Security

ISO-27001-Annex-A.9.3-User-Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »

Annex-A.9-Access-Control

ISO 27001 Annex : A.9 Access Control

Leave a Comment / ISO 27001 La, Knowledge Base / By

A.9.1 Business Requirements of Access Control ISO 27001 Annex : A.9 Access Control Its Objective is limiting the access to information and information processing facilities. A.9.1.1 Access Control Policy Control- An access control policy with supporting business and information security requirements should be established, documented, and reviewed. Implementation Guidance- Asset owners should lay down appropriate rules for access control, access rights, and limits on particular user roles to their assets, with the level of info …

ISO 27001 Annex : A.9 Access Control Read More »

ISO-27001-Annex : A.8.2.2-Labeling-of-Information

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets is based on ISO in this article these two topic has been explained. A.8.2.2 Labeling of Information Control- A.8.2.2 Labeling of Information In accordance with the information classification scheme adopted by the organization an adequate set of methods for labeling information should be established and implemented. Implementation Guidance- Information labeling procedures need to cover information in physical and electronic formats and its …

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets Read More »

Annex A.8.2.2 Labeling of Information

ISO 27001 Annex : A.8.2 Information Classification

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.8.2 Information Classification Its objective is To ensure that the information is properly secured, in accordance with its significance to the organization. A.8.2.1 Classification of Information Control- Information should be classification the basis of their legal provisions, criticality, and vulnerability to unwanted release or alteration Implementation Guidance- Classifications and associated information security measures will also include regulatory standards, which take into account market demands for information sharing or restriction. Assets other …

ISO 27001 Annex : A.8.2 Information Classification Read More »

ISO-27001-Annex : A.7.3-Termination-and-Change-of-Employment

ISO 27001 Annex : A.7.3 Termination and Change of Employment

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.7.3 Termination and Change of Employment Its objective is to safeguard the interests of the organization as part of the adjustment or termination of employment. A.7.3.1 Termination or change of Employment Responsibilities Control- Responsibility and information security requirements that continue to be valid following termination or change of employment must be defined, communicated to, and implemented by the employee or contractor. Implementation Guidance- Communication of termination duties may include on-going information …

ISO 27001 Annex : A.7.3 Termination and Change of Employment Read More »

ISO-27001-Annex : A.7.2-During-Employment

ISO 27001 Annex : A.7.2 During Employment

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.7.2 During Employment Its objective is to make sure that employees and contractors are conscious of and fulfill their information security responsibilities. A.7.2.1 Management Responsibilities Control- Management should mandate all employees and contractors to exercise information security in accordance with established policies and procedures set by the organization. Implementation Guidance- Responsibilities for management should include ensuring employees and contractors are: Are adequately briefed about information security role and responsibilities before given …

ISO 27001 Annex : A.7.2 During Employment Read More »

ISO-27001-Annex : A.7-Human-Resource-Security

ISO 27001 Annex : A.7 Human Resource Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

A.7.1  Prior to Employment ISO 27001 Annex : A.7 Human Resource Security Its object is to make sure both employees and vendors recognize their duties and are suitable for their positions. A.7.1.1  Screening Control- Background verification checks on all job applicants will be performed in compliance with applicable rules, legislation, and ethics and should be proportionate to business criteria, classification of the information to be obtained, and potential risks. Implementation Guidance- All applicable privacy, personal identity …

ISO 27001 Annex : A.7 Human Resource Security Read More »

ISO-27001-Annex : A.6.2-Mobile-Devices-and-Teleworking

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking

Leave a Comment / ISO 27001 La, Knowledge Base / By

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking its objective is to ensure the security of teleworking and the use of mobile devices. A.6.2.1  Mobile Device Policy  Control- To manage the risks introduced by the use of mobile devices, a policy and supporting safety measures should be adopted.  Implementation Guidance- Special care should be taken when using mobile devices to ensure that business information is not compromised. The policy on mobile devices should take …

ISO 27001 Annex : A.6.2 Mobile Devices and Teleworking Read More »

ISO-27001-Annex : A.6-Organization-of-Information-Security

ISO 27001 Annex : A.6 Organization of Information Security

Leave a Comment / ISO 27001 La, Knowledge Base / By

6.1 Internal Organization ISO 27001 Annex : A.6 Organization of Information Security its object is to establish a management framework for initiating and controlling the implementation and functioning of information security within the organization. 6.1.1 Information Security Roles and Responsibilities Control- All responsibilities related to information security should be well defined and assigned. Implementation Guidance- Allocation of information security responsibilities should be carried out in compliance with information security policies (Refer A.5.1.1). Responsibilities for the …

ISO 27001 Annex : A.6 Organization of Information Security Read More »

Overview of Network Security Objectives

Leave a Comment / CCNA / By

Overview of Network Security Objectives this blog is based on Understanding Network and Information Security with it’s objective Confidentiality, Integrity and Availability etc. Understanding Network and information Security Basics Security is very important, and therefore the lack of it risks financial, legal, political, and PR implications. This section covers a number of the concepts, terms, and methodologies employed in preparing for and dealing with secure networks. Network Security Objectives When considering networks, you’ll view them …

Overview of Network Security Objectives Read More »