iT邦幫忙

DAY 8
1

ISO 27001:2013 與ISO 27001:2005差異比較系列 第 8

ISO 27001:2013 與ISO 27001:2005差異比較#8

  • 分享至 

  • xImage
  •  

ISO 27001:2013 與ISO 27001:2005差異比較#4說明新版ISO27001/27002新增了12項控制措施(controls),將一一進行解說與分享:
A.9.2.2 User access provisioning
使用者存取規定
Control 控制措施
A formal user access provisioning process should be implemented to assign or revoke access rights for all user types to all systems and services.
宜實作正式使用者存取規定過程, 針對所有系統與服務之各類型使用者指定或撤回存取權限。
Implementation guidance實作指引

The provisioning process for assigning or revoking access rights granted to user IDs should include:
a) obtaining authorization from the owner of the information system or service for the use of the information system or service (see control 8.1.2); separate approval for access rights from management may also be appropriate;
b) verifying that the level of access granted is appropriate to the access policies (see 9.1) and is consistent with other requirements such as segregation of duties (see 6.1.2);
c) ensuring that access rights are not activated (e.g. by service providers) before authorization procedures are completed;
d) maintaining a central record of access rights granted to a user ID to access information systems and services;
e) adapting access rights of users who have changed roles or jobs and immediately removing or blocking access rights of users who have left the organization;
f ) periodically reviewing access rights with owners of the information systems or services (see 9.2.5).

新版的ISO 27001/27002將使用者存取規定描述更為仔細, 包括最好建立一個包含各個使用者存取各系統及服務權限的集中紀錄(central record).


上一篇
ISO 27001:2013 與ISO 27001:2005差異比較#7
下一篇
ISO 27001:2013 與ISO 27001:2005差異比較#9
系列文
ISO 27001:2013 與ISO 27001:2005差異比較31
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言