Yearly Archives: 2023

Introduction: In today’s digital world, user authentication plays a crucial role in protecting sensitive information and data from unauthorized access.  A.9.2.4 Management of secret authentication information of users is an essential part of the ISO 27001 standard that focuses on the protection of user authentication information.  This control objective addresses […]

Introduction: In today’s digital age, access control is critical for organizations to safeguard their sensitive data and systems.  Unauthorized access can lead to a range of security incidents, from data breaches to system failures.  Access control policies and procedures are established to ensure that only authorized individuals can access an […]

Introduction: Access control is a critical aspect of information security, as it ensures that users are granted access only to the systems, applications, and data that they need to perform their job responsibilities.  A.9.2.2 User access provisioning is an important control within the access control domain.  This control requires that […]

Introduction: Access control is a critical aspect of an organization’s security posture, and ensuring that only authorized individuals can access sensitive data or systems is crucial.  A.9.2.1 User registration and de-registration is a crucial element of access control. It involves creating and removing user accounts from an organization’s systems and […]

Introduction: Access control is an essential aspect of information security management, as it determines who is allowed to access an organization’s systems, data, and resources.  This includes controlling access to networks and network services, which is covered by control A.9.1.2 in the ISO 27001 standard.  In this article, we will […]

Introduction: The A.9.1.1 control objective in the ISO/IEC 27001:2013 standard pertains to access control policy.  Access control policies are a set of guidelines that determine how access to sensitive information and critical systems is managed within an organization.  This article provides a checklist of critical factors that organizations should consider […]

Introduction: Physical media transfer is a crucial aspect of information security management.  The A.8.3.3 control objective in the ISO/IEC 27001:2013 standard provides guidelines for the control of physical media transfer.  Organizations must ensure that they have adequate controls in place to protect the confidentiality and integrity of sensitive information during […]

Introduction: The secure disposal of media is a critical aspect of information security management.  The A.8.3.2 control objective in the ISO/IEC 27001:2013 standard provides guidelines for the disposal of media.  Organizations must ensure that they dispose of media in a secure and responsible manner to prevent unauthorized access to sensitive […]

Introduction: As technology continues to advance, the use of removable media devices such as USB sticks, CDs/DVDs, tapes, and removable disk packs has become increasingly popular.  These devices provide an easy and convenient way to transfer and store information. However, they also pose significant information security risks if not managed […]

Introduction: Information is an essential asset for any organization, and it needs to be protected from unauthorized access, use, disclosure, disruption, modification, or destruction.  The ISO 27001 standard provides a framework for implementing an information security management system (ISMS) to protect the confidentiality, integrity, and availability of information.  Asset handling […]