Posts Tagged ‘ISO/IEC 27002’

New Draft ISO27001 and ISO27002 Standards

Industry Update New Draft ISO27001 and ISO27002 Standards It has been announced that new Drafts of the two international information security standards ISO27001 (ISMS Requirements) and ISO27002 (Code of Practice) have been published. These Drafts have been published for the purpose of public consultation. As these are international standards, the consultation process operates internationally, via […]

Comments (1)

Controls against Mobile Code

ISO 27002 control A 10.4.2 of the standard requires that mobile code execution should be restricted to an intended environment to support an authorized organization mobile code policy. What is a mobile code so let’s first start with the definition: ‘Program or a code that can execute on remote locations without any modification in the […]

Leave a Comment

Operation Procedures and ISMS

In ISO 27001 Annex A control 10.1.1 makes it a requirement to identify all necessary operating procedures at policy level and then document these operating procedure based on the current environment. All of these operating procedures should be under strict document control meaning these procedures should be reviewed and updated at regular intervals based on […]

Comments (1)

ISO 27001 Securing offices and facilities

Physical Security Titles Control 9.1.3 of annex A requires organizations to secure perimeter to protect offices and facilities to protect information n and physical assets which have been classified as critical or within the scope of ISO 27001. It is not just protection of computer room or telecomm room HR might need secured cabinet area […]

Leave a Comment

Defense in depth and network segmentation

Traditional security schemes are incapable of meeting new security challenges of today’s business requirements. Most security architectures are perimeter centric and lack comprehensive internal controls. Organizations which are dependent on firewall security might be overtaxing (asking security mechanism to do more than it can handle). Some of the old firewalls rule set stay intact for […]

Comments (3)

ISO27k and compliance

Security review is performed to identify and analyze risks and weaknesses in the current security posture of an organization. An ISO assessment is performed utilizing international standard ISO 27002 and company security policy, the purpose of the review is to evaluate the information security posture of an organization based on international standard. The level of […]

Leave a Comment