ISO 27001 Control A.7

A.7.1 Responsibility for assets Objective: To achieve and maintain appropriate protection of organizational assets. A.7.1.1 Inventory of assets Control All assets shall be clearly identified and an inventory of all important assets drawn up and maintained. A.7.1.2 Ownership of assets Control All information and assets associated with information processing facilities shall be ‘owned’ by a designated part of the organization. A.7.1.3 Acceptable use of assets Control Rules for the acceptable…

ISO 27001 Control A.6

A.6 Organization of information security A.6.1 Internal organization Objective: To manage information security within the organization. A.6.1.1 Management commitment to information security Control Management shall actively support security within the organization through clear direction, demonstrated commitment, explicit assignment, and acknowledgment of information security responsibilities. A.6.1.2 Information security coordination Control Information security activities shall be co-ordinated by representatives from different parts of the organization with relevant roles and job functions. A.6.1.3…

ISO 27001 Control A.5

A.5 Security Policies A.5.1 Information Security Policy To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5.1.1 Information Security Policy Document A set of policies must be defined, approved by management, published and communicated to employees and relevant external parties. The policies must be led by business needs, alongside the applicable regulations and legislation affecting the organisation too. These policies need…

GRC with RPA

What is Robotic Process Automation (RPA) According to gartner, RPA is the recalibration of human labor to drive business outcomes. RPA is low cost, it costs about 1/3rd of offshore and 1/5th of onshore employees. It is quick to implement and unobtrusive. It can work with zero human error. It is commonly used for reporting, accounts payable, customer feedback capture and sales quote preparation. What is Governance, Risk management and…

Enterprise Risk Management

  Risk Management (VRM) allows organizations to proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows – More secure organization with proactive management of IT security risks – Accurate identification and prioritization of vulnerability issues – Link audit procedures and results to enterprise risks and controls. – Assign, measure, and report on vulnerability program KPIs