organization

scan

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

Leave a Comment / CEHv11 / By

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Option 1 : Credential assessment Option 2 : Internal assessment Option 3 : External assessment Option 4 : …

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Read More »

ISO-27001-Annex-A.17-Information-Security-Aspects-of-Business-Continuity-Management

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management

23 Comments / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management in this article explain Information Security Continuity, Planning Information Security Continuity and Implementing Information Security Continuity this contols. A.17.1 Information Security Continuity Its objective is the continuity of information security should be integrated into the business continuity management processes of the organization. A17.1.1 Planning Information Security Continuity Control – In adverse circumstances, e.g. during a crisis or a catastrophe, the company will determine …

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management Read More »

ISO-27001-Annex-A.16-Information-Security-Incident-Management

ISO 27001 Annex : A.16 Information Security Incident Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.16 Information Security Incident Management in this aerticle explain Management of Information Security Incidents and Improvements and there Responsibilities & Procedures. A.16.1 Management of Information Security Incidents and Improvements It’s objective is to ensure a clear and successful strategy, including communication on security incidents and vulnerabilities, for information security incidents management. A.16.1.1 Responsibilities and Procedures Control- In order to ensure a quick, efficient, and organized response to ISO 27001 Annex : …

ISO 27001 Annex : A.16 Information Security Incident Management Read More »

ISO-27001-Annex-A.15.2-Supplier-Service-Delivery-Management

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management It’s objective is to maintain, in compliance with supplier agreements, an agreed level of information security and delivery of service. A.15.2.1  Monitoring and Review of Supplier Services Control- Organizations shall monitor, review and audit the provision of service to suppliers on a regular basis. Implementation Guidance – Monitoring and review of supplier services will ensure respect for the terms and conditions of information security of the …

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management Read More »

ISO 27001 Annex : A.15 Supplier Relationships

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.15 Supplier Relationships in this article explaining Information Security in Supplier Relationships, and there policies . A.15.1  Information Security in Supplier Relationships It’s objective is ensuring the security of assets accessible to suppliers of the organization. A.15.1.1  Information Security Policy for Supplier Relationships Control- The supplier should be agreed with and documented information security requirements related to the risk mitigation of access by suppliers to organizational assets. “The company becomes more …

ISO 27001 Annex : A.15 Supplier Relationships Read More »

ISO-27001-Annex : A.14.2.6 -Secure-Development-Environment

ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing. A.14.2.6  Secure Development Environment Control – ISO 27001 Annex : A.14.2.6 Secure Development Environment in this Organizations should create secure development environments and integration efforts for the entire life cycle of system development and should be adequately protected. Implementation Guidance – A secure development environment includes people, processes, and technology in …

ISO 27001 Annex : A.14.2.6 Secure Development Environment, A.14.2.7 Outsourced Development, A.14.2.8 System Security Testing & A.14.2.9 System Acceptance Testing Read More »

ISO-27001-Annex-A.13.2.3-Electronic-Messaging-&-A.13.2.4-Confidentiality-or Non-Disclosure-Agreements

ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements . A.13.2.3  Electronic Messaging Control- Electronic messaging information should be adequately protected. Implementation Guidance – The following should include information security aspects for electronic messages: Protecting messages against unauthorized access, change or denial of services in line with the organization’s classification scheme; ensure that the message is correctly addressed and transported; Service reliability and availability; Legal considerations, such …

ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements Read More »

ISO-27001-Annex-A.11.2.4-Equipment-Maintenance

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article is explained ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises. A.11.2.4  Equipment Maintenance Control- To ensure its continued availability and integrity, the equipment should be correctly maintained. Implementation Guidance- The following equipment maintenance guidelines should be taken into account: Equipment should be maintained according to the service intervals and specifications recommended by the supplier; Repair and service equipment should only be …

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises Read More »

ISO-Annex-A.11.1.3-Securing-Offices-Rooms-and-Facilities

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas, A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control- Physical security should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance- The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The …

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas Read More »

ISO-27001-Annex-A.11-Physica- and-Environmental-Security

ISO 27001 Annex : A.11 Physical and Environmental Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls.  A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the organization’s information and information processing facilities. A.11.1.1 Physical Security Perimeter Control- Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance- When appropriate, for …

ISO 27001 Annex : A.11 Physical and Environmental Security Read More »