Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

ISO2700n and Mobile Devices

Does somebody has guidance how ISO27002 helps to make mobile devices secure. In other words, which are the ISO27002 requirements (mapping) that have a high priority for securing mobile devices. 
You must sign in to rate content.
(1 ratings)

Comments

RE: ISO2700n and Mobile Devices

Urs, over the years I have given a number of seminars for ISACA outlining alignment of 27002 to Mobile Technology. In my opinion, most of the factors are needed as this is just another operating system environment we need to manage.
These are what I think important:
 
ISO 27002 Controls Checklist
4 Risk Assessment And Treatment
4.1 Assessing Security Risks
4.2 Treating Security Risks
5 Security policy
6 Organization of Information Security
6.1.3 Allocation of security responsibilities
7 Asset Management
7.1 Responsibility for Assets
7.2 Information Classification
8.3 Termination Or Change Of Employment
8.3.2 Return of assets
8.3.3 Removal of access rights
9 Physical and Environmental Security
9.2.4  Equipment maintenance
9.2.6 Secure disposal or reuse of equipment
 
10 Communications and operations management
10.1 Operational procedures and responsibilities
10.1.2 Change Management
10.4 Protection Against Malicious And Mobile Code
10.5 Back-up
10.6 Network Security Management
10.7 Media Handling
10.7.1 Management of removable media
11.2 User Access Management
11.3 User Responsibilities
11.3.1 Password use
11.3.2 Unattended user equipment
11.7 Mobile Computing And Teleworking
11.7.1 Mobile computing and communications
11.7.2 Teleworking
 
12.6 Technical Vulnerability Management
12.6.1 Control of technical vulnerabilities
13.1 Reporting Info Sec Events And Weaknesses
13.1.1 Reporting information security events
14 Business Continuity Management
15.1 Compliance With Legal Requirements
15.2 Compliance With Security Policies And Standards, And Technical Compliance
lewisbLively at 4/4/2012 2:24:57 PM Quote
You must sign in to rate content.
(1 ratings)

RE: ISO2700n and Mobile Devices

Urs, over the years I have given a number of seminars for ISACA outlining alignment of 27002 to Mobile Technology. In my opinion, most of the factors are needed as this is just another operating system environment we need to manage.
These are what I think important:
 
ISO 27002 Controls Checklist
4 Risk Assessment And Treatment
4.1 Assessing Security Risks
4.2 Treating Security Risks
5 Security policy
6 Organization of Information Security
6.1.3 Allocation of security responsibilities
7 Asset Management
7.1 Responsibility for Assets
7.2 Information Classification
8.3 Termination Or Change Of Employment
8.3.2 Return of assets
8.3.3 Removal of access rights
9 Physical and Environmental Security
9.2.4  Equipment maintenance
9.2.6 Secure disposal or reuse of equipment
 
10 Communications and operations management
10.1 Operational procedures and responsibilities
10.1.2 Change Management
10.4 Protection Against Malicious And Mobile Code
10.5 Back-up
10.6 Network Security Management
10.7 Media Handling
10.7.1 Management of removable media
11.2 User Access Management
11.3 User Responsibilities
11.3.1 Password use
11.3.2 Unattended user equipment
11.7 Mobile Computing And Teleworking
11.7.1 Mobile computing and communications
11.7.2 Teleworking
 
12.6 Technical Vulnerability Management
12.6.1 Control of technical vulnerabilities
13.1 Reporting Info Sec Events And Weaknesses
13.1.1 Reporting information security events
14 Business Continuity Management
15.1 Compliance With Legal Requirements
15.2 Compliance With Security Policies And Standards, And Technical Compliance
lewisbLively at 4/4/2012 2:24:57 PM Quote
You must sign in to rate content.
(1 ratings)

RE: ISO2700n and Mobile Devices

Urs, over the years I have given a number of seminars for ISACA outlining alignment of 27002 to Mobile Technology. In my opinion, most of the factors are needed as this is just another operating system environment we need to manage.
These are what I think important:
 
ISO 27002 Controls Checklist
4 Risk Assessment And Treatment
4.1 Assessing Security Risks
4.2 Treating Security Risks
5 Security policy
6 Organization of Information Security
6.1.3 Allocation of security responsibilities
7 Asset Management
7.1 Responsibility for Assets
7.2 Information Classification
8.3 Termination Or Change Of Employment
8.3.2 Return of assets
8.3.3 Removal of access rights
9 Physical and Environmental Security
9.2.4  Equipment maintenance
9.2.6 Secure disposal or reuse of equipment
 
10 Communications and operations management
10.1 Operational procedures and responsibilities
10.1.2 Change Management
10.4 Protection Against Malicious And Mobile Code
10.5 Back-up
10.6 Network Security Management
10.7 Media Handling
10.7.1 Management of removable media
11.2 User Access Management
11.3 User Responsibilities
11.3.1 Password use
11.3.2 Unattended user equipment
11.7 Mobile Computing And Teleworking
11.7.1 Mobile computing and communications
11.7.2 Teleworking
 
12.6 Technical Vulnerability Management
12.6.1 Control of technical vulnerabilities
13.1 Reporting Info Sec Events And Weaknesses
13.1.1 Reporting information security events
14 Business Continuity Management
15.1 Compliance With Legal Requirements
15.2 Compliance With Security Policies And Standards, And Technical Compliance
lewisbLively at 4/4/2012 2:24:57 PM Quote
You must sign in to rate content.
(1 ratings)

Leave a Comment

* required

You must login to leave a comment.