IT Management & Cyber Security

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to  ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control-  A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance-  The following should be considered when designing a cryptographic policy: A management guide to the use of cryptographic controls across the organization, including the general principles by which business  information  should be protected; Based on the risk assessment, the necessary level of security should be calculated taking into account the type, strength, and quality of the encryption algorithm necessary...

ISO 27001 Annex : A.9.4 System and Application Access Control  Its objective is  to put a stop to unauthorized access to systems and applications. A.9.4.1 Information Access Restriction Control-  Access to information and application system functions should be limited in compliance with the policy on access control. Implementation Guidance-  Access controls  should be based on individual requirements for business applications and in compliance with a specified access control policy. In order to meet access restriction criteria, the following should be considered:- Provide menus for controlling access to application system functions; Controlling which data a particular user can access; Control  user access  permission, e.g. read, write, delete, and execute; Control of the access permission to other applications; Restrict the information contained in the outputs; Physical or logical access controls for sensitive applications, applicat...