Control a.11 and a.11.1 - by software outsourcing company in India

iFour ConsultancyControl A.11 and A.11.1

Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/1

Control A.11A.11.1 : Secure areasA.11.1.1A.11.1.2A.11.1.3A.11.1.4A.11.1.5A.11.1.6References

ContentsCustom eCommerce Solution Providers

http://www.ifourtechnolab.com


Control A.11 Physical and environmental securityTakes care of both physical and environmental security of an organization

Two sub-controls:A.11.1 : Secure areasA.11.2 : Equipment

Physical security includes security guards, biometric machines etc

Environmental security includes disaster recovery from earthquake, fire etc

Custom eCommerce Solution Providers



Control objective of A.11.1 :To prevent unauthorized physical access, damage and interference to the organizations information and information processing facilities.

Security breach of this control can be there if someone gets unauthorized access to secure areas.

Areas like data centre are critical because of storage of critical information. So, it should be highly secured.Control A.11.1 Secure areas




A.11.1.1 : Physical security perimeter Safety measures should be taken across physical security perimeter to protect areas from any unauthorized access.

Control objective:Security perimeters shall be defined and used to protect areas that contain either sensitive or critical information and information processing facilities.




Control objective:Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.

Physical entry controls include:PasswordPassphraseBiometricSmart card

A.11.1.2 : Physical entry controls




A.11.1.3 : Securing offices, rooms and facilities Control objective:Physical security for offices, rooms and facilities shall be designed and applied.Physical security includes:Security guardSwipe-in/Swipe-outLuggage scanBiometric




A.11.1.4 : Protecting against external and environmental threats Control Objective:Physical protection against natural disasters, malicious attack or accidents shall be designed and applied.

External threats include:EarthquakeTsunami

Environmental threats include:Global warmingFire




Control Objective:Procedures for working in secure areas shall be designed and applied.

Procedures:CCTV cameras installationBody scan of people working thereBiometricA.11.1.5 : Working in secure areas




Control Objective:Access points such as delivery and loading areas and other points where unauthorized persons could enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access.

Unauthorized access:Shoulder surfingTheft of employee ID cardSocial EngineeringA.11.1.6 : Delivery and loading areas




Referenceshttp://www.slideshare.net/null0x00/iso-27001-2013-changeshttp://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27001/resources/BSI-ISO27001-transition-guide-UK-EN-pdf.pdfhttps://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://www.iso27001security.com/html/27001.html




iFour Consultancy Services

Visit these websites for more details:http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com

THANK YOU!!!




Control a.11 and a.11.1 - by software outsourcing company in India

Technology

Transcript of Control a.11 and a.11.1 - by software outsourcing company in India