Controls for IT department
Assign topic to the user
Answer:
I am not sure if I have understood what you need, but if your IT department is interested in a code of best practices, can be interesting for them ISO 27002. In ISO 27001 you can only see in the Annex A a brief description of 114 controls, but in the ISO 27002 you can find a guideline about how to implement each control.
Controls that are more related to IT, and from my point of view, that can be important for your IT department are: A.9 Access control, A.10 Cryptography, A.12 Operations security, A.13 Communications security, A.14 System acquisition, development and maintenance, and A.17 Information security aspects of business continuity management.
By the way, remember that with the implementation of ISO 27001, you need to identify risks and reduced them, and for this, you only need to select the controls that can help you to reduce these risks.
This article about the differences between ISO 27001 and ISO 27002 can be interesting for you “ISO 27001 vs. ISO 27002” : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
And also this article about the basic logic of ISO 27001 “The basic logic of ISO 27001: How does information security work?” : https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Finally, our online course can be also interesting for you because we talk with more details about the ISO 27001 and the controls of the Annex A “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 02, 2016