Control: 14.1.3 - Protecting application services transactions
Assign topic to the user
Control: Information involved in application service transactions shall be protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay.
Could you please tell me what exactly are “application services transactions”, with a practical example ?
I googled it a bit but I cannot find any satisfactory explanation.
Answer: "Application services transactions" are basically all information exchanged between systems in a client-service structure (where part of the system is under control of the user, the other is under control of the application owner, and both are interconnected by a communication link).
Practical examples are Internet banking applications, social networks, corporate systems remotely accessed, etc.
This control is incuding two items involving "message" as 1)how unauthorized message alteration will be prevented
2)how unauthorized message duplication will be prevented. Does it mean those two items are required if your appliaction has a capability to send messages?
Please note that these items must be implemented only if:
- There are unacceptable risks demanding the implementation of the items
- There are legal requirements demanding the implementation oitemsf the
- There is a top management decision demanding the implementation of the items
If none of the above occurs, you do not need to implement these items.
Considering that, you have to verify what of the above conditions occurs to each item to define which one, or both, will be implemented.
This article will provide you further explanation about selecting controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
This material will also help you regarding selecting controls:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 12, 2019