Use of cryptographic controls
Assign topic to the user
Answer: The control A.10.1.1 - Policy on the use of cryptographic controls defines the guidelines for the use of cryptographic technologies in an organization (e.g., which technologies to use, when, by whom, etc.). So, if you have cryptographic technologies in your organization (like the SSL certificate) you have to consider the implementation of this control to treat risks like:
- IT staff implementing SSL in different ways in different places because there is no general rule about the issue,
- Unauthorized people accessing cryptographic technologies, because there is no list defining who can use it
To have an idea about how a cryptographic policy looks like, I suggest you to take a look at the free demo of o ur Policy on the Use of Cryptographic Controls at this link: https://advisera.com/27001academy/documentation/policy-on-the-use-of-encryption/
This article will provide you further explanation about control A.10.1.1:
- How to use the cryptography according to ISO 27001 control A.10 https://advisera.com/27001academy/how-to-use-the-cryptography-according-to-iso-27001/
These materials will also help you regarding control A.10.1.1:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 31, 2018