Controls selection
Assign topic to the user
Answer: Considering your example the ISO 27001 controls that you should consider are:
- Control A.9.3.1 Use of secret authentication information (this control provides orientation on how to store secret authentication information)
- Control 9.2.3 Management of privileged access rights (this control provides orientation on how secret authentication information should be maintained when shared)
Both controls can help you to treat the mentioned risk.
This material will also help you regarding ISO 27001 controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Sep 20, 2017