Smartphones in an ISMS environment
Assign topic to the user
Answer:
First of all, you have to perform a risk assessment to identify which risks related to smartphones you have to treat, and which legal requirements (e.g. clauses of contracts, laws or regulations) you have to fulfill. After that you have to identify proper controls to be implemented. In general, to protect smartphones and other mobile devices you have to consider the following controls:
- A.6.2.1 Mobile device policy
- A.6.2.2 Teleworking
- A.13.2.1 Information transfer policies and procedures
- A.13.2.3 Electronic messaging
Normally these are implemented through a BYOD policy, which you can see how it looks like at this link: https://advisera.com/27001academy/documentation/bring-your-own-device-byod-policy/
This article will provide you further explanation abou t BYOD policy:
- How to write an easy-to-use BYOD policy compliant with ISO 27001 https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/
Comment as guest or Sign in
Feb 25, 2019