iso

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1 Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO 27001 Annex : A.12.5 Control of Operational Software

ISO 27001 Annex : A.12.5 Control of Operational Software Its objective is to ensure operating system integrity. A.12.5.1 Installation of Software on Operational Systems Control- To control the installation of software on operating systems, procedures should be implemented. Implementation Guidance- To control changes in software on operational systems, the following guidelines should be considered: Trained administrators should only upgrade operational software, applications and libraries upon appropriate management permission; Only approved executable code and non-developed code …

ISO 27001 Annex : A.12.5 Control of Operational Software Read More »

ISO 27001 Annex : A.12.4 Logging and Monitoring

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.4 Logging and Monitoring Its objective is recording events and generating evidence. A.12.4.1 Event Logging Control- Event logs should be produced, retained, and regularly reviewed to record user activities, exceptions, defects, and information security events. Implementation Guidance- Where applicable, event logs should include: IDs of User; Activities of the system; dates, times and key events details, such as log-on and log-off; System ID or location and device recognition where possible; records …

ISO 27001 Annex : A.12.4 Logging and Monitoring Read More »

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1 Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

Control- ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Only network and network facilities which have expressly been approved for use will be made available to users. Implementation Guidance- A policy on the use of networks and network policy should be developed. Following points should be covered in this policy: networks and network infrastructure to which access is permitted; Authorization procedures for determining who is permitted to access which networks and Networking services; …

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Read More »

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets this is a part of assets management previous article was based on same which is continue in this article. A.8.1.3 Acceptable Use of Assets Control- Rules should be identified, documented, and implemented for the acceptable use of information and assets linked to information and information processing facilities. Implementation Guidance- The information security requirements of the organization’s assets along with information and …

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets Read More »

ISO 27001 Annex : A.8 Asset Management

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

A.8.1 Responsibility for Assets ISO 27001 Annex : A.8 Asset Management Its objective is to identify and establish acceptable security responsibilities for the organization’s assets . A.8.1.1 Inventory of Assets Control- Assets related to information and information facilities of an organization should be identified and listed, inventory of these assets should also be maintained. Implementation Guidance- An organization will identify important assets in the information lifecycle, and document their importance. The life-cycle of information should …

ISO 27001 Annex : A.8 Asset Management Read More »

ISO 27001 Annex : A.7.3 Termination and Change of Employment

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.7.3 Termination and Change of Employment Its objective is to safeguard the interests of the organization as part of the adjustment or termination of employment. A.7.3.1 Termination or change of Employment Responsibilities Control- Responsibility and information security requirements that continue to be valid following termination or change of employment must be defined, communicated to, and implemented by the employee or contractor. Implementation Guidance- Communication of termination duties may include on-going information …

ISO 27001 Annex : A.7.3 Termination and Change of Employment Read More »

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking its objective is to ensure the security of teleworking and the use of mobile devices. A.6.2.1 Mobile Device Policy Control- To manage the risks introduced by the use of mobile devices, a policy and supporting safety measures should be adopted. Implementation Guidance- Special care should be taken when using mobile devices to ensure that business information is not compromised. The policy on mobile devices should take …

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking Read More »

CLAUSE 6.2 Information security -infosavvy

ISO 27001 CLAUSE 6.2 Information security objectives & planning

Leave a Comment / ISO 27001 La, Knowledge Base / By Tushar Panhalkar

Objectives and planning ISO 27001 CLAUSE 6.2 Information security objectives & planning to achieve them. Required activity The organization establishes information security objectives and plans to realize them at relevant functions and levels. Implementation Guideline Information security objectives help to implement strategic goals of a corporation also on implement the knowledge security policy. Thereby, objectives in an ISMS are the knowledge security objectives for confidentiality, integrity and availability of data. Information security objectives also help …

ISO 27001 CLAUSE 6.2 Information security objectives & planning Read More »

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

ISO 27001 Annex : A.12.5 Control of Operational Software

ISO 27001 Annex : A.12.4 Logging and Monitoring

ISO 27001 Annex : A.12.3 Backup

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets

ISO 27001 Annex : A.8 Asset Management

ISO 27001 Annex : A.7.3 Termination and Change of Employment

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking

ISO 27001 CLAUSE 6.2 Information security objectives & planning

Course Categories

Quick Menu

Contact us

Recent Posts

Find Us Here