ISO 27001 Annex : A.9 Access Control
A.9.1 Business Requirements of Access Control ISO 27001 Annex : A.9 Access Control Its Objective is limiting the access to information and information processing facilities. A.9.1.1 Access Control Policy Control- An access control policy with supporting business and information security requirements should be established, documented, and reviewed. Implementation Guidance- Asset owners should lay down appropriate rules for access control, access rights, and limits on particular user roles to their assets, with the level of info and the strictness of controls representing the related information security risks . Access controls are both logical as well as practical, so they should be taken together. Users and service providers should be provided with a clear, transparent statement of the business requirements that access controls should meet. The inbox is always open in my brain, and anyone can get in any time and access me. Turnin...