A13 Communications Security

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:02
Listen 11.9 communications security
00:11
During this lesson,
00:12
we will understand control. Sit a 13
00:16
in relation to your SMS
00:18
I specifically going through the different controls
00:21
as well as some examples of evidence that your order to could request during your order, it
00:31
control said. A 13 communications security
00:35
is made up of two different control areas.
00:39
The first area is a 13.1
00:42
network security management.
00:45
This is made up of three controls.
00:49
These controls are
00:51
a 13.1 point one
00:54
network controls,
00:56
a 13.1 point two
00:59
security of network services
01:02
and a 13.1 point three
01:04
segregation in networks.
01:08
The next control area
01:11
is a 13.2
01:12
information transfer.
01:15
This control area consists of full controls.
01:19
These controls are
01:22
a 13.2 point one
01:25
information transfer policies and procedures,
01:30
a 13.2 point two
01:34
agreements on information transfer,
01:38
a 13.2 point three
01:41
Elektronik messaging
01:44
and a 13.2 point four
01:47
confidentiality or non disclosure agreements
01:52
for your first control area network security management.
01:57
Some examples of evidence that you can maintain include the following
02:01
network architecture diagrams,
02:05
especially ones that show how security is implemented on the network in terms of logical design,
02:13
any strategies, policies or procedures
02:16
that demonstrate your organization's approach to defining and implementing
02:22
distinct network security domains or zones.
02:28
For example, how you split up between your winds. Your DMS is your lands,
02:34
whether or not to separate your CCTV and called access networks
02:39
etcetera.
02:44
Additional information that could provide further details
02:49
include the types of routers and firewalls that you have used.
02:53
The fire will rule states that are implemented on your files,
02:58
the configurations of your VP ends, as well as the policies and procedures governing access to that.
03:06
How you manage your Internets and extra nets
03:09
if you have any cloud strategies,
03:13
all policies and procedures in place,
03:16
how you manage and segregate your WiFi and other wireless networks,
03:22
especially if you have a guest segment as well as an employee segment.
03:28
Other records that your order to could want to view during this control area
03:32
includes the operation of your network security teams
03:38
and alarms from your monitoring activities.
03:42
If incidents were detected during the period and how these were managed and responded Thio
03:49
Security administration activities,
03:52
including any network security audits,
03:53
penetration tests,
03:57
network change management,
03:59
and your network capacity and performance management
04:05
pertaining to information transfer.
04:09
The following documentation
04:11
could serve as evidence
04:14
your security strategies, policies and procedures
04:18
concerning the communication off valuable or sensitive or important information with other parties.
04:27
For example, if you need to share information with business suppliers, partners your customers.
04:32
Thanks
04:34
analysts, insurers, auditors whatever the case is,
04:39
what are the controls that you have in place to ensure that this information is shared securely?
04:46
This can include risk analysis,
04:48
having various contracts in place with these parties,
04:54
having mechanisms off identification.
04:57
Excuse me and authentication
05:00
of the recipients of the information
05:05
encryption of the information
05:08
and the methods in which it can be transferred.
05:12
Any logging and alerting associated with the transfer of this information
05:17
whether or not secure careers are used.
05:23
What type of delivery or confirmation receipt is used and implemented to confirm
05:29
and support non repudiation.
05:33
Whether you implement any checks such as check totals,
05:38
message counts,
05:40
well hashing
05:45
keep alive
05:46
heartbeat messages,
05:50
emergency contacts and so forth.
05:58
He lost control,
06:00
spoke about confidentiality or non disclosure agreements.
06:04
Those in itself would be evidence
06:06
it would be important to ensure
06:10
that you have appropriate nondisclosure agreements and confidentiality agreements in place
06:15
with any third party that is interacting with your organization
06:18
and specifically with
06:20
potentially sensitive information.
06:26
Your order to may also want to view confidentiality clauses
06:30
embedded in various agreements,
06:33
for example, in your employment contracts for your employees.
06:49
In this lesson,
06:51
we covered the to control areas
06:54
that make up control, set a 13 communications security.
07:00
We also went through some examples of evidence
07:03
that could be used during an audit.
Up Next
ISO 27001:2013 - Information Security Management Systems

The ISO 27001:2013 - Information Security Management Systems course provides students with insights into the detail and practical understandings meant by the various clauses in the ISO 27001 Standard.

Instructed By