During employment (Controls 6.3–6.6)

Contents

• Introduction Introduction

  • Introduction to the Annex A controls

    51s
• 1. Governance 1. Governance

  • Policies for information security (Control 5.1)

    4m 58s
  • Roles, responsibilities, and duties (Controls 5.2–5.4)

    4m 13s
  • Contacts and project management (Controls 5.5, 5.6, and 5.8)

    4m 39s
• 2. Asset Management 2. Asset Management

  • (Locked)
    Responsibility for information assets (Controls 5.9, 5.10, 6.7, and 8.1)

    4m 54s
  • (Locked)
    Asset security procedures (Controls 5.11, 5.14, and 5.37)

    3m 52s
• 3. Information Protection 3. Information Protection

  • (Locked)
    Classification, labeling, and privacy (Controls 5.12, 5.13, and 5.34)

    4m 30s
  • (Locked)
    Deletion, masking, DLP, and test data (Controls 8.10–8.12, and 8.33)

    5m 40s
• 4. Identity and Access Management 4. Identity and Access Management

  • (Locked)
    Access management (Controls 5.15–5.18)

    5m 14s
  • (Locked)
    System and application access control (Controls 8.2–8.5)

    4m 50s
• 5. Supplier Relationships Security 5. Supplier Relationships Security

  • (Locked)
    Supplier relationships security (Controls 5.19–5.21)

    4m 31s
  • (Locked)
    Managing supplier service delivery and cloud services security (Controls 5.22 and 5.23)

    4m 6s
• 6. Information Security Event Management 6. Information Security Event Management

  • (Locked)
    Information security incident management (Controls 5.24–5.28, and 6.8)

    5m 43s
  • (Locked)
    Logging and monitoring (Controls 8.15–8.17)

    4m 17s
• 7. Continuity 7. Continuity

  • (Locked)
    Continuity (Controls 5.29, 5.30, and 8.13)

    5m 3s
  • (Locked)
    Backup and availability (Controls 8.13 and 8.14)

    2m 27s
• 8. Legal, Compliance, and Security Assurance 8. Legal, Compliance, and Security Assurance

  • (Locked)
    Legal and compliance (Controls 5.31–5.33)

    3m 24s
  • (Locked)
    Information security assurance (Control 5.35 and 5.36)

    2m 54s
• 9. Human Resource Security 9. Human Resource Security

  • (Locked)
    Prior to employment (Controls 6.1 and 6.2)

    3m 12s
  • (Locked)
    During employment (Controls 6.3–6.6)

    5m 31s
• 10. Physical Security 10. Physical Security

  • (Locked)
    Ensuring authorized access (Controls 7.1–7.3)

    2m 47s
  • (Locked)
    Protecting secure areas (Controls 7.4–7.6)

    3m 4s
  • (Locked)
    Equipment security (Controls 7.7–7.10)

    3m 53s
  • (Locked)
    Utilities, cabling, and equipment management (Controls 7.11–7.14)

    3m 36s
• 11. System and Network Security 11. System and Network Security

  • (Locked)
    Network security management (Controls 8.20–8.23)

    4m 53s
  • (Locked)
    Protection of information systems (Controls 8.7, 8.18, 8.30, and 8.34)

    5m
• 12. Threat and Vulnerability Management and Secure Configuration 12. Threat and Vulnerability Management and Secure Configuration

  • (Locked)
    Threat and vulnerability management (Controls 5.7 and 8.8)

    4m 20s
  • (Locked)
    Secure configuration (Controls 8.9, 8.19, and 8.24)

    5m 47s
• 13. Application Security 13. Application Security

  • (Locked)
    Secure development (Controls 8.25–8.28)

    5m 36s
  • (Locked)
    Testing, separate environments, and change management (Controls 8.29, 8.31, and 8.32)

    5m 38s
• Conclusion Conclusion

  • (Locked)
    Achieving ISO 27001 compliance

    1m 36s