The best way to understand Annex A is to think of it as a catalogue of information security controls you can select from – out of the 93 controls that are listed in Annex A, you can choose the ones that are applicable to your company’s scope. Controls related to physical security: 14.Controls related to organizational issues: 37.Here is a breakdown of what types of controls are included: There are 1 information security controls listed in Annex A of the current 2022 revision of the standard (compared to 114 from the previous 2013 revision of the standard). A.8 Technological controls: This section focuses on IT and communication controls.A.7 Physical controls: This section defines controls related to secure areas and equipment protection.A.6 People controls: This section focuses on controls related to secure management of human resources.A.5 Organizational controls: This section contains controls for setting the most important security processes and documentation. Here’s a short description of each of the four sections:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |