implementation

ISO-27001-Annex : A.11.2.7-Secure-Disposal-or-Re-use-of-Equipment

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.11.2.7  Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy A.11.2.7  Secure Disposal or Re-use of Equipment Control- To avoid the removal or overriding of sensitive data and software by the disposal or reuse of any device containing storage medium, all devices must be reviewed. Implementation Guidance- Equipment should be tested to ensure that the storage media is …

ISO 27001 Annex : A.11.2.7 Secure Disposal or Re-use of Equipment, A.11.2.8 Unattended User Equipment & A.11.2.9 Clear Desk and Clear Screen Policy Read More »

ISO-27001-Annex-A.11.2.4-Equipment-Maintenance

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article is explained ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises. A.11.2.4  Equipment Maintenance Control- To ensure its continued availability and integrity, the equipment should be correctly maintained. Implementation Guidance- The following equipment maintenance guidelines should be taken into account: Equipment should be maintained according to the service intervals and specifications recommended by the supplier; Repair and service equipment should only be …

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises Read More »

ISO-Annex-A.11.1.3-Securing-Offices-Rooms-and-Facilities

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas, A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control- Physical security should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance- The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The …

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas Read More »

ISO-27001-Annex-A.11.2 Equipment

ISO 27001 Annex : A.11.2 Equipment

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11.2 Equipment Its objective is to avoid loss, damage, theft, or compromise of assets and disrupt the operations of the organization. A.11.2.1  Equipment Siting and Protection Control- To mitigate the risk of environmental hazards, risks, and unauthorized access, the equipment should be sited and secured. Implementation Guidance- To protect equipment, the following directives should be considered: In order to minimize unnecessary access in work areas, equipment should be sited; Information processing …

ISO 27001 Annex : A.11.2 Equipment Read More »

ISO-27001-Annex-A.10-Cryptography

ISO 27001 Annex : A.10 Cryptography

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

ISO-27001-Annex-A.9.2.5-Review-of-User-Access-Rights

ISO 27001 Annex : A.9.2.5 Review of User Access Rights & A.9.2.6 Removal or Adjustment of Access Rights

1 Comment / ISO 27001 La, Knowledge Base / By

In this article ISO 27001 Annex : A.9.2.5 Review of User Access Rights & A.9.2.6 Removal or Adjustment of Access Rights these two topic has been explained. A.9.2.5 Review of User Access Rights Control- Access rights of users should be reviewed regularly by asset owners. Implementation Guidance- The following should be considered while reviewing the access rights:- Access rights of users should be reviewed at regular intervals and after any changes, such as promotion, demotion …

ISO 27001 Annex : A.9.2.5 Review of User Access Rights & A.9.2.6 Removal or Adjustment of Access Rights Read More »

ISO-27001-Annex-A.9.2.3 Management-of-Privileged-Access-Rights

ISO 27001 Annex : A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users these two topic is explained in this article. A.9.2.3 Management of Privileged Access Rights Control- A.9.2.3 Management of Privileged Access Rights The allocation and usage of exclusive access privileges will be limited and controlled. Implementation guidance- A structured authorizing procedure in accordance with the appropriate access management policies should monitor the allocation and usage of delegated …

ISO 27001 Annex : A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users Read More »

ISO-27001-Annex-A.9.2-User-Access-Management

ISO 27001 Annex : A.9.2 User Access Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.9.2 User Access Management Its objective is to ensure approved user access and avoid unauthorized access to systems and facilities. A.9.2.1 User registration and de-registration Control- In order to allow the assignment of access rights, a systematic process of user registration and de-registration should be enforced. Implementation guidance- The process to manage user IDs should include: Use unique user IDs to encourage users to be connected to and hold accountable for …

ISO 27001 Annex : A.9.2 User Access Management Read More »

ISO-27001-Annex - A.8.3-Media-Handling

ISO 27001 Annex : A.8.3 Media Handling

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.3 Media Handling Its objective is to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media. A.8.3.1 Management of Removable Media Control- Procedures shall be implemented for the management of removable media in accordance with the classification scheme adopted by the organization. Implementation Guidance- The following guidelines should be considered for the management of removable media: If not needed, the contents of any reusable media that are …

ISO 27001 Annex : A.8.3 Media Handling Read More »

ISO-27001-Annex : A.8.1.3-Acceptable-Use-of-Assets-&-A.8.1.4-Return-of-Assets

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets this is a part of assets management previous article was based on same which is continue in this article. A.8.1.3 Acceptable Use of Assets Control- Rules should be identified, documented, and implemented for the acceptable use of information and assets linked to information and information processing facilities. Implementation Guidance- The information security requirements of the organization’s assets along with information and …

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets Read More »