Featured
- Get link
- X
- Other Apps
List of security controls
Structure of security areas
Information security cannot be addressed solely from a technical
approach, various aspects must be considered in at least the following 14
areas:
1. Annex A5.
Security policy:
5. 1
Information security policy: Provide guidance and support from the Directorate
for information security in relation to business requirements and relevant laws
and regulations.
2. Annex A6.
Organizational aspects:
6. 1
Internal organization: Establish a management framework to initiate and control
the implementation and operation of information security within the
organization.
7. 2 Mobile
teleworking devices: To ensure the safety of teleworking and the use of mobile
devices.
3. Annex A7.
HR related security:
7. 1 Before
employment: Ensure that employees, contractors and third party users understand
their responsibilities and are fit for the functions they perform. Reduce the
risk of theft, fraud and misuse of facilities and media.
8. 2 During
employment: Ensure that employees, contractors and third parties are aware of
security threats, of their responsibilities and obligations and that they are
equipped to comply with the organization's security policy in the performance
of their daily tasks, to reduce the risk associated with human error.
9. 3 At the
termination of the employment relationship: Protect the interests of the
organization when employees, contractors and third parties leave the
organization.
4. Annex A8.
Asset Management:
8. 1 Asset
Responsibility: Identify the organization's assets and define appropriate
protection responsibilities.
9. 2
Classification of information: Ensure that information receives an adequate
level of protection according to its importance to the organization.
10. 3
Manipulation of the supports: Avoid the disclosure, modification, withdrawal or
destruction of unauthorized assets and interruptions in the activities of the
organization.
5. Annex A9.
Access control:
9. 1
Business requirements versus access control: Limit access to information and
information processing facilities.
10. 2 User
access management: Guarantee access to authorized users and prevent unauthorized
access to information systems.
11. 3
Responsibilities of the users: Prevent the access of unauthorized users and the
compromise or theft of information and resources for the treatment of the
information.
12. 4 System
and application access control: Prevent unauthorized access to systems and
applications
6. Annex
A10. Cryptography:
10. 1
Cryptography: Ensuring proper and efficient use of cryptography to protect the
confidentiality, authenticity and / or integrity of the information.
7. Annex
A11. Physical and environmental security:
11. 1 Safe
areas: Avoid unauthorized physical access, damage or intrusion into the
facilities and the organization's information.
12. 2 Equipment
security: Prevent the loss, damage, theft or endangerment of assets and
interruption of the organization's activities.
- Get link
- X
- Other Apps
Popular Posts
Everything You Need to about Tension Control Bolts
- Get link
- X
- Other Apps
Inadequate Password Complexity Policies
- Get link
- X
- Other Apps