Controls A.9.3.1 and A.11.2.8
Assign topic to the user
Look at the control objective of the A.9.3: To make users accountable for safeguarding their authentication information, so the control A.9.3.1 is refer to best practices to protect the password, or the authentication information of the users (there are software tools to store and manage passwords).
On the other hand, the control A.11.2.8 is refer to unattended user equipment, it means that when a user leave his workstation, the system needs to be blocked (for example with a password).
This article will explain how to train your employees in such cases: 8 Security Practices to Use in Your Employee Training and Awareness Program https://advisera.com/27001academy/blog/2015/03/02/8-security-practices-to-use-in-your-employee-training-and-awareness-program/
Comment as guest or Sign in
Jan 12, 2016