The control details and the counts in each sections are furnished below.
Controls
|
Counts
|
A.5 Information
security policies
|
2
|
A.6 Organisation
of information security
|
7
|
A.7 Human
resource security
|
6
|
A.8 Asset
management
|
10
|
A.9 Access
control
|
14
|
A.10
Cryptography
|
2
|
A.11 Physical
and environmental security
|
15
|
A.12 Operations
security
|
14
|
A.13 Communications
security
|
7
|
A.14 System
acquisition, development and maintenance
|
13
|
A.15 Supplier
relationships
|
5
|
A.16 Information
security incident management
|
7
|
A.17 Information
security aspects of business continuity management
|
4
|
A.18 Compliance
|
8
|
Reason controls of ISO 27001 standards start from A.5
The query looks little complicated and people might ask , are there any control starting from A.1. The reason behind is explained as under.
In ISO 27002:2005 the audit-able clauses use to start from clause 5 due to which the control started from A.5 and “A” is nothing but the annexure. So in annexure should know about 3 main things that is domain, domain objective and control. Eg : A.5.1.1 A is annexure, 5 is the domain, 1 is the domain objective and 1 is the control.
0 Comments