ISO 27001 Annex A Controls

ISO 27001 Annex A 8.7 is about protection against malware, which means when you think about protection against harmful software (malware), you should look at the whole picture, not just using antivirus programmes. Antivirus software is certainly important, but you also need to think about a few other things. What Is Identity Management? Identity management […]

ISO 27001 Annex A 8.6 is about capacity management, which means a company should watch how resources are used and change them to meet the needs you have now and the needs you expect to have later. What Is Identity Management? Identity management is a way to make sure that only the right people, systems, or

ISO 27001 Annex A 8.5 is about secure authentication, which means you must have a system to handle how people authenticate based on access restrictions and the access control policy. What Is Secure Authentication? Authentication means you prove your identity. We need to be certain that you are the person asking for access. Authentication is the

ISO 27001 Annex A 8.4 is the rule about access to source code, which means a company must have a system to control access to source code, development tools and software libraries. What is ISO 27001 Annex A 8.4? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022

ISO 27001 Annex A 8.3 is about information access restriction, which means you must have a system to handle to restrict who can access information and IT systems. What Is Information Access Restriction? The best way to keep your information safe is by using access control and limits on who can see data. Its main

ISO 27001 Annex A 8.2 is about privileged access rights, which means a company must restrict access to privileged accounts and manage them. What are Privileged Access Rights? There are users that will be granted privileged access such as administer (admin) accounts, super user accounts, global admin accounts and even service accounts. ISO 27001 Privileged

ISO 27001 Annex A 8.1 is about User End Point Device Security. This rule says that an organisation must create and follow rules to control devices you use to connect to your systems and data. What is User End Point Device Security? Endpoint devices are the equipment you use to do your job, and you must

ISO 27001 Annex A 7.14 is a simple rule. You must safely get rid of old equipment. If you reuse equipment, you must wipe all data first. Make sure the data cannot be brought back. This rule focuses on how you get rid of or reuse your hardware. You must protect the data on the

ISO 27001 Annex A 7.13 is about maintaining your equipment following all guidance. This keeps it working and keeps your data private and safe. The main idea for this control is simple: You should maintain equipment as the maker suggests. This stops equipment from breaking or getting damaged. Equipment maintenance means you must care for

ISO 27001 Annex A 7.12 Cabling Security is a simple way to protect your vital cables. This control helps you make sure nobody damages or interferes with your cables. It also stops people from using your cables to intercept your private communications. Both power and data cables can be easily damaged or tapped into. To