fbpx

Procedures

CISSP Understand and Support Investigations – Bk1D7T1

Understand and Support Investigations in this the purpose of performing investigations is to gather facts so that an informed decision or conclusion can be made or so that an action can be taken with confidence. The output provided by an investigation is a collection of evidence, analysis, and documentation to refer to in the future and to prove that the appropriate level of rigor was taken to arrive at the decision or action taken. In …

CISSP Understand and Support Investigations – Bk1D7T1 Read More »

CISSP Policy Development – Bk1D1T6St2

Policy Development This hierarchy of instructions allows different levels of the organization to shape the security practice. In setting the rules for the expected behavior, the organization can require individuals to account for performance. A formal informational hierarchy communicates to a broad range of stakeholders the importance of information security practice to the organization. Critical to the enforcement of organizational expectations are clarity and simplicity. If the policy or procedure is too detailed or complex, …

CISSP Policy Development – Bk1D1T6St2 Read More »

CISSP Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines – Bk1D1T6St1

Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines As an organization grows and matures, the need to effectively communicate expectations to the workforce becomes increasingly important. Organizations communicate through a series of documents, aimed at different audiences with different levels of detail. A well-structured set of organizational policies, standards, procedures, and guidelines give consistent guidance to members of the organization, specifying responsibilities for individuals and making clear the consequences for noncompliance. Clear policies …

CISSP Develop, Document, and Implement Security Policy, Standards, Procedures, and Guidelines – Bk1D1T6St1 Read More »

ISO-27001-Annex-A.18.1.3-Protection-of-Records

ISO 27001 Annex : A.18.1.3 Protection of Records, A.18.1.4 Privacy and Protection of Personally Identifiable Information and A.18.1.5 Regulation of Cryptographic Controls

In this article explain ISO 27001 Annex : A.18.1.3 Protection of Records, A.18.1.4 Privacy and Protection of Personally Identifiable Information and A.18.1.5 Regulation of Cryptographic Controls this contols. A.18.1.3 Protection of Records Control- ISO 27001 Annex : A.18.1.3 Protection of Records Records shall, in accordance with the provisions to legislative, regulatory, contractual, and business requirements, to protect from loss, destruction, falsification, and unauthorized access and unauthorized release. Implementation Guidance- The related classification based on the …

ISO 27001 Annex : A.18.1.3 Protection of Records, A.18.1.4 Privacy and Protection of Personally Identifiable Information and A.18.1.5 Regulation of Cryptographic Controls Read More »

ISO-27001-Annex-A.17.1.3-Verify-Review-and-Evaluate-Information-Security-Continuity

ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity

Control- ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity In order to ensure accurate and productive to adverse circumstances, the company must review on-going controls on safety information defined and enforced at regular intervals. Implementation Guidance- Changes in organizational, technological, administrative and procedures, whether operational or framework, will lead to changes in the criteria for the continuity of information security. In such cases, the continuity of information security processes, procedures and …

ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity Read More »

ISO-27001-Annex-A.17-Information-Security-Aspects-of-Business-Continuity-Management

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management in this article explain Information Security Continuity, Planning Information Security Continuity and Implementing Information Security Continuity this contols. A.17.1 Information Security Continuity Its objective is the continuity of information security should be integrated into the business continuity management processes of the organization. A17.1.1 Planning Information Security Continuity Control – In adverse circumstances, e.g. during a crisis or a catastrophe, the company will determine …

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management Read More »

ISO-27001-Annex-A.16.1.5-Response-to-Information-Security-Incidents

ISO 27001 Annex : A.16.1.5 Response to Information Security Incidents, A.16.1.6 Learning from Information Security Incidents & A.16.1.7 Collection of Evidence

In this article explain ISO 27001 Annex : A.16.1.5 Response to Information Security Incidents, A.16.1.6 Learning from Information Security Incidents & A.16.1.7 Collection of Evidence this controls. A.16.1.5 Response to Information Security Incidents Control- In the context of the documented procedures, information security incidents should be responded to. Implementation Guidance- A nominated point of contact and other pertinent people within the organization or external parties should be able to respond to information security incidents. The …

ISO 27001 Annex : A.16.1.5 Response to Information Security Incidents, A.16.1.6 Learning from Information Security Incidents & A.16.1.7 Collection of Evidence Read More »

ISO-27001-Annex-A.16-Information-Security-Incident-Management

ISO 27001 Annex : A.16 Information Security Incident Management

ISO 27001 Annex : A.16 Information Security Incident Management in this aerticle explain Management of Information Security Incidents and Improvements and there Responsibilities & Procedures. A.16.1 Management of Information Security Incidents and Improvements It’s objective is to ensure a clear and successful strategy, including communication on security incidents and vulnerabilities, for information security incidents management. A.16.1.1 Responsibilities and Procedures Control- In order to ensure a quick, efficient, and organized response to ISO 27001 Annex : …

ISO 27001 Annex : A.16 Information Security Incident Management Read More »

ISO-27001-Annex-A.15.2-Supplier-Service-Delivery-Management

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management It’s objective is to maintain, in compliance with supplier agreements, an agreed level of information security and delivery of service. A.15.2.1  Monitoring and Review of Supplier Services Control- Organizations shall monitor, review and audit the provision of service to suppliers on a regular basis. Implementation Guidance – Monitoring and review of supplier services will ensure respect for the terms and conditions of information security of the …

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management Read More »

ISO 27001 Annex : A.15 Supplier Relationships

ISO 27001 Annex : A.15 Supplier Relationships in this article explaining Information Security in Supplier Relationships, and there policies . A.15.1  Information Security in Supplier Relationships It’s objective is ensuring the security of assets accessible to suppliers of the organization. A.15.1.1  Information Security Policy for Supplier Relationships Control- The supplier should be agreed with and documented information security requirements related to the risk mitigation of access by suppliers to organizational assets. “The company becomes more …

ISO 27001 Annex : A.15 Supplier Relationships Read More »