One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3611157 |
| Date de publication | 2021-11-05 13:07:47 (vue: 2021-11-05 01:05:24) |
| Titre | Topic-specific policies 12/11: concluding the series |
| Texte |  Congratulations on completing this cook's tour of the topic-specific information security policies in ISO/IEC 27002:2022 (forthcoming). Today we reach the end of the track, reflecting back on our journey and gazing forward to the next objective.Through the blog, we have stepped through the eleven topic-specific policy examples called out in clause 5.1, discussing various policy-related matters along the way: 0. Introduction: an initial overview of the classical 'policy pyramid'. 1. Access control: 'policy axioms' are key principles underpinning policies. 2. Physical and environmental security: ignore these aspects at your peril!3. Asset management: using templates/models to develop your policies.4. Information transfer: consider the business context for policies. 5. Networking security: risks associated with data and social networks.6. Information security incident management: unique or general?7. Backup: there's more to information risk management than cyber! 8. Cryptography and key management: important for |
| Envoyé | Oui |
| Condensat | 8 backup: information when 1 2 5 i management secure take 12/11: 150 27002 27002:2022 a coherent suite of about acceptable access achieve additional adopting align all almost along already although apparently approach appropriate are areas aside asking aspects asset associated atomic author available awareness away axioms back beats being believe benefits best blocks blog bottom building business but called can caused certainly classical classification clause clauses clear coherent com competent complement complete completing compliance comprehensive concluding confirm congratulations consider consistently construct constructing contemplate contemplating context control: controls cook corresponding costly costs could covered critically cryptography currently custom cyber dashing data debate described designing details develop developing development development: direction directly discussing documentation don dozen draft each early easily egypt eleven encourages end environmental especially ethics evolving examples experienced explain explicitly expressed finest firmly formalise forthcoming forward from full gazing general generic get good governance guidance guidelines half handling: happens has have having here high higher how hundreds ignore implicated important incident inclination include included including individual information infosec initial instructions integrated interpreting introduction: involved isn iso/iec iso27k journey just keen key landscape layers least level likely likewise links lots luck maintain maintaining maintenance makes managed management management: mandate many materials matter matters maximising may mentioned mere merrily metrics might minimising more most much need needs neither networking networks next not now numerous objective off offer one opportunities optimal organisation organisations oriented other out over overview page pages part particular patching peril physical piecemeal pieces please plus policies policy potential practice price principles priorities probably professional provided published pyramid reach refer reflecting related remainder required requirements research risk risk/security risks rival sale same satisfied scope secaware security security: sense sensibly series set similar simple since single situation: social some someone something specific squeeze standard standards starting step stepped studying sub substantial such suggested suit suite superficial support supporting sure take taking talking tandem technical templates templates/models than that them then there these think thinking those through time today too top topic touch tour track training transfer: twelve underpinning undertaking: unique updated use useful using usual value various vein verbal vulnerabilities: wasting way: 0 ways well what whatever when which whoever whole will within without work worth written year years yet you your |
| Tags | |
| Stories | APT 17 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.