IT Management & Cyber Security

  ISO 27001 Annex : A.15.2 Supplier Service Delivery Management  It’s objective  is to maintain, in compliance with supplier agreements, an agreed level of information security and delivery of service. A.15.2.1  Monitoring and Review of Supplier Services Control-  Organizations shall  monitor, review  and audit the provision of service to suppliers on a regular basis. Implementation Guidance –  Monitoring and review of  supplier services  will ensure respect for the terms and conditions of information security of the arrangement and careful monitoring of incidents and issues related to  information security . This will include a process of service management between the client and the supplier: Monitor the level of service performance to verify agreement compliance; Review the supplier’s service reports and schedule progress meetings on a regular basis as required by the agreements; conduct supplier audits and follow-up on reported ...

In this article explained ISO 27001 Annex : A.11.1.3 Securing Offices Rooms  and Facilities,  A.11.1.4 Protecting Against External and Environmental Threats,  A.11.1.5 Working in Secure Areas,  A.11.1.6 Delivery and Loading Areas. A.11.1.3 Securing Offices, Rooms and Facilities Control-  Physical  security  should be designed and implemented for the offices, rooms, and facilities. Implementation Guidance-  The following guidelines for safeguarding offices, spaces, and services should be considered: Key facilities should be situated to avoid public access; The presence of the information processing activities should be indicated unobtrusively where appropriate and offer a minimum indication of their intent and no obvious signs outside or inside the building; In order to avoid sensitive information or events that are visible and audible outside, facilities should be installed. Electromagnetic security should also be taken into account...

ISO 27001 Annex : A.11 Physical and Environmental Security in this article explain Secure areas, Physical Security Perimeter and Physical Entry Controls.  A.11.1 Secure areas Its objective is to avoid unauthorized physical access, damage and interference with the  organization’s information  and information processing facilities. A.11.1.1 Physical Security Perimeter Control-  Security perimeters should be established in order to secure areas that contain either sensitive or confidential information and information processing facilities. Implementation Guidance-  When appropriate, for physical security perimeters, the following guidelines should be considered and implemented: Security perimeters should be established and the location and intensity of each perimeter should depend on the security requirements of the assets inside the perimeter and on the results of the  risk assessment ; The building or facility perimeters should be physicall...

ISO 27001 Annex : A.10 Cryptography in this article explaining Cryptographic controls, Policy on the Utilization of Cryptographic Controls & Key Management. A.10.1 Cryptographic controls Its objective is to  ensure the proper and efficient use of cryptography to protect the confidentiality, authenticity and/or integrity of the information. A.10.1.1 Policy on the Utilization of Cryptographic Controls Control-  A policy on the use of cryptographic controls to secure information should be developed and enforced. Implementation Guidance-  The following should be considered when designing a cryptographic policy: A management guide to the use of cryptographic controls across the organization, including the general principles by which business  information  should be protected; Based on the risk assessment, the necessary level of security should be calculated taking into account the type, strength, and quality of the encryption algorithm necessary...