organization

ISO-27001-Annex-A.9.2-User-Access-Management

ISO 27001 Annex : A.9.2 User Access Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.9.2 User Access Management Its objective is to ensure approved user access and avoid unauthorized access to systems and facilities. A.9.2.1 User registration and de-registration Control- In order to allow the assignment of access rights, a systematic process of user registration and de-registration should be enforced. Implementation guidance- The process to manage user IDs should include: Use unique user IDs to encourage users to be connected to and hold accountable for …

ISO 27001 Annex : A.9.2 User Access Management Read More »

ISO-27001-Annex : A.8.2.2-Labeling-of-Information

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets is based on ISO in this article these two topic has been explained. A.8.2.2 Labeling of Information Control- A.8.2.2 Labeling of Information In accordance with the information classification scheme adopted by the organization an adequate set of methods for labeling information should be established and implemented. Implementation Guidance- Information labeling procedures need to cover information in physical and electronic formats and its …

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets Read More »

Annex A.8.2.2 Labeling of Information

ISO 27001 Annex : A.8.2 Information Classification

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.2 Information Classification Its objective is To ensure that the information is properly secured, in accordance with its significance to the organization. A.8.2.1 Classification of Information Control- Information should be classification the basis of their legal provisions, criticality, and vulnerability to unwanted release or alteration Implementation Guidance- Classifications and associated information security measures will also include regulatory standards, which take into account market demands for information sharing or restriction. Assets other …

ISO 27001 Annex : A.8.2 Information Classification Read More »

ISO-27001-Annex-A.8-Asset-Management

ISO 27001 Annex : A.8 Asset Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

A.8.1 Responsibility for Assets ISO 27001 Annex : A.8 Asset Management Its objective is to identify and establish acceptable security responsibilities for the organization’s assets . A.8.1.1 Inventory of Assets Control- Assets related to information and information facilities of an organization should be identified and listed, inventory of these assets should also be maintained. Implementation Guidance- An organization will identify important assets in the information lifecycle, and document their importance. The life-cycle of information should …

ISO 27001 Annex : A.8 Asset Management Read More »

ISO-27001-Annex : A.7.2-During-Employment

ISO 27001 Annex : A.7.2 During Employment

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.7.2 During Employment Its objective is to make sure that employees and contractors are conscious of and fulfill their information security responsibilities. A.7.2.1 Management Responsibilities Control- Management should mandate all employees and contractors to exercise information security in accordance with established policies and procedures set by the organization. Implementation Guidance- Responsibilities for management should include ensuring employees and contractors are: Are adequately briefed about information security role and responsibilities before given …

ISO 27001 Annex : A.7.2 During Employment Read More »

ISO-27001-Annex : A.7-Human-Resource-Security

ISO 27001 Annex : A.7 Human Resource Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

A.7.1  Prior to Employment ISO 27001 Annex : A.7 Human Resource Security Its object is to make sure both employees and vendors recognize their duties and are suitable for their positions. A.7.1.1  Screening Control- Background verification checks on all job applicants will be performed in compliance with applicable rules, legislation, and ethics and should be proportionate to business criteria, classification of the information to be obtained, and potential risks. Implementation Guidance- All applicable privacy, personal identity …

ISO 27001 Annex : A.7 Human Resource Security Read More »

ISO-27001-Annex : A.6-Organization-of-Information-Security

ISO 27001 Annex : A.6 Organization of Information Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

6.1 Internal Organization ISO 27001 Annex : A.6 Organization of Information Security its object is to establish a management framework for initiating and controlling the implementation and functioning of information security within the organization. 6.1.1 Information Security Roles and Responsibilities Control- All responsibilities related to information security should be well defined and assigned. Implementation Guidance- Allocation of information security responsibilities should be carried out in compliance with information security policies (Refer A.5.1.1). Responsibilities for the …

ISO 27001 Annex : A.6 Organization of Information Security Read More »

CLAUSE 6.2 Information security -infosavvy

ISO 27001 CLAUSE 6.2 Information security objectives & planning

Leave a Comment / ISO 27001 La, Knowledge Base / By

Objectives and planning ISO 27001 CLAUSE 6.2 Information security objectives & planning to achieve them. Required activity The organization establishes information security objectives and plans to realize them at relevant functions and levels. Implementation Guideline Information security objectives help to implement strategic goals of a corporation also on implement the knowledge security policy. Thereby, objectives in an ISMS are the knowledge security objectives for confidentiality, integrity and availability of data. Information security objectives also help …

ISO 27001 CLAUSE 6.2 Information security objectives & planning Read More »

Information-security-risk-treatment

ISO 27001 Clause 6.1.3 Information security risk treatment

1 Comment / ISO 27001 La, Knowledge Base / By

Information-security-risk-treatment Required activity The organization defines and applies an information security risk treatment process.  Implementation Guideline Information security risk treatment is that the overall process of choosing risk treatment options, determining appropriate controls to implement such options, formulating a risk treatment plan and obtaining approval of the Risk treatment plan by the Risk owner(s).All steps of the knowledge security risk treatment process also because the results of its application are retained by the organization as …

ISO 27001 Clause 6.1.3 Information security risk treatment Read More »

Understanding the organization -infosavvy

ISO 27001 Implementation Guidelines clause 4.1

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Implementation Guidelines clause 4.1, this concept would be clear over here through this article etc. Understanding the organization and its context Required activity The organization determines external and internal issues relevant to its purpose and affecting its ability to realize the intended outcome(s) of the knowledge security management system (ISMS). Explanation As an integral function of the ISMS, the organization continually analyses itself and therefore the world surrounding it. This analysis cares with …

ISO 27001 Implementation Guidelines clause 4.1 Read More »