IT Management & Cyber Security

A.9.1 Business Requirements of Access Control ISO 27001 Annex : A.9 Access Control  Its Objective is  limiting the access to information and information processing facilities. A.9.1.1 Access Control Policy Control-  An access control policy with supporting business and  information security  requirements should be established, documented, and reviewed. Implementation Guidance-  Asset owners should lay down appropriate rules for access control, access rights, and limits on particular user roles to their assets, with the level of info and the strictness of controls representing the related  information security risks . Access controls are both logical as well as practical, so they should be taken together. Users and service providers should be provided with a clear, transparent statement of the business requirements that access controls should meet. The inbox is always open in my brain, and anyone can get in any time and access me. Turnin...

ISO 27001 Annex : A.8.3 Media Handling  Its objective is  to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media. A.8.3.1 Management of Removable Media Control-  Procedures shall be implemented for the  management  of removable media in accordance with the classification scheme adopted by the organization. Implementation Guidance-  The following guidelines should be considered for the management of removable media: If not needed, the contents of any reusable media that are to be removed from the  organization  should be made unrecoverable; Where applicable and practicable, authorization should be needed for the removal of media from the company and a record of these removals should be maintained in order to preserve the audit trail; In compliance with manufacturers’ standards, all media should be kept in a secure and safe environment; Where confidentiality or integrity of data is im...

ISO 27001 Annex : A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets this is a part of assets management previous article was based on same which is continue in this article. A.8.1.3 Acceptable Use of Assets Control-  Rules should be identified, documented, and implemented for the acceptable use of information and assets linked to information and information processing facilities. Implementation Guidance-  The  information security  requirements of the organization’s assets along with information and information processing facilities and resources should be made aware to employees and external users who use or have access to the company ‘s assets. They will be responsible for their use and all other usage carried out on their own responsibility, of any information processing services. Related Product :  ISO 27001 Lead Auditor Training And Certification ISMS A.8.1.4 Return of Assets Control-  Both workers and external stakehold...

A.8.1 Responsibility for Assets ISO 27001 Annex : A.8 Asset Management  Its objective is to  identify and establish acceptable  security responsibilities  for the organization’s assets  . A.8.1.1 Inventory of Assets Control-  Assets related to information and information facilities of an  organization  should be identified and listed, inventory of these assets should also be maintained. Implementation Guidance-  An organization will identify important assets in the information lifecycle, and document their importance. The life-cycle of information should include creation, processing, storage, transmission, deletion, and destruction. Documentation of specific or current inventories should be maintained, as per need. The inventory of assets should be accurate, up to date, compatible, and matched with other inventories. The ownership of the asset should be allocated to each of the specified assets and the classification should be ...