This article provides an overview of security of communications as part of ISO 27002 compliance.
The objective of network security management is to ensure the protection of information in networks and its supporting information processing facilities.
The objective of information transfer is to maintain the security of information transferred within an organisation and with any external entity.
Network security management:
- Network controls – networks should be managed and controlled to protect information in systems and applications.
- Security of network services – security mechanisms, service levels and management requirements of all network services should be identified and included in network services agreements, whether these services are provided in-house or outsourced.
- Segregation in networks – groups of information services, users and information systems should be segregated on networks.
Information transfer:
- Information transfer policies and procedures – formal transfer policies, procedures and controls should be in place to protect the transfer of information through the use of all types of communication facilities.
- Agreements on information transfer – agreements should address the secure transfer of business information between the organisation and external parties.
- Electronic messaging – information involved in electronic messaging should be appropriately protected.
- Confidentiality or non-disclosure agreements – requirements for confidentiality or non-disclosure agreements reflecting the organisation’s need for the protection of information should be identified, regularly reviewed and documented.
For more information please contact Morland-Austin at info@morland-austin.com.