Blog Feed

CHFI

Tracks & Advanced Format of Sectors

info savvy

Tracks & Advanced Format of Sectors In this article explain hard disk track and diffrent andvance format of sector and there uses.

Tracks

Platters have two surfaces, and each surface divides into concentric circles called tracks. They store all the information on a hard disk. Tracks on the platter partition hold large chunks of data. A modern hard disk contains tens of thousands of tracks on each platter. The rolling heads read and write from the inner to outermost part of the disk. This kind of data arrangement enables easy access to any part of the disk; therefore, hard disks get the moniker as random access storage devices.

Each track contains a number of smaller units called sectors. Every platter has the same track density. The track density refers to the compactness of the track circles so that it can hold maximum number of bits within each unit area on the surface of the platter. It also determines the storage capacity of data on the hard disk. It is a component of area density in terms of capacity and performance.

Sector

Tracks contain smaller divisions called sectors, and these sectors are the smallest physical storage units located on a hard disk platter. “Sector” is a mathematical term denoting the “pie-shaped” or angular part of the circle, surrounded by the perimeter of the circle between two radii. Each sector normally stores 512 bytes of data, with additional bytes utilized for internal drive control and for error correction and detection. This added information helps to control the drive, store the data, and perform error detection and correction. A group of sectors combines in a concentric circle to form a track. The group of tracks combines to form a surface of the disk platter. The contents of a sector are as follows:

  • ID information: It contains the sector number and location that identify sectors on the disk. It also contains status information of the sectors
  • Synchronization fields: The drive controller drives the read process using these fields
  • Data: it is the information stored on the sector
  • ECC: This code ensures integrity of the data
  • Gaps: Spaces used to provide time for the controller to continue the read process

Related Product : Computer Hacking Forensic Investigator | CHFI

These elements constitute sector overhead. It is an important determinant in calculating time taken for accessing. As the hard disk uses bits for disk or data management, overhead size must be very less for higher efficiency. The file on a disk stores the data in a contiguous series for optimal space usage, while the system allocates sectors for the file according to the size of the file. If file size is 600 bytes, then it allocates two sectors, each of 512 bytes. The track number and the sector number refer to the address of any data on the hard disk.

Advanced Format: Sectors

New hard drives use 4096 byte (4 KB or 4 K) advanced format sectors. This format uses the storage surface media of a disk efficiently by merging eight 512-byte sectors into one single sector (4096 bytes). The structure of a 4K sector maintains the design elements of the 512-byte sector with representation of the beginning and the error correction coding (ECC) area with the identification and synchronization characters, respectively. The 4K sector technology removes redundant header areas, lying between the sectors.

Clusters

Clusters are the smallest accessible storage units on the hard disk. The file systems divide the volume of data stored on the disk into discreet chunks of data for greater performance and efficient disk usage. Clusters form by combining sectors in order to ease the process of handling files. Also called allocation units, the dusters are sets of tracks and sectors ranging from 2 to 32, or more, depending on the formatting scheme. The file allocation systems must be flexible in order to allocate the required sectors to files. It can be the size of one sector per cluster. Any read or write will consume the minimum space of one cluster.

To store a file, the file system should assign the required number of clusters to them. The cluster size totally depends on the disk volume. For disk volumes, each cluster varies in size from four to 64 sectors. In some cases, a cluster size may be of 128 sectors. The sectors located in a cluster are continuous. Therefore, every cluster is a continuous chunk of space on the hard disk. In a cluster, when the file system stores a file relatively smaller than size of the cluster, extra space gets wasted and called as slack space.

Cluster Size:

Cluster sizing has a significant impact on the performance of an operating system and disk utilization. Disk partitioning determines the size of a cluster and larger volumes use larger cluster sizes. The system can change the cluster size of an existing partition to enhance performance. If the cluster size is 8192 bytes, to store a file of 5000 bytes, the file system allocates whole duster to the file and allocates two clusters of 16,384 bytes if the file size is 10,000 bytes. This is why cluster size plays a vital role in maximizing the efficient use of the disk.

By using a large cluster size, the fragmentation problem diminishes, but it will greatly increase the chances of unused space. The file system, running on the computer, maintains the cluster entries.

Clusters form chains on the disk using continuous numbers for which it is not required to store the entire file in one continuous block on the disk. The file system can store it in pieces located anywhere on the disk as well as moue it anywhere after creating the file. This cluster chaining is invisible to the operating system.

Read More : https://info-savvy.com/tracks-advanced-format-of-sectors/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

ISO 27001

ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity

info savvy

Control- ISO 27001 Annex : A.17.1.3 Verify, Review and Evaluate Information Security Continuity In order to ensure accurate and productive to adverse circumstances, the company must review on-going controls on safety information defined and enforced at regular intervals.

Implementation Guidance- Changes in organizational, technological, administrative and procedures, whether operational or framework, will lead to changes in the criteria for the continuity of information security. In such cases, the continuity of information security processes, procedures and controls against these changed requirements should be reviewed.

“It is far better to foresee without certainty than not to foresee at all”
– Henri Poincare

Organizations will track the consistency of their management of information security by:

  • Exercise and test the reliability of systems, procedures, and controls for the protection of information in compliance with objectives of information continuity;
  • Exercise and test expertise and routine in the systems, procedures and controls of information security continuity to ensure that its output is in line with the objectives for information security continuity;
  • Continuity of information infrastructure, information security mechanisms, policies and controls, and business continuity management/disaster recovery methods and strategies tests the quality and efficacy of information security initiatives.

Related Product :  ISO 27001 Lead Auditor Training And Certification ISMS

Verifying continuity controls in information security varies from testing and monitoring in general information security which should be carried outside of changes testing. Where appropriate, testing of Information Security Continuity controls with client business continuity or disaster recovery checks are preferred.

A well-known ISO 27001 Lead Auditor and ISO 27001 Lead Implementer certificate that mainly covers information security clauses and their implementation, i.e., controls which should be implemented by the organization to preserve the CIA triad, Confidentiality, Integrity, and Availability to maintain their critical, sensitive information in a secure manner. Infosavvy , an institute in Mumbai conducts training and certification for multiple domains in Information Security which includes IRCA CQI ISO 27001:2013 Lead Auditor (LA)ISO 27001 Lead Implementer (LI) (TÜV SÜD Certification). Infosavvy will help you to understand and recognize the full scope of your organization’s security checks to protect your organization’s activities and information equipment (assets) from attacks, and to ensure the continuity of information security should be integrated into the business continuity management processes of the organization. We have trainers with extensive expertise and experience to ensure the efficient handling of the security of information. Consequently, the applicant will gain the necessary skills for the ISMS audit by using commonly agreed audit concepts, procedures, and techniques.

Read More : https://info-savvy.com/iso-27001-annex-a-17-1-3-verify-review-and-evaluate-information-security-continuity/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

CHFI

Hard Disk Interfaces

info savvy

Hard Disk Interfaces in this the hard disk drive connects to the PC using an interface. There are various types of interfaces: IDE, SATA, Fiber Channel, SCSI, etc.

1. ATA DATA (IDE/EIDE)

IDE (Integrated Drive Electronics) is a standard electronic interface used between a computer motherboard’s data paths or bus and the computer’s disk storage devices, such as hard drives and CD-ROM/DVD drives. The IBM PC Industry Standard Architecture (ISA) 16-bit bus standard is base for the IDE interface, which offers connectivity in computers that use other bus standards. ATA (Advanced Technology Attachment) is the official American National Standards Institute’s (ANSI) name of Integrated Drive Electronics (IDE).

2. Parallel ATA:

PATA, based on parallel signaling technology, offers a controller on the disk drive itself and thereby eliminates the need for a separate adaptor card. Parallel ATA standards only allow cable lengths up to 46 centimeters (18 inches).

Features of PATA:

  • Relatively inexpensive
  • Easy to configure
  • Allows look-ahead caching

Related Product : Computer Hacking Forensic Investigator | CHFI

3. Enhanced Integrated Drive Electronics (EIDE)

Most computers sold today use an enhanced version of IDE called Enhanced Integrated Drive Electronics (EIDE). IDE drives connect with PCs, using an IDE host adapter card. The IDE controller in modern computers is a built-in feature on the motherboard itself. Enhanced IDE is an extension to the IDE interface that supports the ATA-2 and ATAPI standards.

Two types of Enhanced IDE sockets are present on the motherboard. A socket connects two drives, namely, 80 wire cables for fast hard drives and a 40-pin ribbon cable for CD-ROMs/DVD­RUMs.

Enhanced or Expanded IDE is a standard electronic interface, connecting a computer’s motherboard to its storage drives. EIDE can address a hard disk bigger than 528 Mbytes and allows quick access to the hard drive as well as provides support for Direct Memory Access (DMA) and additional drives like tape devices, CD-ROM, etc. While updating the computer system with bigger hard drive, insert the EIDE controller in the system card slot.

The EIDE can access drives larger than 528 Mbytes using a 28-bit Logical Block Address RBA) to indicate the actual head, sector, and cylinder locations of the disk data. The 28-bit Logical Block Address provides the information, which is enough to denote unique sectors for an 8.4 GB device.

4. Serial ATA

Serial ATA (SATA) offers a point-to-point channel between the motherboard and drive. The cables in SATA are shorter in length as compared to PATA. It uses four-wire shielded cable that can be maximum one meter in length. SATA cables are more flexible, thinner, and less massive than the ribbon cables, required for conventional PATA hard drives.

Features of SAM:

  • Operates with great speed
  • Easy to connect to storage devices
  • Easy to configure
  • Transfers data at a speed of 1.5 Gbps (SATA revision 1.0) and 6 Gbps (SATA revision 3)

Drive and motherboard connectivity through a SATA point-to-point channel is based on serial signaling technology. This technology enables data transfer of about 1.5 Gbps in a half-duplex channel mode.

Also Read : Logical & Physical Structure of a Hard Disk

5. SCSI

SCSI is a set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives, CD-ROM drives, printers, and scanners. Developed by Apple Computer and still used in the Macintosh, the present sets of SCSls are parallel interfaces. SCSI ports continue to come as built-in feature in various personal computers today and gather supports from all major operating systems.

In addition to faster data rates, SCSI is more flexible than earlier parallel data transfer interfaces. SCSI allows up to 7 or 15 devices (depending on the bus width) to be connected to a single SCSI port in daisy-chain fashion. This allows one circuit board or card to accommodate all the peripherals, rather than having a separate card for each device, making it an ideal interface for use with portable and notebook computers. A single host adapter, in the form of a PC card, can serve as a SCSI interface for a laptop, freeing up the parallel and serial ports for use with an external modem and printer while allowing usage of other devices in addition.

Read More : https://info-savvy.com/hard-disk-interfaces/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

CHFI

Logical & Physical Structure of a Hard Disk

info savvy

 In this article explain Logical & Physical Structure of a Hard Disk there components uses.

Physical Structure of a Hard Disk

The main components of hard disk drive are:

  • Platters: These are disk like structures present on the hard disk, stacked one above the other and store the data
  • Head: It is a device present on the arm of the hard drive that reads or writes data on the magnetic platters, mounted on the surface of the drive
  • Spindle: It is the spinning shaft on which holds the platters in a fixed position such that it is feasible for the read/write arms to get the data on the disks
  • Actuator: It is a device, consisting of the read-write head that moves over the hard disk con to save or retrieve information
  • Cylinder These are the circular tracks present on the platters of the disk drive at equal distances from the center

Related Product : Computer Hacking Forensic Investigator | CHFI

Physical Structure of a Hard Disk (Cont’d)

A hard disk contains a stack of platters, circular metal disks that are mounted inside the hard disk drive and coated with magnetic material, sealed in a metal case or unit. Fixed in a horizontal or vertical position, the hard disk has electromagnetic read or write heads above and below the platters. The surface of the disk consists of a number of concentric rings called as tracks; each of these tracks has smaller partitions called disk blocks. The size of each disk block is 512 bytes (0.5 KB). The track numbering starts with zero. When the platter rotates, the heads record data in tracks. A 3.5-inch hard disk can contain about thousand tracks.

The spindle holds the platters in a fixed position such that it is feasible for the read/write arms to get the data on the disks. These platters rotate at a constant speed while the drive head, positioned close to the center of the disk, reads the data slowly from the surface of the disk compared to the outer edges of the disk. To maintain integrity of data, the head is reading at a particular period of time from any drive head position. The tracks at the outer edges of the disk have less densely populated sectors compared to the tracks close to the center of the disk.

The disk fills the space based on a standard plan. One side of the first platter contains space, reserved for hardware track-positioning information which is not available to the operating system. The disk controller uses the track-positioning information to place the drive heads in the correct sector position.

The hard disk records the data using the zoned bit recording technique, also known as multiple zone recording. This method combines the areas on the hard disk together as zones, depending on the distance from the center of the disk. A zone contains certain number of sectors per track.

Calculation of data density of disk drives is done in the following terms:

  • Track density: Refers to the number of tracks in a hard disk
  • Area density: Area density is the platters’ storage capacity in bits per square inch
  • Bit density: It is bits per unit length of track

Read More : https://info-savvy.com/logical-physical-structure-of-a-hard-disk/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

CHFI

Discribe the different types of Disk and there characterstics

info savvy

In this article explain Discribe the different types of Disk and there characterstics & uses. Disk Drive is a digital data storage device that uses different storage mechanisms such as mechanical, electronic, magnetic, and optical to store the data. It is addressable and rewritable to support changes and modification of data. Depending on the type of media and mechanism of reading and writing the data, the different types of disk drives are as follows:

  • Magnetic Storage Devices: Magnetic storage devices store data using magnets to read and write the data by manipulating magnetic fields on the storage medium. These are mechanical devices with components moving to store or read the data. Few other examples include floppy disks, magnetic tapes, etc.
    In these types of hard disks, the disks inside the media rotate at high speed and heads in the disk drive read and write the data.
  • Optical Storage Devices: Optical storage devices are electronic storage media that store and read the data in the form of binary values using a laser beam. The devices use lights of different densities to store and read the data. Examples of optical storage devices include Blue-Ray discs, CDs, and DVDs,
  • Flash Memory Devices: Flash memory is a non-volatile electronically erasable and reprogrammable storage medium that is capable of retaining data even in the absence of power. It is a type of electronically erasable programmable read only memory (EEPROM). These devices are cheap and more efficient compared to other storage devices. Devices that use flash memory for data storage are USB flash drives, MP3 players, digital cameras, solid-state drives, etc.
    Few examples of flash memory are:
     BIOS chip in a computer
     Compact Flash (commonly found in digital cameras)
     Smart Media (commonly found in digital cameras)
     Memory Stick (commonly found in digital cameras)
     PCMCIA Type I and Type II memory cards found in laptops
     Memory cards for video game consoles

Related Product : Computer Hacking Forensic Investigator | CHFI

Hard Disk Drive (HDD)

Hard Disk Drive is a non-volatile, random access digital data storage device used in any computer system. The hard disk stores data in a method similar to that of a file cabinet. The user, when needed, can access the data and programs. When the computer needs the stored program or data, the system brings it to a temporary location from the permanent location. When the user or system makes changes to a file, the computer saves the file by replacing the older file with the new file. The HDD records data magnetically onto the hard disk.

The hard disks differ from each other considering various measurements such as:

  • Capacity of the hard disk
  • Interface used
  • Speed in rotations per minute
  • Seek time
  • Access time
  • Transfer time

Also Read : Writing the Investigation Report & Testifying in the Court Room

Solid-State Drive (SSD)

A Solid-State Drive (SSD) is an electronic data storage device that implements solid-state memory technology to store data similar to a hard disk drive. Solid-state is an electrical term that refers to an electronic circuit entirely built with semiconductors.

It uses two memories:

  • NAND-based SSDs: These SSID5 use solid state memory NAND microchips to store the data. Data in these microchips is in a non-volatile state and does not need any moving parts. NAND memory is non-volatile in nature and retains memory even without power.
    NAND memory was developed primarily to reduce per bit cost of data storage. However, it is still more expensive than optical memory and HDDs. NAND-based memory is widely used today in mobile devices, digital cameras, MP3 players, etc. It has a finite number of writes over the life of the device.
  • Volatile RAM-based SSDs: SSDs, based on volatile RAM such as DRAM, are used when applications require faster data access. These SSDs include either an internal chargeable battery or an external AC/DC adapter, and a backup storage. Data resides in the DRAM during data access and is stored in the backup storage in case of a power failure.

Read More : https://info-savvy.com/discribe-the-different-types-of-disk-and-there-characterstics/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

ISO 27001

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management

info savvy

ISO 27001 Annex : A.17 Information Security Aspects of Business Continuity Management in this article explain Information Security Continuity, Planning Information Security Continuity and Implementing Information Security Continuity this contols.

A.17.1 Information Security Continuity

Its objective is the continuity of information security should be integrated into the business continuity management processes of the organization.

A17.1.1 Planning Information Security Continuity

Control – In adverse circumstances, e.g. during a crisis or a catastrophe, the company will determine the information security standards and consistency of information security management.

Implementation Guidance- An organization should assess whether the continuity of security is captured in the management process of business continuity or in the disaster recovery process. In business continuity preparation and disaster recuperation, information security standards will be determined.

The Information Security Management should assume that information security requirements remain the same in unfavorable situations as normal operational conditions without a formal business continuity and disaster recovery plan. In order to define security criteria related to adverse circumstances, an organization may also carry out a business effect analysis for information security issues.

Related Product :  ISO 27001 Lead Auditor Training And Certification ISMS

Other Information- It is advised to capture the security aspects of information within the standard business continuity or disaster recovery management business impact analysis to minimize the time and expense of an external business impact analysis for information security. That means, in business continuity management or disaster recovery management systems, the criteria for continuity information protection are specifically formulated.

A.17.1.2 Implementing Information Security Continuity

Control- In order to ensure the necessary degree of consistency of information security to adverse circumstances, the company should define, document, execute, and maintain processes, procedures, and controls.

Implementation Guidance- An organization should make sure that:

  • Adequate management structure is in place with the authority, experience, and competence to plan, mitigate and respond to disruptive events with the workforce necessary;
  • Incident response personnel are nominated for incident management and information security with the necessary responsibility, authority, and competence;
  • It develops and approves the documented plans, response and recovery procedures detailing how the organizations manage a disruptive event and maintain their security of information to a pre-set level based on the information security continuity objectives approved through management.

Also Read : ISO 27001 Annex : A.16.1.5 , A.16.1.6  & A.16.1.7 

The organization should establish, record, execute, and maintain the information security continuity requirements:

  • Controlling of information security, processes and support systems and equipment, as well as business continuity or disaster recovery process.
  • Processes, procedures and changes in implementation in an adverse situation in order to maintain existing information security controls;
  • Compensating information security management mechanisms that can not be enforced under adverse circumstances.

“Continuous improvement is better than delayed perfection”
– Mark Twain

Other Information- Different processes and procedures may be described within the context of business continuity or disaster recovery. Information that is stored inside or inside specific information systems to help these processes and procedures should be covered. Therefore, information security professionals will be active in the development, implementation, and management of business continuity and systems and procedures for disaster recovery.

In an adverse situation, information security checks carried out should still operate. In the absence of effective information security controls, other controls are needed to ensure appropriate information security, to be developed, enforced, and maintained.

Read More : https://info-savvy.com/iso-27001-annex-a-17-information-security-aspects-of-business-continuity-management/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

ISO 27001

ISO 27001 Annex : A.16.1.5 Response to Information Security Incidents, A.16.1.6 Learning from Information Security Incidents & A.16.1.7 Collection of Evidence

info savvy

In this article explain ISO 27001 Annex : A.16.1.5 Response to Information Security Incidents, A.16.1.6 Learning from Information Security Incidents & A.16.1.7 Collection of Evidence this controls.

A.16.1.5 Response to Information Security Incidents

Control- In the context of the documented procedures, information security incidents should be responded to.

Implementation Guidance- A nominated point of contact and other pertinent people within the organization or external parties should be able to respond to information security incidents.

The following should be included in the response:

  • Gathering evidence as soon as possible after the occurrence;
  • Conduct forensic security information analysis where necessary;
  • Escalation, wherein necessary;
  • Ensuring adequate documentation for subsequent analysis of all responses activities involved;
  • Communicate to other internal or external entities or organizations who need to know if an information security incident occurs or any specific details thereof;
  • Addressing the weaknesses identified for information security or contributing to the incident;
  • The formal closing and recording of the incident until effectively concluded.

The investigation should be performed after the incident to determine the cause of the accident, if appropriate.

Related Product :  ISO 27001 Lead Auditor Training And Certification ISMS

Other information- The first goal of the response to an incident is to restore the ‘daily security level’ and then start the necessary recovery.

A.16.1.6 Learning from Information Security Incidents

Control – To minimize the risk or effect of potential accidents, the experience obtained from the study and mitigation of information security accidents should be used.

Implementation Guidance- Mechanisms will be in place to measure and track the forms, quantities, and costs of events affecting information security. In order to classify recurring or high impact events, the information obtained from the information security events assessment should be used.

Other Information- In order to minimize the occurrence, harm and expense of potential accidents, or take account of the security policy analysis process, assessment of information security accidents that suggest that improved or additional controls are required (refer 5.1.2).

Facts and figures from real events in the security of information can be used in user awareness training with due consideration of confidentiality (refer 7.2.2) as examples of how these events may be handled and how to prevent them in the future.

Also Read : A.16.1.2 , A.16.1.3 & A.16.1.4 

A.16.1.7 Collection of Evidence

Control- The organization will define, obtain, procure and retain information as documentation and implement procedures.

Implementation Guidance- External protocols for treating evidence for administrative and legal action should be established and tracked.

In general, the processes of defining, gathering, acquiring, and preserving the proof should be in line with various media types, technologies, and device specifications e.g. based on or off.

The procedures will take into consideration:

  • Custody chain;
  • Evidence of security
  • Personnel security;
  • The staff’s roles and responsibilities;
  • Personnel competency;
  • Documentation;
  • Briefing.

Certification or all other applicable staff and instrument credentials should be pursued where possible in order to strengthen the validity of the evidence retained.

Forensic findings can extend beyond the boundaries of association or jurisdiction. In these cases, the organization should be given the right to collect the required information as forensic proof. In order to optimize admission opportunities across the qualified jurisdictions, the criteria of the different jurisdictions should also be considered.

Read More : https://info-savvy.com/iso-27001-annex-a-16-1-5-a-16-1-6-a-16-1-7/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

ISO 27001

ISO 27001 Annex : A.16.1.2 Reporting Information Security Events, A.16.1.3 Reporting Information Security Weaknesses & A.16.1.4 Assessment of and Decision on Information Security Events

info savvy

In this article explain ISO 27001 Annex : A.16.1.2 Reporting Information Security Events, A.16.1.3 Reporting Information Security Weaknesses & A.16.1.4 Assessment of and Decision on Information Security Events this contols.

A.16.1.2 Reporting Information Security Events

Control- Information security incidents should be reported as quickly as possible through appropriate management channels.

Implementation Guidance- Both employees and contractors will be made aware of their responsibility as soon as possible for reporting security incidents. The reporting protocols and the point of contact at which the incidents will be reported should also be known to them.

Related Product :  ISO 27001 Lead Auditor Training And Certification ISMS

Situation for information security incident documentation to be considered includes:

  • Ineffective control of security;
  • Breach of standards regarding quality of information, confidentiality, and availability;
  • Towards human mistakes;
  • Failure to comply with policies or guidelines;
  • Failed to comply with physical safeguards
  • A device shift controlled;
  • A program or device malfunctioning;
  • Infringements of access.

Ignorance and other anomalous device activity may signify a security attack or actual security violation and therefore should always be identified as a security information event.

A.16.1.3 Reporting Information Security Weaknesses

Control- Any information security vulnerabilities found or suspected in systems or services in which employees and contractors are using the information systems and services of the organization should be recorded and documented.

Implementation Guidance- To avoid accidents related to the protection of information, all employees and contractors will send these queries to the contact point as soon as possible. The system for reporting should be as easy, open, and usable as possible.

Other Information- This should be recommended not to attempt to show alleged security vulnerabilities for employees or contractors. Test deficiencies may be viewed as a possible violation of the system which could lead to harm to the information system or to the service and to legal responsibility for the individual conducting the test.

Also Read : ISO 27001 Annex : A.16 Information Security Incident Management

A.16.1.4 Assessment of and Decision on Information Security Events

Control- Information security events should be analyzed and determined whether they should be listed as incidents related to information security.

Implementation Guidance- Each information security event should be evaluated by the contact point on the agreed security event and classification scale and whether the event should be considered as a security incident. Incidents detection and prioritizing can help to assess the nature and severity of an incident.

For situations where the company has an ISIRT(i nformation security incident response team ) , the assessment and judgment may be forwarded to ISIRT for validation or re-evaluation. Results of the assessment and decision should be recorded intimately for the aim of future reference and verification.

Read More : https://info-savvy.com/iso-27001-annex-a-16-1-2-a-16-1-3-a-16-1-4/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

ISO 27001

ISO 27001 Annex : A.16 Information Security Incident Management

info savvy

ISO 27001 Annex : A.16 Information Security Incident Management in this aerticle explain Management of Information Security Incidents and Improvements and there Responsibilities & Procedures.

A.16.1 Management of Information Security Incidents and Improvements

It’s objective is to ensure a clear and successful strategy, including communication on security incidents and vulnerabilities, for information security incidents management.

A.16.1.1 Responsibilities and Procedures

Control- In order to ensure a quick, efficient, and organized response to ISO 27001 Annex : A.16 Information Security Incident Management roles and procedures should be defined.

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

Implementation Guidance- The following recommendations should be taken into account regarding management roles and procedures for management of incident information security:

A. In order to ensure proper development and coordination of procedures within this organization, management roles should be established:

 Planning and preparation procedures for incident response;
 Monitoring, identification, analysis and reporting procedures for events and incidents related to information security;
 Logging procedures for incidents management.
– Forensic Evidence Management Procedures;
 Procedures for information security evaluation and decision making and information security vulnerability assessment;
 Response protocols include escalation measures, managed recovery from incidents and contact to internal and external individuals or organizations;

B. The established procedures should ensure that:

  • Competent staff handle information security issues within the organization;
  • A contact point for identification and reporting of safety incidents is established;
  • Adequate contacts are being maintained with authorities, groups of external interest or forums that deal with information security issues;

C. Procedures to report will include:

  • Preparing the ways of covering information security incidents to facilitate coverage and to help reporters remember any steps required even in the event of an information security incident;
  • Procedure to be taken in the case of an information security event, e.g. immediately notice of all the information such as a form of violation or non-compliance, failure occurring, on-screen notifications and immediate contact reporting taking only coordinated actions;
  • a reference to a formal disciplinary process established to deal with employees who violate security;
  • Appropriate feedback processes to ensure that those who report information security events are notified of the results following the resolution and closure of the issue.

Read More : https://info-savvy.com/iso-27001-annex-a-16-information-security-incident-management/

This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

ISO 27001

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management

info savvy

ISO 27001 Annex : A.15.2 Supplier Service Delivery Management It’s objective is to maintain, in compliance with supplier agreements, an agreed level of information security and delivery of service.

A.15.2.1  Monitoring and Review of Supplier Services

Control- Organizations shall monitor, review and audit the provision of service to suppliers on a regular basis.

Implementation Guidance – Monitoring and review of supplier services will ensure respect for the terms and conditions of information security of the arrangement and careful monitoring of incidents and issues related to information security.

This will include a process of service management between the client and the supplier:

  1. Monitor the level of service performance to verify agreement compliance;
  2. Review the supplier’s service reports and schedule progress meetings on a regular basis as required by the agreements;
  3. conduct supplier audits and follow-up on reported problems in conjunction with the analysis of independent auditor reports where available;
  4. Facilitate and review the details regarding safety incidents as provided by agreements and any relevant guidelines and procedures;
  5. review the traces of the manufacturer audit and information security reports, operational issues, failures, fault-tracking and service-related disturbances;
  6. solving and managing any problems identified;
  7. review the security of information aspects of the provider’s relations with their own suppliers;
  8. Ensure that the company retains sufficient service capacity along with working plans to ensure that negotiated rates of service reliability are maintained following significant service or catastrophe failures.

Related Product  : ISO 27001 Lead Auditor Training And Certification ISMS

A designated entity or service management team should be entrusted with the responsibility for managing supplier relationships. Moreover, the organization should ensure that suppliers assign responsibilities for compliance review and implementation of the agreement requirements. There should be appropriate technical expertise and resources to track compliance with the requirements of the Agreement, especially with the requirements for information security. If deficiencies in the service delivery are observed, suitable action should be taken.

To order that sensitive and essential information and information processing facilities that a company has access, stored or controlled should be kept to full control and exposure of all security aspects. In the context of a defined reporting procedure, the organization should retain visibility in security activities such as change management, vulnerability identification, and incident reporting and response to information security.

A.15.2.2  Managing Changes to Supplier Services

Control- Change in the provision of services by providers should be managed with the focus on the criticality of enterprise information, systems, processes, and reassessment of risks and should include maintaining and improving existing information security policies, procedures, and controls.

Read More : https://info-savvy.com/iso-27001-annex-a-15-2-supplier-service-delivery-management/

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com