We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for
The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 7 is Access Control.
Access control is about managing direct access to:
Effective control ensures that staff have appropriate access to information and applications, and do not abuse it.
Management issues, such as periodic reviews of user accounts, can apply as much to IT systems as to physical access control systems. Confidentiality of information is best achieved by ensuring that people only have access to the information they actually need.
If access rules are too detailed, managing them will be very difficult. If they are too general, people will have access to information or applications that they will never need. A balance must be struck depending on:
Consideration of security issues during system design, development and procurement will greatly enhance effectiveness. Look for:
Use links below for further information:
ISO/IEC 27002 Section 1
ISO/IEC 27002 Section 2
ISO/IEC 27002 Section 3
ISO/IEC 27002 Section 4
ISO/IEC 27002 Section 5
IEC/IEC 27002 Section 6
ISO/IEC 27002 Section 8
ISO/IEC 27002 Section 9
ISO/IEC 27002 Section 10
ISO/IEC 27002 Section 11
ISO/IEC 27002 Explained
If you would like more background information about information security standards follow this link.