Knowledge Base

A.6.2-Mobile-Devices-and-Teleworking

A.6.2 Mobile Devices and Teleworking

A.6.2 Mobile Devices and Teleworking its objective is to ensure the security of teleworking and the use of mobile devices. A.6.2.1  Mobile Device Policy  Control- To manage the risks introduced by the use of mobile devices, a policy and supporting safety measures should be adopted.  Implementation Guidance- Special care should be taken when using mobile devices to ensure that business information is not compromised. The policy on mobile devices should take into account the risks …

A.6.2 Mobile Devices and Teleworking Read More »

Annex-A.6-Organization-of-Information-Security

Annex A.6 Organization of Information Security

6.1 Internal Organization Annex A.6 Organization of Information Security its object is to establish a management framework for initiating and controlling the implementation and functioning of information security within the organization. 6.1.1 Information Security Roles and Responsibilities Control- All responsibilities related to information security should be well defined and assigned. Implementation Guidance- Allocation of information security responsibilities should be carried out in compliance with information security policies (Refer A.5.1.1). Responsibilities for the security of individual …

Annex A.6 Organization of Information Security Read More »

ISO 27002-Information technology- Security techniques- Code of practice for information security controls

ISO 27002 Information technology Security techniques Code of practice for information security controls

Scope ISO 27002 Information technology Security techniques Code of practice for information security controls, This International Framework includes guidance for organization information security policies and information security management activities including identification, implementation and control management taking into account the information security risk environment(s) of the enterprise. Related Product : ISO 27001 Lead Auditor Training And Certification ISMS ISO 27002 has been designed for organization that plan to: Choose controls provided by ISO / IEC under the implementation …

ISO 27002 Information technology Security techniques Code of practice for information security controls Read More »

ISO 27002- INTRODUCTION

ISO 27002- INTRODUCTION

1. Information Security Requirements ISO 27002- INTRODUCTION, With the ever growing and sophisticated technoscapes that span our world, it is really important for organizations to look after its security measures. Consumers are therefore demanding greater transparency from businesses about the data they collect – and the compliances which they are following. Thus, proper certifications and due diligence assures every stakeholder’s mind that their organisation is taking data privacy seriously. Towards this, there are three main …

ISO 27002- INTRODUCTION Read More »

5. Information Security Policies

A.5 Information Security Policies

5. 1  Management direction for information security 5 Information Security Policies, Its objective is to provide management guidance and information security assistance in accordance with business requirements and relevant laws and regulations. 5.1.1 Policies for Information Security Control-  A set of information security policies should be established, managed accepted, published and communicated to the employees and related external parties. Implementation Guidance- At the very least companies need to identify a management-approved “information security strategy,” which outlines …

A.5 Information Security Policies Read More »

ISO 27001 Clause 10.2 Continual Improvement

ISO 27001 Clause 10.2 Continual Improvement

Required Activity ISO 27001 Clause 10.2 Continual Improvement, The organization continually improves the suitability, adequacy and effectiveness of the ISMS. Why organization needs to have continual improvement? Organizations are never static, nor their contexts. In addition, the threats to the information systems, and the ways in which they can be compromised, are rapidly changing. At the end of the day, there’s no ISMS which remains perfect; it always needs to be set on continual improvement; …

ISO 27001 Clause 10.2 Continual Improvement Read More »

ISO 27001 Clause 10.1 Non conformity and corrective action

ISO 27001 Clause 10.1 Non conformity and corrective action

Required activity ISO 27001 Clause 10.1 Non conformity and corrective action, Clause 10 containing sections 10.1 and 10.2 covers the “Act” part W. Edwards Deming’s Plan-Do-Check-Act (PDCA) cycle. This clause helps an organisation react to nonconformities, evaluate them and take corrective actions with the end goal of continually improving how it runs its daily activities. Explanation Nonconformity may be a non-fulfilment of a requirement of the ISMS. Nonconformity cannot always be avoided, because mistakes do …

ISO 27001 Clause 10.1 Non conformity and corrective action Read More »

ISO 27001 Clause 9.3 Management review

ISO 27001 Clause 9.3 Management review

Activity ISO 27001 Clause 9.3 Management review, Top Management conducts management review for ISO 27001 at planned intervals. What is ISO 27001 Clause 9.3? ISO 27001 Clause 9.3 Management review, clause highlights the significance of management review which helps to ensure continuing suitability, adequacy, and effectiveness of Information Security Management System in the organization, where Suitability refers to the continuous alignment with the objectives of the organization, Adequacy and Effectiveness call for appropriate design and …

ISO 27001 Clause 9.3 Management review Read More »

Services Related Elastic Compute Cloud (EC2)

Services Related Elastic Compute Cloud (EC2)

Services Related Elastic Compute Cloud (EC2) in this article you will learn different types of EC2 Services like AWS Systems Manager, Placement Groups, AWS Elastic Beanstalk and Amazon Elastic Container Service and AWS Far gate etc. EC2-Related Services This section will briefly introduce you to a few more EC2 features. Some of these features won’t necessarily play a large role in the solutions architect exam but could definitely come in handy for you in your …

Services Related Elastic Compute Cloud (EC2) Read More »

Introduction to Amazon Glacier Service

Introduction to Amazon Glacier Service

Introduction to Amazon Glacier Service this is the blog topic in that you will learn S3 and Glacier Select, Amazon Glacier, Storage Pricing & Other Storage-Related Services like Amazon Elastic File System, AWS Storage Gateway, AWS Snowball etc S3 and Glacier Select AWS provides a different way to access data stored on either S3 or Glacier: Select. The feature lets you apply SQL-like queries to stored objects so that only relevant data from within objects …

Introduction to Amazon Glacier Service Read More »