fbpx

ISO27001 – Control 5.11 – Return of Assets

By |2024-06-14T14:34:48+01:00June 16th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.11 - Return of Assets Control Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement. What this means When a member of staff, contractor or supplier reaches the end of their employment or contract period, there should be a process in place to ensure that all the organisations assets are returned. This includes devices such as laptops and mobile phones as well as business paperwork (held [...]

Read More
 0

ISO27001 – Control 5.10 – Acceptable use of information and other associated assets

By |2024-05-31T16:10:27+01:00June 3rd, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.10 - Acceptable use of information and other associated assets Control Rules for the acceptable use and procedures for handling information and other associated assets should be identified, documented and implemented. What this means This is all about ensuring that information and associated assets are appropriately protected, used and handled. You should have a procedure which documents the rules for acceptable use and the protection of assets. The organisation should identify the staff and external party users using or having access to the [...]

Read More
 0

ISO27001 – Control 5.9 – Inventory of information and other associated assets

By |2024-05-28T12:11:45+01:00May 28th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.9 - Inventory of information and other associated assets Control An inventory of information and other associated assets, including owners, should be developed and maintained. What this means Organizations should develop and maintain an inventory of their information assets and other associated resources, including details about who owns each asset. The purpose is to identify all the organization's important information and assets in order to properly secure them and assign clear ownership responsibilities. Ownership should be assigned when assets are created or when [...]

Read More
 0

ISO27001 – Control 5.8 – Information Security In Project Management

By |2024-05-13T15:03:48+01:00May 13th, 2024|Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.8 - Information Security in Project Management Control Information security should be integrated into Project Management. What this means When planning and executing projects, it's essential to integrate information security practices throughout the entire project lifecycle. Information security risks can derail projects and jeopardise deliverables if not addressed proactively. This can be applied to any type of project regardless of its complexity, size, duration, discipline or application area (e.g. a project for a core business process, ICT, facility management or other supporting processes). [...]

Read More
 0

ISO27001 – Control 5.7 – Threat Intelligence

By |2024-04-26T17:58:33+01:00April 26th, 2024|Cyber Security, Information Security, ISO 27001 Controls, ISO27001 Certification, ISO27001 Implementation|

ISO27001 - Control 5.7 - Threat Intelligence Control Information relating to information security threats should be collected and analysed to produce threat intelligence. What this means Organizations should gather and analyze information about security threats to understand the risks they face. This "threat intelligence" can help them take appropriate actions to prevent attacks or reduce the impact of an attack. Threat intelligence has three levels: Strategic - High-level information about the overall landscape of threats and attackers Tactical - Details on the methods, tools, and technologies [...]

Read More
 0

ISO27001 – Control 5.6 – Contact with Special Interest Groups

By |2024-04-11T14:58:45+01:00April 15th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.6 - Contact with Special Interest Groups Control The organization shall establish and maintain contact with special interest groups or other specialist security forums and professional associations. What this means As an organization, it's important to establish and maintain contact with special interest groups, security forums, and professional associations related to information security. Why is this important? The goal is to ensure there is an appropriate flow of information when it comes to information security. How can you do this? Here are some [...]

Read More
 0

ISO27001 – Control 5.5 – Contact with Authorities

By |2024-05-16T11:52:17+01:00April 8th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.5 - Contact with Authorities Control The organization should establish and maintain contact with relevant authorities. What this means The aim of this control is to ensure an open dialogue with regard to information security and incidents between the organisation and relevant legal, regulatory, and supervisory authorities. This means the organization should: Identify the proper authorities to contact about information security issues. This could include law enforcement, regulatory agencies, supervisory bodies, etc. List the proper authorities, usually in your interested parties policy. Decide [...]

Read More
 0

ISO27001 – Control 5.4 – Management Responsibilities

By |2024-03-11T12:09:45+00:00March 12th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.4 - Management Responsibilities Control Management should require all personnel to apply information security in accordance with the established information security policy, topic-specific policies and procedures of the organisation. What this means   For an organisation to effectively protect its information assets, it's not enough to just have security policies and procedures in place. The employees and personnel who handle that information daily need to be aware of the policies and diligent about following them. But ensuring this level of security awareness and [...]

Read More
 0

ISO27001 – Control 5.3 – Segregation of Duties

By |2024-03-05T11:27:19+00:00March 5th, 2024|Information Security, ISO 27001 Controls|

ISO27001 - Control 5.3 - Segregation of Duties Control Conflicting duties and conflicting areas of responsibility should be segregated. What this means The purpose of this control is to ensure appropriate segregation of duties is in place to reduce the risks of fraudulent activities, human errors, and intentional bypassing of security controls that could compromise an organisation's information assets. In any organisation, there are certain roles and responsibilities that should never be combined under a single individual. This is because concentrating too many roles or privileges [...]

Read More
 0

ISO27001 – Control 5.2 – Information Security Roles and Responsibilities

By |2024-04-19T16:39:05+01:00March 1st, 2024|ISO 27001 Controls|

ISO27001 - Control 5.2 - Information Security Roles and Responsibilities Control Information security roles and responsibilities should be defined and allocated according to the organization needs. What this means The purpose of this control is to ensure there is a formal approved structure for managing, implementing, and operating the information security management system (ISMS). When assigning security roles and responsibilities, an organisation should align responsibilities with the overarching information security policy and any other specific security policies. Common roles and responsibilities that should be covered include: [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top