- Security Policy - to provide Management Direction and support for information security.
- Organisation of Assets and Resources - to help you manage information security.
- Asset classification and control – to help you identify and protect your assets.
- Personnel security – to reduce the risks of human error, theft, fraud or misuse of facilities.
- Physical and environmental security – to prevent unauthorized access, damage, and interference with business premises and information.
- Communications and operations management - to ensure the correct and secure operation of information processing facilities.
- Systems development and maintenance – to ensure that security is built into information systems. Access control – to control access to information.
Wednesday, February 11, 2009
ISO27001 and ISO17799 identify 10 key areas and controls.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment