policy

ISO-27001-Annex-A.12.3-Backup

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1  Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO-27001-Annex-A.10-Cryptography

ISO 27001 Annex : A.10 Cryptography

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control- A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance- The …

ISO 27001 Annex : A.10 Cryptography Read More »

ISO-27001-Annex : A.9.1.2-Access-to-Networks-and-Network-Services

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services

Leave a Comment / ISO 27001 La, Knowledge Base / By

Control- ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Only network and network facilities which have expressly been approved for use will be made available to users. Implementation Guidance- A policy on the use of networks and network policy should be developed. Following points should be covered in this policy: networks and network infrastructure to which access is permitted; Authorization procedures for determining who is permitted to access which networks and Networking services; …

ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Read More »

ISO-27001-Annex : A.6.2-Mobile-Devices-and-Teleworking

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking its objective is to ensure the security of teleworking and the use of mobile devices. A.6.2.1  Mobile Device Policy  Control- To manage the risks introduced by the use of mobile devices, a policy and supporting safety measures should be adopted.  Implementation Guidance- Special care should be taken when using mobile devices to ensure that business information is not compromised. The policy on mobile devices should take …

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking Read More »

CLAUSE 6.2 Information security -infosavvy

ISO 27001 CLAUSE 6.2 Information security objectives & planning

Leave a Comment / ISO 27001 La, Knowledge Base / By

Objectives and planning ISO 27001 CLAUSE 6.2 Information security objectives & planning to achieve them. Required activity The organization establishes information security objectives and plans to realize them at relevant functions and levels. Implementation Guideline Information security objectives help to implement strategic goals of a corporation also on implement the knowledge security policy. Thereby, objectives in an ISMS are the knowledge security objectives for confidentiality, integrity and availability of data. Information security objectives also help …

ISO 27001 CLAUSE 6.2 Information security objectives & planning Read More »

Forensic-Readiness-planning

Forensic Readiness planning

Leave a Comment / ECIH / By

Forensic readiness planning refers to a set of processes required to achieve and maintain forensic readiness. It is the process of building a structure that enables an organization to deal with legal procedures, following a criminal offence. This structure equips the organization to properly deal with incidents and evidence while covering every side of the criminal procedure. The following steps describe the key activities in Forensic readiness planning: 1. Identify the potential evidence required for …

Forensic Readiness planning Read More »

What-is-Information-Security-Policies copy

What is Information Security & types of Security policies

1 Comment / CyberSecurity / By

Information Security  What is Information Security & types of Security policies form the foundation of a security infrastructure. Data security policy defines the fundamental security needs and rules to be implemented so as to protect and secure organization’s data systems. While not them, it’s attainable} to protect the corporate from possible lawsuits, lost revenue, and bad publicity, to not mention the fundamental security attacks. A security policy could be a high-level document or set of …

What is Information Security & types of Security policies Read More »