Answer: Cryptographic controls can be tested during information system development or operation. During development, you can ensure testing by applying controls from section A.14 (14.2.8 - System security testing and 14.2.9 - System acceptance testing), and for regular testing in operation, controls A.14.2.3 - Technical review of applications after operating platform changes and A.18.2.3 - Technical compliance review are good choices.
This article will provide you further explanation about security testing:
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/how-to-integrate-iso-27001-controls-into-the-system-software-development-life-cycle-sdlc/
- How to set security requirements and test systems according to ISO 27001 https://advisera.com/27001academy/blog/2016/01/11/how-to-set-security-requirements-and-test-systems-according-to-iso-27001/
These materials will also help you regarding security tes ting:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 13, 2017