Would like to ask you an question about ISO:27002:2013 section 9.4.4. Use of privileged utility programs. Can explain what kind of policy we must make to conform to the standard?
Answer:
First you need to identify any software that you need in your organization for the activity of the business (generally installed in the system operative). Next step is to establish some rules related to the utility programs:
Delete (or not install) unnecessary utility programs
The installation of new utility programs can be only performed by authorized personnel
Create user/password for those utility programs where can access any people
Utility programs which have user/password: Create different users/password for different people (not unique user administrator or root for all
You can include these rules in an Access Control Policy, so maybe can be interesting for you our template Access Control Policy : https://advisera.com/27001academy/documentation/access-control-policy/
Finally, maybe can be interesting for you our online ISO 27 001 course "ISO 27001:2013 Foundations Course" : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 13, 2016