IT Management & Cyber Security

ISO 27001 Annex : A.8.3 Media Handling  Its objective is  to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media. A.8.3.1 Management of Removable Media Control-  Procedures shall be implemented for the  management  of removable media in accordance with the classification scheme adopted by the organization. Implementation Guidance-  The following guidelines should be considered for the management of removable media: If not needed, the contents of any reusable media that are to be removed from the  organization  should be made unrecoverable; Where applicable and practicable, authorization should be needed for the removal of media from the company and a record of these removals should be maintained in order to preserve the audit trail; In compliance with manufacturers’ standards, all media should be kept in a secure and safe environment; Where confidentiality or integrity of data is im...

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets this is a part of assets management previous article was based on same which is continue in this article. A.8.1.3 Acceptable Use of Assets Control-  Rules should be identified, documented, and implemented for the acceptable use of information and assets linked to information and information processing facilities. Implementation Guidance-  The  information security  requirements of the organization’s assets along with information and information processing facilities and resources should be made aware to employees and external users who use or have access to the company ‘s assets. They will be responsible for their use and all other usage carried out on their own responsibility, of any information processing services. Related Product :  ISO 27001 Lead Auditor Training And Certification ISMS A.8.1.4 Return of Assets Control-  Both workers and external stakehold...

ISO 27001 Annex : A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets is based on ISO in this article these two topic has been explained. A.8.2.2 Labeling of Information Control-  A.8.2.2 Labeling of Information In accordance with the information classification scheme adopted by the organization an adequate set of methods for labeling information should be established and implemented. Implementation Guidance-  Information labeling procedures need to cover information in physical and electronic formats and its related assets. The labeling will represent A.8.2.1 defined classification scheme. The labels are to be clearly identifiable. The protocols will provide instructions on where and how labels are applied taking into account whether the information is obtained or the assets are managed based on media forms. The procedures that identify situations where labeling is absent, e.g. non-confidential information labeling to scale back workloads. Employees an...

ISO 27001 Annex : A.8.2 Information Classification  Its objective is  To ensure that the information is properly secured, in accordance with its significance to the organization. A.8.2.1 Classification of Information Control-  Information should be classification the basis of their legal provisions, criticality, and  vulnerability  to unwanted release or alteration Implementation Guidance-  Classifications and associated  information security  measures will also include regulatory standards, which take into account market demands for information sharing or restriction. Assets other than information may also be classified according to the information classification stored, processed, otherwise handled or protected by the asset. Information asset owners would be responsible for their classification. The classification system will include classification standards, as well as classification analysis guidelines over time. The level of sec...