Expert Advice Community

Home / ISO 27001 & 22301 / Controls A.9.3.1 and A.11.2.8

Guest

Controls A.9.3.1 and A.11.2.8

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Controls A.9.3.1 and A.11.2.8

ISO 27001 & 22301
I have questions regarding the following controls: A.9.3.1 and A.11.2.8 - I do not know in which cases can use them.
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.
Guest
DejanK Jan 12, 2016

Look at the control objective of the A.9.3: “To make users accountable for safeguarding their authentication information”, so the control A.9.3.1 is refer to best practices to protect the password, or the authentication information of the users (there are software tools to store and manage passwords).

On the other hand, the control A.11.2.8 is refer to unattended user equipment, it means that when a user leave his workstation, the system needs to be blocked (for example with a password).

This article will explain how to train your employees in such cases: 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
sourabh Created:   Nov 12, 2019 ISO 27001 & 22301
Replies: 3
0 0

Templates and applicable controls
Guest user Created:   Aug 29, 2023 ISO 27001 & 22301
Replies: 1
0 0

Controls in the SoA that so not show up in the Risk Assessment
Guest user Created:   May 22, 2023 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 doubt on applicability of controls