IT Management & Cyber Security

ISO 27001 : Annex 14 System Acquisition , Development and Maintenance in this article is explain  A.14.1  Security Requirements of Information Systems & A.14.1.1  Information Security Requirements Analysis and Specification . A.14.1  Security Requirements of Information Systems Its objective is ensuring the  information management  for the entire lifecycle is an important part of information systems. This also includes the information systems requirements that provide services over a public network. A.14.1.1  Information Security Requirements Analysis and Specification Control-   Information security  requirements for new information systems or enhancements to existing information systems should be included Implementation Guidance –  Information security needs should be defined using various approaches such as derivation of policy and regulation enforcement criteria, threat analysis, incident assessment, and the use of thresholds of  vulnerability . All stakeholders will log and re

In this article explain ISO 27001 Annex : A.13.2.3 Electronic Messaging & A.13.2.4 Confidentiality or Non-Disclosure Agreements . A.13.2.3  Electronic Messaging Control-  Electronic messaging information should be adequately protected. Implementation Guidance –   The following should include information security aspects for electronic messages: Protecting messages against unauthorized access, change or denial of services in line with the organization’s  classification  scheme; ensure that the message is correctly addressed and transported; Service reliability and availability; Legal considerations, such as electronic signature requirements; Approval before using external public authorities, such as instant messaging,  social networking  or sharing of files; Stronger standards of publicly accessible network authentication  access management . Other Information –  There are various kinds of messages, such as e-mail systems, an exchange of electronic data, and social networking. Relat

ISO 27001 Annex : A.13.2  Information Transfer  Its objective  is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1  Information Transfer Policies and Procedures Control-   In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance –  The following items should be addressed in the procedures and controls required to use communications facilities to transmit information: Procedures to prevent interception, copying, altering, misrouting or destruction of transmitted information; Procedures to detect and protect malware from electronic communications which can be transmitted; Procedures for the protection of communicated electronically sensitive information in the form of an attachment; Guidelines or rules specifying an appropriate usage of communication facilities ( refer to 8.1.3 ); The moral duty of, ext

  ISO 27001 Annex : A.13 Communications Security in this article explain  A.13.1  Network Security Management,  A.13.1.1  Network Controls,  A.13.1.2  Security of Network Services,  A.13.1.3  Segregation in Networks. A.13.1  Network Security Management It’s objective is to ensure the security and supporting information processing facilities of the information in a network. A.13.1.1  Network Controls Control-  To protect  information in systems  and applications, networks should be managed and monitored. Implementation Guidance –  The monitoring of network  information security  and the security of connected networks from unauthorized access should be undertaken. The following things will in particular be taken into account: Networking  equipment management  responsibilities and procedures should be established; Network operational responsibility can, where necessary, be segregated from computer operations; The confidential and integrity of data transmission via public networks and wire