ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services
Control- ISO 27001 Annex : A.9.1.2 Access to Networks and Network Services Only network and network facilities which have expressly been approved for use will be made available to users.
Implementation Guidance- A policy on the use of networks and network policy should be developed. Following points should be covered in this policy:
- networks and network infrastructure to which access is permitted;
- Authorization procedures for determining who is permitted to access which networks and Networking services;
- Management processes and policies for securing access to network interfaces and network services;
- the medium for networking and network services (for example, using VPN or wireless network);
- Access to various network services requires user authentication;
- Network service usage monitoring.
The network services policy should comply with the access control policy of the organization.
Related Product : ISO 27001 Lead Auditor Training And Certification ISMS
Other information- Unauthorized and insecure network connections will impact the entire organization. Such monitoring is especially essential for network connections to sensitive or vital business applications or users in high-risk environments, e.g. public or external areas beyond the management and control of information security of an organization.
I dream of Digital India where Cybersecurity becomes an integral part of our National Security--PM. Narendra Modi
Also Read : ISO 27001 Annex : A.9 Access Control
In order to keep the organization’s assets (including network and networking services) safe, certain access controls are required to prevent unauthorized users from accessing your network. The guidelines that policy for access management, access rights, and limitations of specific user roles on the network are being defined in Annex 9.1.2 of Standard 27002. At Infosavvy, we do have certain standards to follow to ensure that our network system security and that we apply for one of the most important information security certificates. i.e. IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (TÜV SÜD Certification). Our well-trained and professional trainers will help you by providing you with comprehensive information and several examples to enhance an applicant’s ability to handle network security management, to ensure the right access to the right user and at the right place.
Read More : https://www.info-savvy.com/iso-27001-annex-a-9-1-2-access-to-networks-and-network-services/
------------------------------------------------------------------------------------------------------------
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
Comments
Post a Comment