Expert Advice Community

Guest

Infosec procedures

  Quote
Guest
Guest user Created:   Feb 14, 2022 Last commented:   Feb 14, 2022

Infosec procedures

I am looking for two procedures: Vulnerability Management and cryptographic / encryption key management. Vulnerability procedure on how many scan are necessary for each classification asset (critical, medium, etc), necessary work to do, documentation process, etc. Cryptographic on how to protect keys, private keys, emergency access to keys, encryption methods, code signing certificate, etc Baseline: ISO 27002 - 10.1.2 OWASP: Key Management Cheat Sheet (key life cycle management (generation, distribution, destruction) ; key compromise, recovery and zeroization ; key storage and key agreement)
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 14, 2022

Control A.10.1.2 is covered in our template Policy on the Use of Encryption. You can take a look at its demo at this link: https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/

A vulnerability procedure is not mandatory for ISO 27001 and is not a common document adopted by organizations, so there is no template covering the specific clause of the standard related to it (control A.12.6.1 - Management of technical vulnerabilities).

Control A.12.6.1 does not prescribe how many scans are necessary for each classification asset. You should define these based on the results of risk assessment and applicable legal requirements.

 This article will provide you with a further explanation about key management:

This article will provide you with a further explanation about vulnerability management:

For detailed processes and more technical reference you should consider NIST Special Publications:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 14, 2022

Feb 14, 2022