Information Security Management

 


Information Security Management

 

How to improve information security management of the organization– As per the information security Management System Standard – ISO 27001 – there are 114 information security controls have been identified. Out of 114 information security controls may not be applicable to the organization considering the nature of the activities of the organization. So, while selecting the information security controls – the organization should look at the most applicable information Security controls – Then Develop the statement of applicability (SOA) and apply the information security controls in the organization. Once information security controls are implemented – Monitor the controls closely and see if the controls are suitable to meet the information security.

If the Information security Controls are working as per the objective of organization requirements of information security makes it a standard practice. 

In my last blog – I explained how to implement information security control and explained the Few controls. Hope it was helpful for the reader to understand information security controls – If you have not read my last blog – kindly see the links - Information Security Controls.

 

In this blog, 8 nos of Information security controls are for your kind reference. I have tried to explain - what is information security controls and how to implement them in the organization.

 

1.      Physical entry controls Organizations need to implement the Physical entry control and that can help to maintain the proper data of every employee

 

There is some way to implement as below for physical entry

 

-                     Organizations need to use the Biometric box at the entrance.

-                     Organization needs to fix the camera at the entrance

-                      Organization can use the entry digital entry register

 

2.      Cabling security, Equipment maintenance – the organization needs to take an NDA with everyone to control the cabling security and equipment maintenance.

 

3.     Network securityorganization shall put a password in every network and that can help to protect from internal and external visitors accessing the network. In this control, we can cover the control like network controls, security of network services, and segregation in the network.

 

There are some tools that can help us to control network security:

Anti-malware software

Anomaly detection

Data loss prevention (DLP)

Email security

Endpoint security

Firewall

Network segmentation

Security information and event management (SIEM)

Virtual private network (VPN)

Web security

Wireless security

 

4.      Electronic messaging – This is a very big issue that needs to control by the organization at many stages like massaging through mobile, use of personal mail id, and use of social sites (LinkedIn, Facebook, etc) the organization has to control this by using Antivirus.

 

There are some tools that can help to protect

-                     Antivirus / Firewall – it can help to block all types of social media.

 

 

 

5.      Asset ManagementThe assets management comes in the A.8 section and in this control, we can protect the many point i.e Responsibility of assets, inventory of assets ownership of assets acceptable use of assets, and return of assets.

 Every above control will be monitored by the IT Department to identify the next opportunities and development.

There is a way to control all types of asset point

-                     Organization needs to manage the datasheet of assets in excel sheet with some specific points to be covered i.e.

-                     Product name/assets name

-                     Date of withdrawn

-                     Name of person

-                     Date of return

-                     Name of responsible person or authorized person

-                     Condition of product at the time of return

 

6.      Media handling - The media handling comes under the A8.3 section and in this control, we can protect the data when the media is going to remove or disposed

 

There is some point that needs to be covered in this control

-                     Organization has all records of all media which are in use or removed

-                     After removable of media, they must be disposed of in a proper manner

 

7.     Access control – this point comes under the A.9 Section and through access control, an organization can control unauthorized person entry in any sector or in any network.

 

There is a way to control all types of Access

-                     Put the password in all network

-                     Segregate the all network as per the department

-                     Put the password in all types of folder

-                     Make a policy for access to another network

 

8.     Control of Operational software - this point comes under the A 12.5 Section and this control will help to restrict the installation part of any system means no one can install any software on any system without permission.

 

  

Hope these information security controls explained above help you to understand the implementation process for information security management in the organization for ISO 27001 Certification.

 

So, if your organization is preparing for ISO 27001 Certification or you are looking at how to ISO 27001 Certified. This blog will be helpful to understand and develop the statement of applicability (SOA)

 

If you are Looking for more information about ISO 27001 Certification or how to apply for ISO 27001 Certification. Then this information Could be helpful to you. In case you need any further information on information security Controls – Keep following us or writing comments.



Comments

Post a Comment

Popular posts from this blog

Benefits of ISO 45001 Certification

Image
  Benefits of ISO 45001 Certification for Small organization Nowadays it is a requirement for any organization's responsibility to provide a safe workplace for its employee, including workers, contractors, visitors, and society.   Organizations ensure that there should be no ill health, accidents & Incidents in the organization or it should be reduced as much as low possible to ensure Human Safety at the workplace. If the organization plan for OHS safety in a systematic way considering the standard OHS works practice in the organization. Then it is possible to enhance the Occupational Health Safety (OHS) of the organization and ensure human safety at the workplace.   ISO 45001 – is an Occupational Health Safety Management System Standard – the requirement of ISO 45001 has been placed in such a way that – if the organization implements ISO 45001 in the organization effectively and adopts the ISO 45001 requirements into practice. the OHS performance of the organiz...
Read more

ISO 9001 Certification for Beginners -A Guide

Image
  ISO 9001 Certification for Beginners -A Guide This Blog is for providing awareness and guidelines for organization that is new to ISO 9001 Certification.  So as a Beginner organization can refer to the below information about ISO 9001 Certification for Beginners - which could make you a better understanding of ISO 9001:2015 Standard, the Benefits of ISO 9001 Certification, and the Documents required for ISO 9001 Certification, ETC. About ISO 9001:2015  Standard ISO 9001:2015 - It is a Quality Management System (QMS) Standard that the International Organization for Standardization (ISO) most recently released in 2015 - Enhancing customer satisfaction through a continuous supply of goods and services that satisfy both customers' needs and applicable regulatory requirements is the goal of the ISO 9001:2015 Standard (if any). Any type or size of business organization may decide to use this ISO 9001 Standard in the organization for increased productivity, increased customer ...
Read more

Aspects of ISO 22000 Certification

Image
  Aspects of ISO 22000 Certification   What is ISO 22000 Certification?   ISO 22000 is an exceptionally critical affirmation framework that specialists acknowledge as the International Food Safety standard. It decides the necessities for something good and the most significant administration framework that each organization should go for on the off chance that it has a say in food assembling, preparation, appropriation, and so forth. It makes these associations show their capacity and commitment to control and stop security risks identified with different kinds of food people devour.   The current variant of ISO 22000 Certification was taken on and acknowledged in 2018, so it is known as ISO 22000:2018. Each part of the natural way of life framework should apply to it and get it right away. This accreditation standard searches for satisfying any appropriate food security connected lawful and administrative standards into its food handling framework.  ...
Read more