Expert Advice Community

Guest

How ISO 27001 differentiates and classifies between security functional and non-functional requirements?

  Quote
Guest
Guest user Created:   Sep 23, 2020 Last commented:   Sep 23, 2020

How ISO 27001 differentiates and classifies between security functional and non-functional requirements?

I am browsing through your website for the ISO 27001 controls and was wondering if you could explain to me how ISO 27001 differentiates and classsifies between security functional and non-functional requirements?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 23, 2020

ISO 27001 does not make such differentiation between controls from its Annex A, but considering that functional requirements define what a system does or must not do, and non-functional requirements specify how a system should do it, then it is possible to differentiate and classify controls. For example:
- examples of functional security controls: A.9.1.1 Access control policy, and A.10.1.2 Key management (if these controls are not properly implemented security does not work)
- examples of non-functional security controls: A.12.1.3 Capacity management, and A.12.4.1 Event logging (if these controls are not properly implemented security performance is affected)


For further information, see:
- A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/01academy/emy/ademy/my/iso-27001-controls/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/01academy/emy/ademy/my/blog/14/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 23, 2020

Sep 23, 2020

Suggested Topics

Guest user Created:   Jul 21, 2021 ISO 27001 & 22301
Replies: 1
0 0

Vendor security clauses

Guest user Created:   Jul 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question on ISO 27001