Control a.11 and a.11.1 - by software outsourcing company in India
-
Upload
ifour-consultancy -
Category
Technology
-
view
39 -
download
0
Transcript of Control a.11 and a.11.1 - by software outsourcing company in India
iFour ConsultancyControl A.11 and A.11.1
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/1
Control A.11A.11.1 : Secure areasA.11.1.1A.11.1.2A.11.1.3A.11.1.4A.11.1.5A.11.1.6References
ContentsCustom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/2
Control A.11 Physical and environmental securityTakes care of both physical and environmental security of an organization
Two sub-controls:A.11.1 : Secure areasA.11.2 : Equipment
Physical security includes security guards, biometric machines etc
Environmental security includes disaster recovery from earthquake, fire etc
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/3
Control objective of A.11.1 :To prevent unauthorized physical access, damage and interference to the organizations information and information processing facilities.
Security breach of this control can be there if someone gets unauthorized access to secure areas.
Areas like data centre are critical because of storage of critical information. So, it should be highly secured.Control A.11.1 Secure areas
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/4
A.11.1.1 : Physical security perimeter Safety measures should be taken across physical security perimeter to protect areas from any unauthorized access.
Control objective:Security perimeters shall be defined and used to protect areas that contain either sensitive or critical information and information processing facilities.
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/5
Control objective:Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.
Physical entry controls include:PasswordPassphraseBiometricSmart card
A.11.1.2 : Physical entry controls
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/6
A.11.1.3 : Securing offices, rooms and facilities Control objective:Physical security for offices, rooms and facilities shall be designed and applied.Physical security includes:Security guardSwipe-in/Swipe-outLuggage scanBiometric
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/7
A.11.1.4 : Protecting against external and environmental threats Control Objective:Physical protection against natural disasters, malicious attack or accidents shall be designed and applied.
External threats include:EarthquakeTsunami
Environmental threats include:Global warmingFire
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/8
Control Objective:Procedures for working in secure areas shall be designed and applied.
Procedures:CCTV cameras installationBody scan of people working thereBiometricA.11.1.5 : Working in secure areas
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/9
Control Objective:Access points such as delivery and loading areas and other points where unauthorized persons could enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access.
Unauthorized access:Shoulder surfingTheft of employee ID cardSocial EngineeringA.11.1.6 : Delivery and loading areas
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/10
Referenceshttp://www.slideshare.net/null0x00/iso-27001-2013-changeshttp://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27001/resources/BSI-ISO27001-transition-guide-UK-EN-pdf.pdfhttps://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://www.iso27001security.com/html/27001.html
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/11
iFour Consultancy Services
Visit these websites for more details:http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com
THANK YOU!!!
Custom eCommerce Solution Providers
http://www.ifourtechnolab.com
Custom eCommerce Solution Providers - http://www.ifourtechnolab.com/12