ISO 27001 Annex : A.8.3 Media Handling

-

ISO 27001 Annex : A.8.3 Media Handling Its objective is to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media.
A.8.3.1 Management of Removable Media
Control- Procedures shall be implemented for the management of removable media in accordance with the classification scheme adopted by the organization.
Implementation Guidance- The following guidelines should be considered for the management of removable media:
  1. If not needed, the contents of any reusable media that are to be removed from the organization should be made unrecoverable;
  2. Where applicable and practicable, authorization should be needed for the removal of media from the company and a record of these removals should be maintained in order to preserve the audit trail;
  3. In compliance with manufacturers’ standards, all media should be kept in a secure and safe environment;
  4. Where confidentiality or integrity of data is important, cryptographic techniques for securing data on removable media must be used;
  5. In order to minimize the possibility of media loss when storage data is still needed, the data should be moved to fresh media before being unreadable;
  6. Multiple copies of important data should be stored in different media to further reduce the possibility of accidental data damage or loss;
  7. Registration of removable media should be taken into account to limit the possibility of data loss;
  8. Removable media drives should only be allowed if there is a business purpose to do so;
  9. Where there is a requirement for the use of disposable media, the movement of data to such media will be supervised.
Where there is a need to use disposable media, the transition of data to such devices will be monitored. Procedures and levels of approval will be reported.
A.8.3.2 Disposal of Media
Control- When not required by specific protocols, media should be disposed of securely.
Implementation Guidance- Formal protocols for the secure disposal of media should be established to reduce the possibility of leakage of sensitive information to unauthorized persons. The protocols for the secure processing of sensitive information media should be proportionate to the sensitivity of that material.
Following should be taken into account:-
  1. Confidential media should be processed and disposed of safely through, e.g. by incineration or shredding, or data erasure for use by another application within an organization.
  2. Procedures should be in place to identify the items that could need safe disposal
  3. Instead of trying to isolate important objects, it could be better to plan to safely collect and dispose of all media items;
  4. Many organizations offer media collection and disposal services; care must be taken to select a suitable external party with adequate controls and experience;
  5. In order to maintain an audit trail, the disposal of confidential items will be logged.
The aggregation effect should be taken into account when collecting media for disposal, and a large number of sensitive information can become vulnerable.
For a healthy business, identifying the assets, making an inventory of the assets, and then secure disposal. At Infosavvy we have our trainers as our assets who are skilled and well-trained in various courses in the field of information security and we are also eligible for one of the most important certificates in the area of information security. i.e. IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (TĂśV SĂśD Certification) . Our trainers can empower you to do better asset management by providing you with in-depth information and numerous examples for the same, helping the applicant to improve their skills and do well.
Other Information- Damaged devices containing sensitive data can require a risk assessment to evaluate the physical loss of objects instead of being sent to them for repair or discharge.
A.8.3.3 Physical Media Transfer
Control- Information media should be protected from unauthorized access, misuse or corruption during transportation.
Implementation Guidance- For the safety of media containing information transported, the following guidelines should be considered:
  1. Reliable transport or the use of couriers;
  2. Management should agree on a list of authorized couriers;
  3. procedures should be established for verifying courier identification;
  4. Packaging should probably be sufficient to safeguard the content from any physical damage likely to occur during transit and to protect the content against environmental factors such as exposure to heat, humidity, or electromagnetic fields which could reduce media recovering efficiency.
  5. Logs should be maintained, the content of the media should be established, the security applied, and times of transfer to custodians and reception should be reported at the destination.

--------------------------------------------------------------------------------------------------------------------------

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com

Comments

Post a Comment

Popular posts from this blog

ISO 27001 Annex : A.5 Information Security Policies

-
Image
5. 1  Management direction for information security ISO 27001 Annex : A.5 Information Security Policies, Its objective is to provide management guidance and  information security  assistance in accordance with business requirements and relevant laws and regulations. 5.1.1 Policies for Information Security Control-   A set of information security policies should be established, managed accepted, published and communicated to the employees and related external parties. Implementation Guidance-  At the very least companies need to identify a management-approved “information security strategy,” which outlines the organization’s approach to managing its information security goals. Information security policies should meet criteria that have been created by: Business strategy; Regulations, legislation and contracts; The present and projected  information security threat  environment Related Product :   ISO 27001 Lead Auditor Training And Certification ISMS The informa
Read more

10 Secrets You Will Never Know About Cyber Security And Its Important

-
Image
Know about Cyber Security Whether you’re a techie or not, there’s a good chance that your life is very reliant on the net and its wonders. Your social media accounts are likely humming, and you recognize your way round the IOT devices you employ . All of those devices connect you to the cyber world in a method or another. Here are 12 things to understand about  cyber security . And once you are sharing such a lot of your data online daily, you may also care about your cyber security.  If you’ve always thought cyber security are a few things only big companies got to care about change your mind, now. Cyber security is as critical on a private level, because it is on a company’s level. Besides, there’s hardly any job or profession, that’s not supported technology. With  jobs or a career in mind , you need to understand what threatens your security online and what you’ll be able to do to stay your data secure. 1  You’re a target to hackers Don’t ever say “It won’t happen t
Read more

Top 5 Key Elements of an Information Security

-
Image
Top 5 Key Elements of an Information Security and its critical elements, including systems and hardware that use, store, and transmit that information. Necessary tools: policy, awareness, training, education, technology etc. IS is the application of measures to ensure the safety and privacy of data by managing its storage and distribution. Information security has both technical and also social implications. Information security system is the process of protecting and securing the data from unauthorized access, disclosure, destruction or disruption. An organization that attempt to compose a operating ISP must have well-defined objectives regarding  security  And strategy. On that management have reached an agreement. Any existing dissonances during this context could render the data security policy project dysfunctional. The foremost necessary factor that a security skilled should bear in mind is that his knowing. The protection management practices would allow him to include t
Read more