Security

ISO-27001-Annex-A.13.2-Information-Transfer

ISO 27001 Annex : A.13.2 Information Transfer

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13.2  Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1  Information Transfer Policies and Procedures Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit …

ISO 27001 Annex : A.13.2 Information Transfer Read More »

ISO-27001-Annex-A.13-Communications-Security

ISO 27001 Annex : A.13 Communications Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.13 Communications Security in this article explain A.13.1  Network Security Management, A.13.1.1  Network Controls, A.13.1.2  Security of Network Services, A.13.1.3  Segregation in Networks. A.13.1  Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1  Network Controls Control- To protect information in systems and applications, networks should be managed and monitored. Implementation Guidance – The monitoring of network information security …

ISO 27001 Annex : A.13 Communications Security Read More »

ISO-27001-Annex-A.12.7-Information-Systems-Audit-Considerations

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Its objective is minimizing the impact on operating systems of audit activities. A.12.7.1  Information Systems Audit Controls Control- The audit criteria and activities related to operating system verification should be carefully prepared and decided in order to reduce business process disturbance. Implementation Guidance – It is necessary to follow the following guidance: audit standards for access to systems and data should be negotiated with appropriate management; …

ISO 27001 Annex : A.12.7 Information Systems Audit Considerations Read More »

ISO-27001-Annex-A.12.5-Control-of-Operational-Software

ISO 27001 Annex : A.12.5 Control of Operational Software

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.5 Control of Operational Software Its objective is to ensure operating system integrity. A.12.5.1  Installation of Software on Operational Systems Control- To control the installation of software on operating systems, procedures should be implemented. Implementation Guidance- To control changes in software on operational systems, the following guidelines should be considered: Trained administrators should only upgrade operational software, applications and libraries upon appropriate management permission; Only approved executable code and non-developed code …

ISO 27001 Annex : A.12.5 Control of Operational Software Read More »

ISO-27001-Annex-A.12.3-Backup

ISO 27001 Annex : A.12.3 Backup

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1  Information backup Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to …

ISO 27001 Annex : A.12.3 Backup Read More »

ISO-27001-Annex-12-Operations-Security

ISO 27001 Annex : 12 Operations Security

14 Comments / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1  Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1  Documented Operating Procedures Control-Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should …

ISO 27001 Annex : 12 Operations Security Read More »

ISO-27001-Annex-A.11.2.4-Equipment-Maintenance

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article is explained ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises. A.11.2.4  Equipment Maintenance Control- To ensure its continued availability and integrity, the equipment should be correctly maintained. Implementation Guidance- The following equipment maintenance guidelines should be taken into account: Equipment should be maintained according to the service intervals and specifications recommended by the supplier; Repair and service equipment should only be …

ISO 27001 Annex : A.11.2.4 Equipment Maintenance, A.11.2.5 Removal of Assets & A.11.2.6 Security of Kit and Assets Off-Premises Read More »

ISO-Annex-A.11.1.3-Securing-Offices-Rooms-and-Facilities

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas, A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control- Physical security should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance- The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The …

ISO 27001 Annex : A.11.1.3 Securing Offices, Rooms and Facilities, A.11.1.4 Protecting Against External and Environmental Threats, A.11.1.5 Working in Secure Areas & A.11.1.6 Delivery and Loading Areas Read More »

ISO-27001-Annex-A.11.2 Equipment

ISO 27001 Annex : A.11.2 Equipment

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11.2 Equipment Its objective is to avoid loss, damage, theft, or compromise of assets and disrupt the operations of the organization. A.11.2.1  Equipment Siting and Protection Control- To mitigate the risk of environmental hazards, risks, and unauthorized access, the equipment should be sited and secured. Implementation Guidance- To protect equipment, the following directives should be considered: In order to minimize unnecessary access in work areas, equipment should be sited; Information processing …

ISO 27001 Annex : A.11.2 Equipment Read More »

ISO-27001-Annex-A.11-Physica- and-Environmental-Security

ISO 27001 Annex : A.11 Physical and Environmental Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls.  A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the organization’s information and information processing facilities. A.11.1.1 Physical Security Perimeter Control- Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance- When appropriate, for …

ISO 27001 Annex : A.11 Physical and Environmental Security Read More »