Structure of iso 27001 (1) - PowerPoint PPT Presentation


PPT – Structure of iso 27001 (1) PowerPoint presentation | free to download - id: 88d976-OTg0Y


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Structure of iso 27001 (1)


ISO 27001 Annex A documents to be written, which documents must cover which checks, and what is the sequence of the writing documents. – PowerPoint PPT presentation

Number of Views:14
Slides: 6
Provided by: cunix
Category: Other
Tags: isms | iso27001


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Structure of iso 27001 (1)

Structure of ISO 270012013
Controls (Annex A)
  • A.5 Information Security Policies Controlling
    how policies are written and revised
  • A.6 Information Security Organization Controls
    on how responsibilities are assigned also
    includes controls for mobile devices
  • A.7 Human Resources Security Pre-employment,
    during and after employment controls
  • A.8 Asset management Asset inventory and
    acceptable use controls also for information
    classification and media management
  • A.9 Access control Access control policy, user
    access management, system and application access
  • A.10 Cryptography Encryption and Key
    Management Controls

  • A.11 Physical and environmental security
    Controls defining secure areas, entry controls,
    protection against threats, security of the
    equipment, secure removal, clear desk and clear
    screen policy, etc.
  • A.12 Operational security Procedures and
    responsibilities, malware, backup, logging,
    monitoring, installation, vulnerability etc.
  • A.13 Communications Security Network security,
    information transfer, e-mail security checks etc.
  • A.14 Acquisition, development and maintenance of
    the system Controls defining security
    requirements and security in the development and
    support processes
  • A.15 Vendor Relations Controls on what to
    include in agreements and how to monitor
  • A.16 Information Security Incident Management
    Controls to signal events and weaknesses, define
    responsibilities, assessment of events, response
    and learn from incidents and collection of
  • A.17 Aspects of information security in the
    management of continuity of operations
    Controlling the planning, implementation and
    review of the continuity of information security

A.18 Compliance Controls Requiring the
Identification of Applicable Laws and
Regulations, Protection of Intellectual Property,
Protection of Personal Data and Examination of
the Security of Personal Information One of the
biggest myths about ISO 27001 implementation is
that it is computer-centric. On the contrary it
involves various aspects as mentioned above in
Annexure. Controls mentioned in Appendix A are
essential part of ISO 27001 Implementation. As
per the risk assessment, an organization can
decide the applicability of the controls with
valid rationale.
Thanks You