Expert Advice Community

Guest

Controls 10.1.1 + 10.1.2

  Quote
Guest
Guest user Created:   Nov 17, 2022 Last commented:   Nov 17, 2022

Controls 10.1.1 + 10.1.2

1 - Working for a company that does not store any of the data in house and handles software development in github, how would we apply cryptography?

2 - I understand you need certain processes to include encryption, but I don't quite see where I could use it.

3 - We use SSH tunnels for an encrypted connection from computers into secure coding environments, but how could we use this in our policy?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 17, 2022

1 - Working for a company that does not store any of the data in house and handles software development in github, how would we apply cryptography?

We are not GitHub experts, so our recommendation to you is to consult GitHub staff to see how to apply cryptography to data at rest in your repositories.
Maybe these links can provide some information:  

2 - I understand you need certain processes to include encryption, but I don't quite see where I could use it.

You can use the results of risk assessment and identified applicable legal requirements (e.g., laws, regulations, and contracts), to build an understanding of where to apply cryptography.

For example, from a contract with a customer, you can identify a clause demanding that all codes developed for that customer must be encrypted, or the results of risk assessment demonstrate that a specific module represents a competitive advantage to your company, so keeping the confidentiality of that code through encryption can be a solution.

For further information, see:

3 - We use SSH tunnels for an encrypted connection from computers into secure coding environments, but how could we use this in our policy?

You can define the use of SSH tunnels in section 3.1 of the Cryptographic Policy. For example:

https://i.imgur.com/UGihIZK.png

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 17, 2022

Nov 17, 2022