A13 Communications Security

00:02

Listen 11.9 communications security

00:11

During this lesson,

00:12

we will understand control. Sit a 13

00:16

in relation to your SMS

00:18

I specifically going through the different controls

00:21

as well as some examples of evidence that your order to could request during your order, it

00:31

control said. A 13 communications security

00:35

is made up of two different control areas.

00:39

The first area is a 13.1

00:42

network security management.

00:45

This is made up of three controls.

00:49

These controls are

00:51

a 13.1 point one

00:54

network controls,

00:56

a 13.1 point two

00:59

security of network services

01:02

and a 13.1 point three

01:04

segregation in networks.

01:08

The next control area

01:11

is a 13.2

01:12

information transfer.

01:15

This control area consists of full controls.

01:19

These controls are

01:22

a 13.2 point one

01:25

information transfer policies and procedures,

01:30

a 13.2 point two

01:34

agreements on information transfer,

01:38

a 13.2 point three

01:41

Elektronik messaging

01:44

and a 13.2 point four

01:47

confidentiality or non disclosure agreements

01:52

for your first control area network security management.

01:57

Some examples of evidence that you can maintain include the following

02:01

network architecture diagrams,

02:05

especially ones that show how security is implemented on the network in terms of logical design,

02:13

any strategies, policies or procedures

02:16

that demonstrate your organization's approach to defining and implementing

02:22

distinct network security domains or zones.

02:28

For example, how you split up between your winds. Your DMS is your lands,

02:34

whether or not to separate your CCTV and called access networks

02:39

etcetera.

02:44

Additional information that could provide further details

02:49

include the types of routers and firewalls that you have used.

02:53

The fire will rule states that are implemented on your files,

02:58

the configurations of your VP ends, as well as the policies and procedures governing access to that.

03:06

How you manage your Internets and extra nets

03:09

if you have any cloud strategies,

03:13

all policies and procedures in place,

03:16

how you manage and segregate your WiFi and other wireless networks,

03:22

especially if you have a guest segment as well as an employee segment.

03:28

Other records that your order to could want to view during this control area

03:32

includes the operation of your network security teams

03:38

and alarms from your monitoring activities.

03:42

If incidents were detected during the period and how these were managed and responded Thio

03:49

Security administration activities,

03:52

including any network security audits,

03:53

penetration tests,

03:57

network change management,

03:59

and your network capacity and performance management

04:05

pertaining to information transfer.

04:09

The following documentation

04:11

could serve as evidence

04:14

your security strategies, policies and procedures

04:18

concerning the communication off valuable or sensitive or important information with other parties.

04:27

For example, if you need to share information with business suppliers, partners your customers.

04:32

Thanks

04:34

analysts, insurers, auditors whatever the case is,

04:39

what are the controls that you have in place to ensure that this information is shared securely?

04:46

This can include risk analysis,

04:48

having various contracts in place with these parties,

04:54

having mechanisms off identification.

04:57

Excuse me and authentication

05:00

of the recipients of the information

05:05

encryption of the information

05:08

and the methods in which it can be transferred.

05:12

Any logging and alerting associated with the transfer of this information

05:17

whether or not secure careers are used.

05:23

What type of delivery or confirmation receipt is used and implemented to confirm

05:29

and support non repudiation.

05:33

Whether you implement any checks such as check totals,

05:38

message counts,

05:40

well hashing

05:45

keep alive

05:46

heartbeat messages,

05:50

emergency contacts and so forth.

05:58

He lost control,

06:00

spoke about confidentiality or non disclosure agreements.

06:04

Those in itself would be evidence

06:06

it would be important to ensure

06:10

that you have appropriate nondisclosure agreements and confidentiality agreements in place

06:15

with any third party that is interacting with your organization

06:18

and specifically with

06:20

potentially sensitive information.

06:26

Your order to may also want to view confidentiality clauses

06:30

embedded in various agreements,

06:33

for example, in your employment contracts for your employees.

06:49

In this lesson,

06:51

we covered the to control areas

06:54

that make up control, set a 13 communications security.

07:00

We also went through some examples of evidence