Knowledge Base

A.9.3-User-Responsibilities

A.9.3 User Responsibilities

A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of confidential authentication details (e.g. …

A.9.3 User Responsibilities Read More »

A.9.2.5-Review-of-User-Access-Rights-&-A.9.2.6-Removal-or-Adjustment-of-Access-Rights

A.9.2.5 Review of User Access Rights & A.9.2.6 Removal or Adjustment of Access Rights

In this article A.9.2.5 Review of User Access Rights & A.9.2.6 Removal or Adjustment of Access Rights these two topic has been explained. A.9.2.5 Review of User Access Rights Control- Access rights of users should be reviewed regularly by asset owners. Implementation Guidance- The following should be considered while reviewing the access rights:- Access rights of users should be reviewed at regular intervals and after any changes, such as promotion, demotion or job termination; User …

A.9.2.5 Review of User Access Rights & A.9.2.6 Removal or Adjustment of Access Rights Read More »

a-9-2-3-management-of-privileged-access-rights-a-9-2-4-management-of-secret-authentication-information-of-users

A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users

A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users these two topic is explained in this article. A.9.2.3 Management of Privileged Access Rights Control- A.9.2.3 Management of Privileged Access Rights The allocation and usage of exclusive access privileges will be limited and controlled. Implementation guidance- A structured authorizing procedure in accordance with the appropriate access management policies should monitor the allocation and usage of delegated access privileges. Following steps …

A.9.2.3 Management of Privileged Access Rights & A.9.2.4 Management of Secret Authentication Information of Users Read More »

A.9.2-User-Access-Management

A.9.2 User Access Management

A.9.2 User Access Management Its objective is to ensure approved user access and avoid unauthorized access to systems and facilities. A.9.2.1 User registration and de-registration Control- In order to allow the assignment of access rights, a systematic process of user registration and de-registration should be enforced. Implementation guidance- The process to manage user IDs should include: Use unique user IDs to encourage users to be connected to and hold accountable for their actions; use of …

A.9.2 User Access Management Read More »

A.9.1.2-Access-to-Networks-and-Network-Services

A.9.1.2 Access to Networks and Network Services

Control- A.9.1.2 Access to Networks and Network Services Only network and network facilities which have expressly been approved for use will be made available to users. Implementation Guidance- A policy on the use of networks and network policy should be developed. Following points should be covered in this policy: networks and network infrastructure to which access is permitted; Authorization procedures for determining who is permitted to access which networks and Networking services; Management processes and …

A.9.1.2 Access to Networks and Network Services Read More »

Annex-A.9-Access-Control

Annex A.9 Access Control

A.9.1 Business Requirements of Access Control Annex A.9 Access Control Its Objective is limiting the access to information and information processing facilities. A.9.1.1 Access Control Policy Control- An access control policy with supporting business and information security requirements should be established, documented, and reviewed. Implementation Guidance- Asset owners should lay down appropriate rules for access control, access rights, and limits on particular user roles to their assets, with the level of info and the strictness …

Annex A.9 Access Control Read More »

A.8.3-Media-Handling

A.8.3 Media Handling

A.8.3 Media Handling Its objective is to Stop unauthorized release, alteration, deletion, or destruction of information contained in the media. A.8.3.1 Management of Removable Media Control- Procedures shall be implemented for the management of removable media in accordance with the classification scheme adopted by the organization. Implementation Guidance- The following guidelines should be considered for the management of removable media: If not needed, the contents of any reusable media that are to be removed from …

A.8.3 Media Handling Read More »

A.8.1.3-Acceptable-Use-of-Assets-&-A.8.1.4-Return-of-Assets

A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets

A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets this is a part of assets management previous article was based on same which is continue in this article. A.8.1.3 Acceptable Use of Assets Control- Rules should be identified, documented, and implemented for the acceptable use of information and assets linked to information and information processing facilities. Implementation Guidance- The information security requirements of the organization’s assets along with information and information processing facilities and …

A.8.1.3 Acceptable Use of Assets & A.8.1.4 Return of Assets Read More »

A.8.2.2-Labeling-of-Information- &- A.8.2.3-Handling-of-Assets

A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets

A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets is based on ISO in this article these two topic has been explained. A.8.2.2 Labeling of Information Control- A.8.2.2 Labeling of Information In accordance with the information classification scheme adopted by the organization an adequate set of methods for labeling information should be established and implemented. Implementation Guidance- Information labeling procedures need to cover information in physical and electronic formats and its related assets. The labeling …

A.8.2.2 Labeling of Information & A.8.2.3 Handling of Assets Read More »