ISO 27001 has for the second 11 Domains, 39 Control
Objectives, and 130+ Controls. Following is a list of the Domains and Control
Objectives.
1. Security strategy
Information
security strategy
Objective: To give the executives direction and
backing to Information security as per business prerequisites and applicable
regulations and guidelines.
2. Organization of information security
Internal
organization
Objective: To oversee Information security inside the association.
Outside parties
Objective: To keep up with the security of the
organization’s Information and Information handling facilities that are
accessed to, handled, conveyed to, or managed by an external party.
3. Resource the executives
Obligation
regarding resources
Objective: To accomplish and keep up with the proper
assurance of hierarchical resources.
Information
classification
Objective: To guarantee that Information gets a
proper degree of assurance.
4. HR security
Preceding to
employment
Objective: To guarantee that representatives,
workers for hire, and outsider clients figure out their obligations, and are
appropriate for the jobs they are considered for, and to lessen the gamble of
burglary, misrepresentation, or abuse of offices.
During work
Objective: To guarantee that all representatives,
project workers, and third party clients know about Information security risks
and concerns, their obligations and liabilities, and are prepared to help
authoritative security strategy throughout their ordinary work, and to lessen
the risk of human blunder.
End or change of
employment
Objective: To guarantee that representatives,
project workers, and third-party clients leave an organization or changes work
in an efficient orderly way.
Also, Check -->> ISO 27001 Standard- Here is how
to stay with Certification
5. Physical and ecological security
Secure regions
Objective: To forestall unapproved actual access,
harm, and obstruction to the organization’s premises and data.
Equipment security
Objective: To forestall misfortune, harm, robbery,
or split the difference of resources and interference with the organization’s
exercises.
6. Communication and operation management
Functional methods
and obligations
Objective: To guarantee the right and secure
activity of Information handling facilities.
Third-party
assistance conveyance
Objective: To execute and keep up with the suitable
degree of Information security and administration conveyance following
third-party assistance conveyance arrangements.
7. Access control
Business
prerequisite for access control
Objective: To control admittance to data.
Client access to
the executives
Objective: To guarantee approved client access and
forestall unapproved admittance to Information frameworks.
Client obligations
Objective: To forestall unapproved client access,
and split the difference or burglary of Information and Information handling
facilities.
Network access
control
Objective: To forestall unapproved admittance to
arranged administrations.
Working framework
access control
Objective: To forestall unapproved admittance to
working frameworks.
8. Information frameworks acquisition, advancement, and support
Security
necessities of Information frameworks
Objective: To guarantee that security is an
essential piece of the Information system.
Right handling in
applications
Objective: To forestall blunders, misfortune,
unapproved adjustments, or abuse of Information in applications.
Cryptographic
controls
Objective: To safeguard the secrecy, credibility, or
respectability of Information by cryptographic means.
9. Information security incident management
Announcing Information
security events and shortcomings
Objective: To guarantee Information security events
and shortcomings related to Information frameworks are imparted in a way
permitting convenient remedial moves to be made.
The management of
Information security incidents and enhancements
Objective: To guarantee a predictable and powerful
methodology is applied to the administration of Information security
occurrences.
Also, Check -->> ISO 27001
Certification steps
10. Business continuity management
Information
security parts of business congruity management
Objective: To neutralize interferences to business
exercises and safeguard basic business processes from the impacts of
significant disappointments of Information frameworks or disasters and
guarantee their convenient resumption.
11. Compliance
Consistency with
lawful necessities
Objective: To keep away from breaks of any
regulation, legal, administrative or authoritative commitments, and of any
security necessities.
Consistency with
security approaches and principles, and specialized consistence
Objective: To guarantee the consistency of
frameworks with hierarchical security approaches and guidelines.
Information
frameworks audit contemplations
Objective: To amplify the adequacy of and limit
obstruction to/from the Information frameworks review process.
These are 11 domains of ISO 27001 Certification.
No comments:
Post a Comment