A.11

Introduction: One of the essential aspects of information security is to ensure that sensitive information is not left unattended, exposed to unauthorized access, or at risk of theft.  A clear desk and clear screen policy is an effective measure to safeguard confidential data by ensuring that work areas are free […]

Introduction: Ensuring the security of unattended user equipment is crucial for preventing unauthorized access, data loss, and corruption.  Organizations need to have a policy and procedures in place to manage the security of unattended user equipment.  ISO 27001:2013 provides a framework for establishing, implementing, maintaining, and continually improving an information […]

Introduction: A crucial aspect of information security is the secure disposal or re-use of equipment.  Organizations must have proper policies, procedures, and guidelines in place to ensure that data is not compromised when disposing of or re-using storage media and ICT equipment.  Failure to do so can lead to data […]

Introduction: Information is one of the most important assets of an organization, and securing it should be a top priority.  While many security measures are put in place to protect information while it’s on-premises, it’s also essential to ensure the security of equipment and assets when they are off-premises.  A.11.2.6 […]

Introduction: Information assets have become crucial for organizations. Information technology (IT) equipment and storage media contain valuable information that should be protected against unauthorized access, theft, or loss.  Therefore, it is important to ensure that proper policies and procedures are in place for the removal of such assets from the […]

Introduction: In the current era of technology, the IT infrastructure plays a critical role in the functioning of any organization.  It is important to ensure that the supporting utilities and equipment are functioning properly to minimize the risk of downtime and potential losses.  In this article, we will discuss one […]

Introduction: In the digital era, data is the backbone of organizations. Therefore, it is essential to protect the physical infrastructure that supports the data and IT systems.  This is where cabling security comes into play.  Cabling security is the protection of the physical infrastructure that supports data and IT systems.  […]

Introduction: The uninterrupted supply of power and proper cooling is critical for the smooth operation of shared or critical IT systems.  Facilities and electrical engineers must ensure that the electrical power arrangements for computer rooms, network closets, and other locations housing IT equipment are reliable and of high quality.  They […]

Introduction: Information and communication technology (ICT) equipment is the backbone of most businesses, making it imperative to secure and protect it against various physical and environmental threats.  Organizations must evaluate the risks associated with these threats and implement controls that minimize the risks to ICT equipment.  ISO/IEC 27001 A.11.2.1 is […]

Introduction: Physical security is a crucial aspect of information security, which is often overlooked.  The physical security measures protect an organization’s assets and personnel against theft, unauthorized access, and damage.  ISO 27001 provides a set of standards to evaluate an organization’s physical security controls.  A.11.1.6 Delivery and loading areas are […]