iso

ISO-27001-Annex : A.14.2.6 -Secure-Development-Environment

ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing. A.14.2.6  Secure Development Environment Control – ISO 27001 Annex : A.14.2.6 Secure Development Environment in this Organizations should create secure development environments and integration efforts for the entire life cycle of system development and should be adequately protected. Implementation Guidance – A secure development environment includes people, processes, and technology in …

ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing Read More »

ISO-27001-Annex-A.14.2.3-Technical-Review-of-Applications-after-Operating-Platform-Changes

ISO 27001 Annex : A.14.2.3 Technical Review of Applications after Operating Platform Changes , A.14.2.4 Restrictions on Changes to Software Packages & A.14.2.5 Secure System Engineering Principles

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.14.2.3 Technical Review of Applications after Operating Platform Changes , A.14.2.4 Restrictions on Changes to Software Packages & A.14.2.5 Secure System Engineering Principles this controls. A.14.2.3  Technical Review of Applications after Operating Platform Changes Control- In changing operating platforms, critical applications of business should be revised and tested to ensure no adverse impacts on business or security. Implementation Guidance – The following points should be covered in …

ISO 27001 Annex : A.14.2.3 Technical Review of Applications after Operating Platform Changes , A.14.2.4 Restrictions on Changes to Software Packages & A.14.2.5 Secure System Engineering Principles Read More »

ISO-27001-Annex-A.14.2-Security-in-Development-and-Support-Processes

ISO 27001 Annex : A.14.2 Security in Development and Support Processes

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.14.2  Security in Development and Support Processes It’s objective is ensuring the creation and implementation of information security in the information system development process. A.14.2.1  Secure Development Policy Control- Regulations for software and system development should be laid down and applied to organizational developments. Implementation Guidance – Secure development includes a safe infrastructure, architecture, software, and system to be developed. The following considerations should be taken into account in a stable …

ISO 27001 Annex : A.14.2 Security in Development and Support Processes Read More »

ISO-27001-Annex-A.14.1.3-Protecting-Application-Services-Transactions

ISO 27001 Annex : A.14.1.3 Protecting Application Services Transactions

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.14.1.3 Protecting Application Services Transactions in order to avoid incomplete transmission, misrouting, unauthorized messaging modification, unauthorized dissemination, unauthorized message replication, or replay, information concerning application service transactions should be covered. Implementation Guidance – The following should include information security considerations for application service transactions: The use by each party involved in the transaction of electronic signatures; All transaction aspects, i.e. making sure: All parties’ information about the user’s secret authentication …

ISO 27001 Annex : A.14.1.3 Protecting Application Services Transactions Read More »

ISO-27001-Annex-A.14.1.2-Securing-Application-Services-on-Public-Networks

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Information about application services which pass through public networks should be protected against fraudulent activities, contract disputes, unauthorized disclosure, and modification. Implementation Guidance – Information security requirements will include the following for application services that cross public networks: Each party requires a level of trust in the identity claimed by each other, for example, through authentication; Authorizations for those who may authorize the …

ISO 27001 Annex : A.14.1.2 Securing Application Services on Public Networks Read More »

ISO-27001-Annex-14-System-Acquisition-Development-and-Maintenance

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain  A.14.1  Security Requirements of Information Systems & A.14.1.1  Information Security Requirements Analysis and Specification. A.14.1  Security Requirements of Information Systems Its objective is ensuring the information management for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1  Information Security Requirements Analysis and Specification …

ISO 27001 : Annex 14 System Acquisition, Development and Maintenance Read More »

ISO-27001-Annex-A.13.2.3-Electronic-Messaging-&-A.13.2.4-Confidentiality-or Non-Disclosure-Agreements

ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements . A.13.2.3  Electronic Messaging Control- Electronic messaging information should be adequately protected. Implementation Guidance – The following should include information security aspects for electronic messages: Protecting messages against unauthorized access, change or denial of services in line with the organization’s classification scheme; ensure that the message is correctly addressed and transported; Service reliability and availability; Legal considerations, such …

ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements Read More »

ISO-27001-Annex-A.13.2-Information-Transfer

ISO 27001 Annex : A.13.2 Information Transfer

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13.2  Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1  Information Transfer Policies and Procedures Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit …

ISO 27001 Annex : A.13.2 Information Transfer Read More »

ISO-27001-Annex-A.13-Communications-Security

ISO 27001 Annex : A.13 Communications Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13 Communications Security in this article explain A.13.1  Network Security Management, A.13.1.1  Network Controls, A.13.1.2  Security of Network Services, A.13.1.3  Segregation in Networks. A.13.1  Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1  Network Controls Control- To protect information in systems and applications, networks should be managed and monitored. Implementation Guidance – The monitoring of network information security …

ISO 27001 Annex : A.13 Communications Security Read More »

ISO-27001-Annex-A.12.7-Information-Systems-Audit-Considerations

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Its objective is minimizing the impact on operating systems of audit activities. A.12.7.1  Information Systems Audit Controls Control- The audit criteria and activities related to operating system verification should be carefully prepared and decided in order to reduce business process disturbance. Implementation Guidance – It is necessary to follow the following guidance: audit standards for access to systems and data should be negotiated with appropriate management; …

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Read More »