Listen 11.9 communications security
we will understand control. Sit a 13
in relation to your SMS
I specifically going through the different controls
as well as some examples of evidence that your order to could request during your order, it
control said. A 13 communications security
is made up of two different control areas.
The first area is a 13.1
network security management.
This is made up of three controls.
security of network services
and a 13.1 point three
segregation in networks.
The next control area
This control area consists of full controls.
information transfer policies and procedures,
agreements on information transfer,
and a 13.2 point four
confidentiality or non disclosure agreements
for your first control area network security management.
Some examples of evidence that you can maintain include the following
network architecture diagrams,
especially ones that show how security is implemented on the network in terms of logical design,
any strategies, policies or procedures
that demonstrate your organization's approach to defining and implementing
distinct network security domains or zones.
For example, how you split up between your winds. Your DMS is your lands,
whether or not to separate your CCTV and called access networks
Additional information that could provide further details
include the types of routers and firewalls that you have used.
The fire will rule states that are implemented on your files,
the configurations of your VP ends, as well as the policies and procedures governing access to that.
How you manage your Internets and extra nets
if you have any cloud strategies,
all policies and procedures in place,
how you manage and segregate your WiFi and other wireless networks,
especially if you have a guest segment as well as an employee segment.
Other records that your order to could want to view during this control area
includes the operation of your network security teams
and alarms from your monitoring activities.
If incidents were detected during the period and how these were managed and responded Thio
Security administration activities,
including any network security audits,
network change management,
and your network capacity and performance management
pertaining to information transfer.
The following documentation
could serve as evidence
your security strategies, policies and procedures
concerning the communication off valuable or sensitive or important information with other parties.
For example, if you need to share information with business suppliers, partners your customers.
analysts, insurers, auditors whatever the case is,
what are the controls that you have in place to ensure that this information is shared securely?
This can include risk analysis,
having various contracts in place with these parties,
having mechanisms off identification.
Excuse me and authentication
of the recipients of the information
encryption of the information
and the methods in which it can be transferred.
Any logging and alerting associated with the transfer of this information
whether or not secure careers are used.
What type of delivery or confirmation receipt is used and implemented to confirm
and support non repudiation.
Whether you implement any checks such as check totals,
emergency contacts and so forth.
spoke about confidentiality or non disclosure agreements.
Those in itself would be evidence
it would be important to ensure
that you have appropriate nondisclosure agreements and confidentiality agreements in place
with any third party that is interacting with your organization
and specifically with
potentially sensitive information.
Your order to may also want to view confidentiality clauses
embedded in various agreements,
for example, in your employment contracts for your employees.
we covered the to control areas
that make up control, set a 13 communications security.
We also went through some examples of evidence
that could be used during an audit.