Database Reference
In-Depth Information
Clause
Control Description
A7.2
Information classification: To ensure that information assets receive an
appropriate level of protection
A8
Human Resources Security
A8.1
Before Employment: To ensure that all employees, contractors, and third-party
users understand their responsibilities and are suitable for the roles they are
considered for, and to reduce the risk of theft, fraud, or misuse of the facilities
A8.2
During employment to ensure that all users are aware of information security
threats and concerns, their responsibilities and liabilities, are equipped to
support organizational security policy, and to reduce the risk of human error
A8.3
Termination or change of employment: To ensure that all users exit an
organization or change employment in an orderly manner
A8.3.1
Termination responsibilities
A8.3.2
Return of Assets
A8..3.3
Removal of Access Rights
A9
Physical and Environmental Security
A9.1
Secure Areas: To prevent unauthorized physical access, damage, and
interference to the organization's premises and information
A9.2
Equipment security: To prevent loss, damage, theft, or compromise of
assets and interruption to the organization's activities
A10
Communications and operations management
A10.1
Operational procedures and responsibilities: To ensure the correct and
secure operation of information processing facilities
A10.2
Third-party service delivery management
A10.3
System planning and acceptance: To minimize risks of system failures
A10.4
Protection against malicious and mobile code
A10.5
Back up
A10.6
Network security management
A10.7
Media Handling: To prevent the unauthorized disclosure, modification,
removal, or destruction of assets, and interruption to business activities
A11
Access control
A11.1
Business requirement for access control: To control access to information
A11.2
User Access Management: To ensure authorized users' access and to prevent
unauthorized access to information systems
A11.3
User responsibilities: To prevent unauthorized user access and compromise
or theft of information
A11.4
Network Access Control: To protect networked services from
unauthorized access
Search WWH ::
Custom Search