iso 270001 management clause - 6
TRANSCRIPT
iFour Consultancy
ISMS Framework: Clause 6 – Organization of Information Security
ISO 27001:2013 has classified the Organization of Information Security into:Clause A.6.1: Internal OrganizationClause A.6.2: Mobile devices and Teleworking
Organization of Information Security – ISMS Requirements
ISO for Software Outsourcing Companies in India
To establish a management framework to initiate and control the implementation operation of information security within the organization.
Clause A.6.1: Internal Organization
Objective
A.6.1.1 Information security roles and responsibilities
A.6.1.2 Segregation of duties
A.6.1.3 Contact with authorities
A.6.1.4 Contact with special interest groups
A.6.1.5 Information security in project management
Identification of the individual/individuals responsible for security of each information facility
Clear definition and identification of assets and associated security controls for each information facility
A.6.1.1 Information Security Roles and Responsibilities
ISO for Software Outsourcing Companies in India
Control• All information security responsibilities shall be defined and allocated.
A.6.1.2 Segregation of Duties
The first is the prevention of conflict of interest, the appearance of conflict of interest, wrongful acts, fraud, abuse and errors.
The second is the detection of control failures that include security breaches, information theft, and circumvention of security controls.
Control• Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for
unauthorized or unintentional modification or misuse of the organization’s assets.
A.6.1.3 Contact with Authorities
Specification of the manner and timing in which breaches shall be communicated to external authorities so as to ensure appropriate reporting
Development of procedures, policies and contact lists that specify by whom and when external authorities should be contacted
Control• Appropriate contacts with relevant authorities shall be maintained.
A.6.1.4 Contact with Special Interest Groups
Control
• Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.
A.6.1.5 Information Security in Project Management
set out the basics of how information security should be considered as part of the overall framework of the project management with organization
creation of “mini-ISMS” within the project to ensure that risks are identified and managed
Control• Information security shall be addressed in project management, regardless of the type of the
project.
To ensure the security of teleworking and use of mobile devices.
A.6.2 Mobile Devices and Teleworking
Objective
A.6.2.1 Mobile Device Policy
A.6.2.2 Teleworking Policy
A.6.2.1 Mobile Device Policy
Regular data backups for stored sensitive data
Physical security measures
Secure communication methods for transmitted data such as Virtual Private Network
Updates for operating system and other software updating
Access control and appropriate user authentication (biometric-based)
Cryptographic methods for sensitive data
Protective software such as anti-virus and others
A.6.2.2 Teleworking Policy
Environmental and physical security measures
Policies concerning safety of private property used at the site
Appropriate user access control and authentication
Security measures for wireless and wired network configurations at the site
Cryptographic techniques for communications from/to the site and data storage
Data backup at regular intervals and security measures for those backup copies
https://spaces.internet2.edu/display/2014infosecurityguide/Asset+Managementhttp://it.med.miami.edu/x2227.xmlhttp://it.med.miami.edu/x1771.xmlhttps://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&
uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.comhttp://
www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it-security.html
References
ISO for Software Outsourcing Companies in India
Visit our websites :
http://www.ifour-consultancy.com http://www.ifourtechnolab.com
For more details :
ISO for Software Outsourcing Companies in India
THANK YOU