Upload
ankita-lachhwani
View
375
Download
2
Embed Size (px)
Citation preview
iFour Consultancy
ISO 27001 – A13 Communications Security
Communicating is a key activity for any human beingEffective communication, in content, format and time, creates trust both from internal and
external partiesISO 27001 addresses the communication issue
Introduction
Software application development India
The Communication Plan is a question of creating and maintaining trust and confidence in
1) Your preparedness, 2) Your capability to face events, and 3) Your ability to recover from crises
The Communication Plan is a key element of a good Information Security Management System
Communication Plan
Software application development India
A13 Communications Security Clauses
• Network Security Management13.1
• Information Transfer13.2
Software application development India
To ensure the protection of information in networks and its supporting information processing facilities
Networks and network services should be secured, for example by segregation.
13.1.1 Network Controls13.1.2 Security of network services13.1.3 Segregation in networks
13.1 Network Security Management
Software application development India
Controls for Network Security Management
• Networks shall be managed and controlled to protect information in systems and applications
Network Controls
• Security mechanisms, service levels and management requirements of all network services shall be identified and included in network services agreements, whether these services are provided in-house or outsourced
Security of Network Services
• Groups of information services, users and information systems shall be segregated on networks
Segregation in Networks
Software application development India
To maintain the security of information transferred within an organization and with any external entity
There should be policies, procedures and agreements (e.g. non-disclosure agreements) concerning information transfer to/from third parties, including electronic messaging.
13.2.1 Information transfer policies and procedures13.2.2 Agreements on information transfer13.2.3 Electronic messaging13.2.4 Confidentiality or non-disclosure agreements
13.2 Information Transfer
Software application development India
Controls for Information Transfer
• Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification
Information transfer policies and procedures
• An appropriate set of procedures for information labelling shall be developed and implemented in accordance with information classification scheme adopted by the organization
Agreements on information transfer
• Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization
Electronic messaging
• Requirements for confidential or non-disclosure agreements reflecting the organization’s needs for the protection of information shall be identified, regularly reviewed and documented
Confidentiality or non-disclosure agreements
Software application development India
References
http://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://www.iso27001security.com/html/27002.html#Section10
Software application development India
Visit- http://www.ifour-consultancy.comOr
http://www.ifourtechnolab.com
For more details
Software application development India
THANK YOU
Software application development India