The objective here is protection of the organisation’s valuable assets that are accessible to or affected by suppliers.Īnnex A.15.2 is about supplier service development management. This also includes the requirements for information systems which provide services over public networks.Īnnex A.15.1 is about information security in supplier relationships. The objective in this Annex area is to ensure that information security is an integral part of information systems across the entire lifecycle. a customer, supplier or other interested party.Īnnex A.14 – System Acquisition, Development & MaintenanceĪnnex A.14.1 is about security requirements of information systems. The objective in this Annex is to maintain the security of information transferred within the organisation and with any external entity, e.g. The objective in this Annex is to ensure the protection of information in networks and its supporting information processing facilities.Īnnex A.13.2 is about information transfer. The objective in this Annex A area is to minimise the impact of audit activities on operational systems.Īnnex A.13.1 is about network security management.
The objective in this Annex A control is to prevent exploitation of technical vulnerabilities.Īnnex A.12.7 is about information systems and audit considerations.
The objective in this Annex A area is to ensure the integrity of operational systems.Īnnex A.12.6 is about technical vulnerability management. The objective in this Annex A area is to record events and generate evidence.Īnnex A.12.5 is about control of operational software. The objective here is to protect against loss of data.Īnnex A.12.4 is about logging and monitoring. The objective here is to ensure that information and information processing facilities are protected against malware.Īnnex A.12.3 is about backup. The objective of this Annex A area is to ensure correct and secure operations of information processing facilities.Īnnex A.12.2 is about protection from malware. The objective in this Annex control is to prevent loss, damage and theft or compromise of assets and interruption to the organisation’s operations.Īnnex A.12.1 is about operational procedures and responsibilities. The objective of this Annex is to prevent unauthorised physical access, damage and interference to the organisation’s information and information processing facilities.Īnnex A.11.2 is about equipment. The objective of this Annex is to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.Īnnex A.11 – Physical & Environmental SecurityĪnnex A.11.1 is about ensuring secure physical and environmental areas. Annex A.10.1 is about Cryptographic controls.
0 kommentar(er)
