Operations security
Assign topic to the user
Answer: Controls from section A.12 can be applied both to server systems and employees' equipment, although most of them are generally more applied to servers.
These articles will provide you further explanation about controls of section A.12:
- Implementing capacity management according to ISO 27001:2013 control A.12.1.3 https://advisera.com/27001academy/blog/2016/02/22/implementing-capacity-management-according-to-iso-270012013-control-a-12-1-3/
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
- Implementing restrictions on software installation using ISO 27001 control A.12.6.2 https://advisera.com/27001academy/blog/2016/02/08/implementing-restrictions-on-software-installation-using-iso-27001- control-a-12-6-2/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
These materials will also help you regarding controls of section A.12:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
2 - What are operational systems as per ISO 27001 ?
Answer: For ISO 27001, operational systems are considered any set of software, hardware, database and othrr related assets, used in production environments, i.e., programs, applications and equipment used daily to run the business activities.
Comment as guest or Sign in
Apr 12, 2018