Upload
ifour-consultancy
View
343
Download
0
Embed Size (px)
Citation preview
ISO 27001 - Control A5 - Information Security Policies
Information Security Policy A5.1.1 information Security Policy A5.1.2 Review of Information Security policy
Topics covered
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
Control A5 - Information Security Policies
Ecommerce solution providers in India
A 5.1 Information Security Policy
A5.1.1 information Security Policy A5.1.2 Review of Information Security policy
http://www.ifourtechnolab.com
A 5.1 Information security policy Objective: To provide management direction and support for information security in
accordance with business requirements and relevant laws regulations.
A 5 Security Policy
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
Information Security Policies - Written policies, providing management direction and support for information security-related activities, are available to all employees.
Which includes: Enterprise policies Computer system, application and related media policies Network policies physical security
Continue…
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
Enterprise policies apply to all employees, regardless of their role in the organization and focus on sound information management practices
Computer system, application and related media policies focus on Information Technology department-specific activities
Continue…
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
Network policies address those activities performed to provide connectivity to / from computer systems and applications.
Physical security includes:Data Processing Facilities Security - Policies define and ensure the consistent
implementation of safeguards for controlling access to computing facilities.
Continue…
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
An information security policy document should be approved by management, and published and communicated to all employees and relevant external parties.
5.1.1 Information security policy document
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
• The information security policy should be reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness.
Periodic Management Reviews can take place
5.1.2 Review of the information security policy
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
http://advisera.com/27001academy/knowledgebase/overview-of-iso-270012013-annex-a/
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwjNvoKEr53MAhVkHqYKHSYqBIYQFgg8MAE&url=http%3A%2F%2Fwww.fatih.edu.tr%2F~mcokyilmaz%2Fsources%2Fceng482%2Fslides%2FUniversity%2520ISO%252027001%2520BGYS%2520Intro%2520and%2520Certification%2520LamiKaya%2520May2012.pptx&usg=AFQjCNF8OXOpcYMRQY5BQWULsKcsi3pZGg&sig2=tC5DBCGxzdUagpV7jZp3Ww
References
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
For more details…
Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com
Thanks