A.6 Organization of Information Security

iFour ConsultancyA6 : Organization of Information SecurityISO for Software Development Companies in India http://www.ifour-consultancy.com1The administrative structure of the organization and its relationships with external parties must promote effective management of all aspects of information security.Includes maintaining the security of the organization's information, its processing facilities, and any information or facilities that are accessed, processed, communicated to or managed by external parties.A.6 Organization of Information Security

Internal OrganizationMobile Devices and Teleworking

Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com

2A.6.1 Internal OrganizationObjective: To establish a management framework to initiate and control the implementation and operation of information security within the organization. NOTE: This is a generic structure chart. One should replace it by one describing a particular Organizations actual management structure for information security. Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com

3A.6.1 Internal Organization (Conti)Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com

4

A.6.1.1 Information Security Roles and Responsibilities Control: All information security responsibilities shall be defined and allocated.

Note: Before defining and allocating responsibility to individuals company should create Organizational chart.Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com

5A.6.1.2 Segregation of DutiesControl: Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organizations assets.

Two Primary Objectives:


6Control: Appropriate contacts with relevant authorities shall be maintained. A.6.1.3 Contact with AuthoritiesFollowing points could be included:


7

Control: Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. A.6.1.4 Contact with Special Interest Groups


8

A.6.1.5 Information Security in Project Management Control: Information security shall be addressed in project management, regardless of the type of the project.


9

A.6.2 Mobile Devices and TeleworkingObjective: To ensure the security of teleworking and use of mobile devices.Applicability

Mobile PhonesDesktop computers used off-premisesNotebook, palmtop computers and laptopMedia and portable storage devices Software Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com

10A.6.2.1 Mobile Device PolicyControl: A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices.


11A.6.2.2 Teleworking PolicyControl: A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites


12Management CommitmentsSoftware Development Companies in India ISO for Software Development Companies in India http://www.ifour-consultancy.com

13Referenceshttp://it.med.miami.edu/x2227.xmlhttp://it.med.miami.edu/x1771.xmlhttps://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CC4QFjAA&url=http%3A%2F%2Fwww.iso27001security.comiFour Consultancys ISMS policy documentation http://www.ifour-consultancy.comhttp://www.csoonline.com/article/2123120/it-audit/separation-of-duties-and-it-security.html


14

A.6 Organization of Information Security

Documents

india http

india iso

information security

organizations information

security of teleworking

specialist security

project management control

responsibilities control