iso 270001 management clause - 8
TRANSCRIPT
iFour Consultancy
ISMS Framework: Clause 8 – Asset Management
ISO 27001:2013 has classified the Asset Management into:Clause A.8.1: Responsibility for Assets Clause A.8.2: Information ClassificationClause A.8.3: Media Handling
Asset Management – ISMS Requirements
ISO for Software Outsourcing Companies in India
A.8.3.1 Management of removable media
A.8.3.2 Disposal of media
A.8.3.3 Physical media transfer
Clause A.8.3: Media Handling
ISO for Software Outsourcing Companies in India
To prevent unauthorized disclosure, modification, removal or destruction of information stored on media.
Clause A.8.3: Media Handling
Objective
Organization shall Integrate necessary controls to manage media items, whether tapes, disks, flash disks, or removable hard drives, CDs, DVDs, or printed media, to ensure the integrity and confidentiality of data
Guidelines shall be developed and implemented to ensure that media are used, maintained, and transported in a safe and controlled manner
Procedures to erase media if no longer needed, to ensure information is not leaked, are also important.
A.8.3.1 Management of removable media
ISO for Software Outsourcing Companies in India
Control• Procedures shall be implemented for the management of removal media in accordance with the
classification scheme adopted by the organization.
A.8.3.2 Disposal of media
Procedures for handling classified information should cover the appropriate means of its destruction and disposal.
Serious breaches of confidentiality occur when apparently worthless disks, tapes, or paper files are dumped without proper regard to their destruction.
The best way to dispose data is to destroy it.
Control• Media shall be disposed of securely when no longer required, using formal procedures.
A.8.3.3 Physical media transfer
Control
• Media containing information shall be protected against unauthorized access, misuse or corruption during transportation.
https://spaces.internet2.edu/display/2014infosecurityguide/Asset+Management
References
ISO for Software Outsourcing Companies in India
Visit our websites :
http://www.ifour-consultancy.com http://www.ifourtechnolab.com
For more details :
ISO for Software Outsourcing Companies in India
THANK YOU