Filling toolkit templates
Assign topic to the user
Answer:
Labeling can be adapted to organization needs, so you can remove it, but you have to consider that without label the risks may increase, because it will be more difficult for people to identify the sensitivity of information and how to handle them properly. An alternative may be to have only two classification levels and label only the most sensitive information. This way you will reduce the need to label information.
For more information, see: Information classification according to ISO 27001 https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/
2. About document “A.9 access control “ in 08 annex A, can you guide us how to fill user profile section?
Answer:
Here is an example for user profile:
Name of system: Payroll module
User rights: Include records and edit records
Job titles have access rights according to this profile:
• Payroll analyst
Name of system: Payroll module
User rights: Delete records
Job titles have access rights according to this profile:
• Payroll manager
Name of system: Payroll module
User rights: View records
Job titles have access rights according to this profile:
• All employees
Network: Internal network
User rights: Upload and download files
Job titles have access rights according to this profile:
• All employees
Comment as guest or Sign in
Nov 13, 2018