iFour Consultancy

ISO 27001 – A13 Communications Security

Communicating is a key activity for any human beingEffective communication, in content, format and time, creates trust both from internal and

external partiesISO 27001 addresses the communication issue

Introduction

Software application development India

The Communication Plan is a question of creating and maintaining trust and confidence in

1) Your preparedness, 2) Your capability to face events, and 3) Your ability to recover from crises

The Communication Plan is a key element of a good Information Security Management System

Communication Plan

Software application development India

A13 Communications Security Clauses

• Network Security Management13.1

• Information Transfer13.2

Software application development India

To ensure the protection of information in networks and its supporting information processing facilities

Networks and network services should be secured, for example by segregation.

13.1.1 Network Controls13.1.2 Security of network services13.1.3 Segregation in networks

13.1 Network Security Management

Software application development India

Controls for Network Security Management

• Networks shall be managed and controlled to protect information in systems and applications

Network Controls

• Security mechanisms, service levels and management requirements of all network services shall be identified and included in network services agreements, whether these services are provided in-house or outsourced

Security of Network Services

• Groups of information services, users and information systems shall be segregated on networks

Segregation in Networks

Software application development India

To maintain the security of information transferred within an organization and with any external entity

There should be policies, procedures and agreements (e.g. non-disclosure agreements) concerning information transfer to/from third parties, including electronic messaging.

13.2.1 Information transfer policies and procedures13.2.2 Agreements on information transfer13.2.3 Electronic messaging13.2.4 Confidentiality or non-disclosure agreements

13.2 Information Transfer

Software application development India

Controls for Information Transfer

• Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification

Information transfer policies and procedures

• An appropriate set of procedures for information labelling shall be developed and implemented in accordance with information classification scheme adopted by the organization

Agreements on information transfer

• Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization

Electronic messaging

• Requirements for confidential or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented

Confidentiality or non-disclosure agreements

Software application development India

References

http://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/

https://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://www.iso27001security.com/html/27002.html#Section10

Software application development India

Visit- http://www.ifour-consultancy.comOr

http://www.ifourtechnolab.com

For more details

Software application development India

THANK YOU

Software application development India