Procedures

Review-Policies-and-Laws-of-Forensic-Investigation

Review Policies and Laws of Forensic Investigation

1 Comment / CHFI, Knowledge Base / By

Review Policies and Laws of Forensic Investigation it is essential to be aware of the laws that will be applicable to the investigation, including the organization’s internal policies, before starting the investigation process. Identify possible concerns related to applicable federal statutes, state statutes, and local policies and laws. Applicable federal statutes include the Electronic Communications Privacy Act of 1986 (ECPA) and the Cable Communications Policy Act (CCPA), both as amended by the USA PATRIOT ACT …

Review Policies and Laws of Forensic Investigation Read More »

Understanding-Digital-Evidence-and-It’s-Types

Understanding Digital Evidence and It’s Types

Leave a Comment / CHFI / By

Understanding Digital Evidence in this digital devices utilized in cyberattacks and different security breaches store some knowledge regarding the session, like login user, time, sort of association, science addresses, etc., which may act as proof for prosecuting the assaulter. Digital proof includes all such data that’s either keep or transmitted in digital type and has important price, so serving to investigators notice the wrongdoer. Digital proof is present across computing devices, servers, routers etc. it’s …

Understanding Digital Evidence and It’s Types Read More »

ISO-27001-Annex-A.14.2-Security-in-Development-and-Support-Processes

ISO 27001 Annex : A.14.2 Security in Development and Support Processes

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.14.2  Security in Development and Support Processes It’s objective is ensuring the creation and implementation of information security in the information system development process. A.14.2.1  Secure Development Policy Control- Regulations for software and system development should be laid down and applied to organizational developments. Implementation Guidance – Secure development includes a safe infrastructure, architecture, software, and system to be developed. The following considerations should be taken into account in a stable …

ISO 27001 Annex : A.14.2 Security in Development and Support Processes Read More »

ISO-27001-Annex-A.13.2-Information-Transfer

ISO 27001 Annex : A.13.2 Information Transfer

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13.2  Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1  Information Transfer Policies and Procedures Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit …

ISO 27001 Annex : A.13.2 Information Transfer Read More »

ISO-27001-Annex-A.12.6-Technical-Vulnerability-Management

ISO 27001 Annex : A.12.6 Technical Vulnerability Management

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.6  Technical Vulnerability Management Its objective is to avoid technological vulnerabilities from being exploited. A.12.6.1  Management of Technical Vulnerabilities Control- Information on technological vulnerabilities of information systems used should be obtained in a timely manner, the exposure of the organization to such vulnerabilities should be assessed and appropriate measures taken to address the risk involved Implementation Guidance – An up-to-date and comprehensive asset inventory is necessary for the effective management of …

ISO 27001 Annex : A.12.6 Technical Vulnerability Management Read More »

ISO-27001-Annex-A.12.5-Control-of-Operational-Software

ISO 27001 Annex : A.12.5 Control of Operational Software

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.5 Control of Operational Software Its objective is to ensure operating system integrity. A.12.5.1  Installation of Software on Operational Systems Control- To control the installation of software on operating systems, procedures should be implemented. Implementation Guidance- To control changes in software on operational systems, the following guidelines should be considered: Trained administrators should only upgrade operational software, applications and libraries upon appropriate management permission; Only approved executable code and non-developed code …

ISO 27001 Annex : A.12.5 Control of Operational Software Read More »

ISO-27001-Annex-A.12.3-Backup

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1  Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO-27001-Annex -A.12.2-Protection-from-Malware

ISO 27001 Annex : A.12.2 Protection from Malware

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.2 Protection from Malware It’s objective is ensuring that malware protection is provided to information and information processing facilities. A.12.2.1  Controls Against Malware Control- In combination with appropriate user awareness, the detection, prevention, and recovery controls to protect against malware should be implemented. Implementation guidance Malware protection should be supported by malware detection and repair software, awareness of the safety of information, and adequate system access and management reviews on changes. …

ISO 27001 Annex : A.12.2 Protection from Malware Read More »

ISO-27001-Annex-12-Operations-Security

ISO 27001 Annex : 12 Operations Security

14 Comments / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1  Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1  Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

ISO-Annex-A.11.1.3-Securing-Offices-Rooms-and-Facilities

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas, A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control- Physical security should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance- The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The …

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas Read More »