enforced at regular intervals. Implementation Guidance- Changes in organizational, technological, administrative and procedures, whether operational or framework, will lead to changes in the criteria for the continuity of information security. In such cases, the continuity of information security processes, procedures and …

ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity Read More »

ISO-27001-Annex : A.14.3-Test-data

ISO 27001 Annex : A.14.3 Test data

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.14.3  Test data its objective is to ensure that data used for research are secured. A.14.3.1  Protection of test data Control – Careful collection, security, and review of test data should be performed. Implementation Guidance – It should be avoided the use of operational information containing personal information or any other confidential information for test purposes. Where personal information or otherwise confidential information for testing purposes is used, all sensitive information …

ISO 27001 Annex : A.14.3 Test data Read More »

ISO-27001-Annex : A.14.2.6 -Secure-Development-Environment

ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing. A.14.2.6  Secure Development Environment Control – ISO 27001 Annex : A.14.2.6 Secure Development Environment in this Organizations should create secure development environments and integration efforts for the entire life cycle of system development and should be adequately protected. Implementation Guidance – A secure development environment includes people, processes, and technology in …

ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing Read More »

ISO-27001-Annex-14-System-Acquisition-Development-and-Maintenance

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain  A.14.1  Security Requirements of Information Systems & A.14.1.1  Information Security Requirements Analysis and Specification. A.14.1  Security Requirements of Information Systems Its objective is ensuring the information management for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1  Information Security Requirements Analysis and Specification …

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance Read More »

ISO-27001-Annex -A.12.2-Protection-from-Malware

ISO 27001 Annex : A.12.2 Protection from Malware

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.2 Protection from Malware It’s objective is ensuring that malware protection is provided to information and information processing facilities. A.12.2.1  Controls Against Malware Control- In combination with appropriate user awareness, the detection, prevention, and recovery controls to protect against malware should be implemented. Implementation guidance Malware protection should be supported by malware detection and repair software, awareness of the safety of information, and adequate system access and management reviews on changes. …

ISO 27001 Annex : A.12.2 Protection from Malware Read More »

ISO-27001-Annex-A.11.2.4-Equipment-Maintenance

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article is explained ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises. A.11.2.4  Equipment Maintenance Control- To ensure its continued availability and integrity, the equipment should be correctly maintained. Implementation Guidance- The following equipment maintenance guidelines should be taken into account: Equipment should be maintained according to the service intervals and specifications recommended by the supplier; Repair and service equipment should only be …

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises Read More »

ISO-27001-Annex-A.11-Physica- and-Environmental-Security

ISO 27001 Annex : A.11 Physical and Environmental Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls.  A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the organization’s information and information processing facilities. A.11.1.1 Physical Security Perimeter Control- Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance- When appropriate, for …

ISO 27001 Annex : A.11 Physical and Environmental Security Read More »

ISO-27001-Annex-A.10-Cryptography

ISO 27001 Annex : A.10 Cryptography

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

Information-security-risk-treatment

ISO 27001 Clause 6.1.3 Information security risk treatment

1 Comment / ISO 27001 La, Knowledge Base / By

Information-security-risk-treatment Required activity The organization defines and applies an information security risk treatment process.  Implementation Guideline Information security risk treatment is that the overall process of choosing risk treatment options, determining appropriate controls to implement such options, formulating a risk treatment plan and obtaining approval of the Risk treatment plan by the Risk owner(s).All steps of the knowledge security risk treatment process also because the results of its application are retained by the organization as …

ISO 27001 Clause 6.1.3 Information security risk treatment Read More »