Expert Advice Community

Guest

Firewall and suppliers

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Firewall and suppliers

0 0

Assign topic to the user

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

Guest
AntonioS Jan 12, 2016

1.  How to use ISO 27001 for an assessment around the firewall in a company.
2. How can I look into the governance around 3rd parties that the company work with, including those that they use for penetration testing (Using ISO 27001).
 

Answers:

Point 1:

The core of the ISO 27001 is the risk assessment & treatment, so you can think in a firewall as an asset (hardware type), so you can perform the risk assessment including the firewall as an asset. After the risk assessment, you will have the risk level related to the firewall (and you will need to perform the risk treatment).  I think that this free webinar can be interesting for you “The basics of risk assessment and treatment according to ISO 27001” : https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Also this article about how to use firewalls in ISO 27001 can be interesting for you “How to use firewalls in ISO 27001 and ISO 27002 implementation” : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/
 

Point 2:
Basically you will need a Supplier Security Policy, but for more information this article can be interesting for you “6-step process for handling supplier security according to ISO 27001” : https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics