a.6 organization of information security
Post on 11-Sep-2015
11 Views
Preview:
DESCRIPTION
TRANSCRIPT
iFour ConsultancyA6 : Organization of Information SecurityISO for Software Development Companies in India http://www.ifour-consultancy.com1The administrative structure of the organization and its relationships with external parties must promote effective management of all aspects of information security.Includes maintaining the security of the organization's information, its processing facilities, and any information or facilities that are accessed, processed, communicated to or managed by external parties.A.6 Organization of Information Security
Internal OrganizationMobile Devices and Teleworking
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
2A.6.1 Internal OrganizationObjective: To establish a management framework to initiate and control the implementation and operation of information security within the organization. NOTE: This is a generic structure chart. One should replace it by one describing a particular Organizations actual management structure for information security. Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
3A.6.1 Internal Organization (Conti)Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
4
A.6.1.1 Information Security Roles and Responsibilities Control: All information security responsibilities shall be defined and allocated.
Note: Before defining and allocating responsibility to individuals company should create Organizational chart.Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
5A.6.1.2 Segregation of DutiesControl: Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organizations assets.
Two Primary Objectives:
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
6Control: Appropriate contacts with relevant authorities shall be maintained. A.6.1.3 Contact with AuthoritiesFollowing points could be included:
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
7
Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. A.6.1.4 Contact with Special Interest Groups
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
8
A.6.1.5 Information Security in Project Management Control: Information security shall be addressed in project management, regardless of the type of the project.
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
9
A.6.2 Mobile Devices and TeleworkingObjective: To ensure the security of teleworking and use of mobile devices.Applicability
Mobile PhonesDesktop computers used off-premisesNotebook, palmtop computers and laptopMedia and portable storage devices Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
10A.6.2.1 Mobile Device PolicyControl: A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices.
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
11A.6.2.2 Teleworking PolicyControl: A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
12Management CommitmentsSoftware Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
13Referenceshttp://it.med.miami.edu/x2227.xmlhttp://it.med.miami.edu/x1771.xmlhttps://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.comiFour Consultancys ISMS policy documentation http://www.ifour-consultancy.comhttp://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it-security.html
Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com
14
top related