Access control

Considerando a norma ISO 27001, sugiro consultar os seguintes artigos da Advisera:

• How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
• Como a autenticação por dois fatores apoia a conformidade com os controles de acesso da ISO 27001 https://advisera.com/27001academy/pt-br/blog/2017/01/17/como-a-autenticacao-por-dois-fatores-apoia-a-conformidade-com-os-controles-de-acesso-da-iso-27001/
• The most common physical and network controls when implementing ISO 27001 in a data center https://advisera.com/27001academy/blog/2019/02/26/the-most-common-physical-and-network-controls-when-implementing-iso-27001-in-a-data-center/
• Como proteger contra ameaças externas e do meio ambiente de acordo com o controle A.11.1.4 da ISO 27001 https://advisera.com/27001academy/pt-br/blog/2016/01/27/como-proteger-contra-ameacas-externas-e-do-maio-ambiente-de-acordo-com-o-controle-a-11-1-4-da-iso-27001/

Considerando outras fontes, sugiro:

• NIST Special Publication 800-53 (Rev. 4) - Security and Privacy Controls for Federal Information Systems and Organizations https://nvd.nist.gov/800-53/Rev4/family/Physical%20and%20Environmental%20Protection

Este material também pode ajudar:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
• ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/