Introduction: Access control is one of the most important aspects of information security. A.9.2.6 of the ISO/IEC 27001 standard focuses on the removal or adjustment of access rights of employees, vendors, and contractors on termination or change of their employment, contract, or agreement. Organizations need to ensure that appropriate measures […]
Checklist
Introduction: As organizations increasingly rely on technology and data to carry out their operations, securing access to sensitive information becomes critical for several reasons. Firstly, they help to ensure that access rights are up-to-date and correspond to the current needs of the organization. As employees join, leave or change roles […]
Introduction: In today’s digital world, user authentication plays a crucial role in protecting sensitive information and data from unauthorized access. A.9.2.4 Management of secret authentication information of users is an essential part of the ISO 27001 standard that focuses on the protection of user authentication information. This control objective addresses […]
Introduction: In today’s digital age, access control is critical for organizations to safeguard their sensitive data and systems. Unauthorized access can lead to a range of security incidents, from data breaches to system failures. Access control policies and procedures are established to ensure that only authorized individuals can access an […]
Introduction: Access control is a critical aspect of information security, as it ensures that users are granted access only to the systems, applications, and data that they need to perform their job responsibilities. A.9.2.2 User access provisioning is an important control within the access control domain. This control requires that […]
Introduction: Access control is a critical aspect of an organization’s security posture, and ensuring that only authorized individuals can access sensitive data or systems is crucial. A.9.2.1 User registration and de-registration is a crucial element of access control. It involves creating and removing user accounts from an organization’s systems and […]
Introduction: Access control is an essential aspect of information security management, as it determines who is allowed to access an organization’s systems, data, and resources. This includes controlling access to networks and network services, which is covered by control A.9.1.2 in the ISO 27001 standard. In this article, we will […]
Introduction: The A.9.1.1 control objective in the ISO/IEC 27001:2013 standard pertains to access control policy. Access control policies are a set of guidelines that determine how access to sensitive information and critical systems is managed within an organization. This article provides a checklist of critical factors that organizations should consider […]
Introduction: Physical media transfer is a crucial aspect of information security management. The A.8.3.3 control objective in the ISO/IEC 27001:2013 standard provides guidelines for the control of physical media transfer. Organizations must ensure that they have adequate controls in place to protect the confidentiality and integrity of sensitive information during […]
Introduction: The secure disposal of media is a critical aspect of information security management. The A.8.3.2 control objective in the ISO/IEC 27001:2013 standard provides guidelines for the disposal of media. Organizations must ensure that they dispose of media in a secure and responsible manner to prevent unauthorized access to sensitive […]