How to improve Information Security

How to improve Information Security

How to improve the information security of the organization– As per information security Management System Standard – ISO 27001 – there are 114 information security controls that have been identified. Out of 114 information security controls may not be applicable to the organization considering the nature of activities of the organization. So, while selecting the information security controls – the organization should look in the most applicable information Security controls – Then Develop the statement of applicability (SOA) and apply the information security controls in the organization. Once information security controls are implemented – Monitor the controls closely and see if the controls are suitable to meet the information security.

If the Information security Controls are working as per the objective of organization requirements of information security make it a standard practice. 

My last blog – I have explained how to implement information security control and explained the Few controls. Hope it was helpful for the reader to understand information security controls – If you have not read my last blog – kindly see the links – Information Security Controls.

In this blog 8 nos of Information security controls for your kind reference. I have tried to explain – what is information security controls and how to implements in the organization.

1. Physical entry controls – Organization need to implement the Physical entry control and that can help to maintain the proper data of every employee

There is some way to implement as below for physical entry

• Organizations need to use the Biometric box at the entrance.
• Organization need to fix the camera at the entrance
• The organization can use the entry digital entry register

• Cabling security, Equipment maintenance – organization need to take a NDA with everyone to control the cabling security and equipment maintenance.

• Network security – organization shall put the password in every network and that can help to protect from the internal and external visitor to access the network. In this control, we can cover the control like network controls, the security of network services, and segregation in the network.

There are some tools that can help us to control the network security:

Anti-malware software

Anomaly detection

Data loss prevent (DLP)

Email security

Endpoint security

Firewall

Network segmentation

Security information and event management (SIEM)

Virtual private network (VPN)

Web security

Wireless security

• Electronic messaging – This is a very big issue that needs to control by the organization at many stages like massaging through mobile, use of personal mail id, use of the social site (LinkedIn, Facebook, etc), and the organization has to control this by using of Antivirus.

There are some tools that can help to protect

• Antivirus / Firewall – it can help to block the all type of social media.

• Asset Management – The assets management comes in A.8 section and in this control, we can protect the many point’s i.e Responsibility of assets, inventory of assets ownership of assets acceptable use of assets, return of assets.

 – Every above control will be monitored by the IT Department to identify the next opportunities and development.

There is a way to control the all type of asset point

• Organization need to manage the datasheet of assets in an excel sheet with some specific points to be covered i.e.
• Product name/assets name
• Date of withdrawn
• Name of person
• Date of return
• Name of responsible person or authorized person
• Condition of product at the time of return

• Media handling – The media handling comes under the A8.3 section and in this control we can protect the data when the media is going to remove of dispose

There is some point need to be covered in this control

• The organization have all records of all media which are in use or removed
• After removable of media, they must be disposed of in a proper manner

• Access control – this point’s comes under A.9 Section and through the access control, organization can control the unauthorized person entry in any sector or in any network.

There is a way to control the all type of Access

• Put the password in all network
• Segregate the all network as per department
• Put the password in all type of folder
• Make a policy for access to another network

• Control of Operational software – this point comes under the A 12.5 Section and through this control will help to restrict the installation part in any system, which means no one can install any software on any system without any permission.

Hope these information security controls explained above help you to understand the implementation process for information security management in the organization for ISO 27001 Certification.

So, if your organization is preparing for ISO 27001 Certification or you are looking how to ISO 27001 Certified. This blog will be helpful to understand and develop the statement of applicability (SOA)

If you are Looking for more information about ISO 27001 Certification or how to apply for ISO 27001 Certification. Then this information Could be helpful to you. In case you need any further information on information security Controls – Keep follow us or write comments.