Access Control
Access control is the set of rules and mechanisms used to decide who can access information and systems, what they can do, and how that access is approved, changed, reviewed, an...
ISO27001 domain with 11 resources grouped for implementation and audit work.
Domain guide
Start here for the ISMS model, Statement of Applicability, policy structure, roles, and core implementation concepts.
Guide + resources
Implementation context, reference notes, and explanatory material.
Access control is the set of rules and mechanisms used to decide who can access information and systems, what they can do, and how that access is approved, changed, reviewed, an...
Annex A is a reference set of information security controls. The organization uses it to make sure it has not overlooked relevant controls when treating risks.
Research note.
An information security policy is management's approved statement of what the organization expects for protecting information. It sets direction, assigns high-level expectations...
1. Clauses 4-10 — mandatory ISMS management-system requirements. 2. Annex A controls — a reference set of information security controls used for risk treatment and the Statement...
Research note.
This knowledge base contains expanded study notes for ISO/IEC 27001 and ISO/IEC 27002.
Management responsibilities means managers must make sure people follow the organization's information security policies, procedures, and role expectations. The security team ca...
Roles and responsibilities define who is accountable for information security activities, who performs them, who approves them, and who must be consulted or informed.
Segregation of duties means sensitive work should be split so one person cannot request, approve, perform, and review the same activity without independent control.
The Statement of Applicability, usually called the SoA, is the ISO/IEC 27001 control decision record.
Link to this domain with /research/iso27001/overview/ . Link directly to exact notes from any resource card above.