iso 27001

All user accounts in use within organization should be domain accounts and not local accounts held on each workstation's local user account database. The benefit of implementing standard user naming convention are:

1. Enable administrator of the domain to better manage, support and secure the user accounts.
2. Facilitate ease of management and support

Download Free Access Control Supervision and Review

- Determine if the organization supervises and reviews the activities of users with respect to the enforcement and usage of information system access controls.

- Examine access control policy, procedures addressing supervision and review of access control enforcement and usage, security plan or other relevant documents; reviewing for the measures to be employed to supervise and review user activities with respect to the enforcement and usage of information system access controls.

Download Free ISO 27001/ISO17799 Wireless LAN Security Summary

1. Develop an agency security policy that addresses the use of wireless technology, including 802.11.
A security policy is the foundation on which other countermeasures—the operational and technical ones—are rationalized and implemented. A documented security policy allows an organization to define acceptable architecture, implementation, and uses for 802.11 wireless technologies.

2. Ensure that users on the network are fully trained in computer security awareness and the risks associated with wireless technology (e.g., 802.11).
A security awareness program helps users to establish good security practices to prevent inadvertent or malicious intrusions into an organization’s information systems.

Download free ISO 27001 Information Classification, Labelling and Handling (available in PDF and XLS format):

Objectives:
- The organization defines in the security plan, explicitly or by reference, its protected environment for media labeling requirements;
- The organization defines in the security plan, explicitly or by reference, media types and hardware components that are exempted from external labeling requirements; and
- The organization affixes external labels to removable information storage media and information system output not otherwise exempted from this labeling requirement, indicating the distribution limitations, handling caveats, and applicable security markings (if any) of the information.

Download free ISO 27001 Access Control Security Mechanism Checklists. This Access Control Checklist covers:

• Access control lists (ACLs). ACLs are posted centrally and implement access by representing the columns as lists of users attached to the protected objects. The speed of ACL searches can be increased by the use of user groups and wildcards. Also, groups make the management of ACLs easier. Access to the ACLs need to be controlled as tightly as the objects themselves or they can be manipulated.

• Capabilities. This involves the assignment of a required capability set to an object (file, directory, process, and so forth) such that only those subjects (users or processes)