Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
The organization shall map, document, authorize and when changes occur, update, all external services and the connections made with them.
Guidance
- Outsourcing of systems, software platforms and applications used within the organization is covered in ID.AM-1 & ID.AM-2
- External information systems are systems or components of systems for which organizations typically have no direct supervision and authority over the application of security requirements and controls, or the determination of the effectiveness of implemented controls on those systems i.e., services that
are run in cloud, SaaS, hosting or other external environments, API (Application Programming interface)…
- Mapping external services and the connections made to them and authorizing them in advance avoids wasting unnecessary resources investigating a supposedly non-authenticated connection to external systems.
The flow of information to/from external systems shall be mapped, documented, authorized, and update when changes occur.
Guidance
Consider requiring external service providers to identify and document the functions, ports, protocols, and services necessary for the connection services.
The organization shall map, document, authorize and when changes occur, update, all external services and the connections made with them.
Guidance
- Outsourcing of systems, software platforms and applications used within the organization is covered in ID.AM-1 & ID.AM-2
- External information systems are systems or components of systems for which organizations typically have no direct supervision and authority over the application of security requirements and controls, or the determination of the effectiveness of implemented controls on those systems i.e., services that
are run in cloud, SaaS, hosting or other external environments, API (Application Programming interface)…
- Mapping external services and the connections made to them and authorizing them in advance avoids wasting unnecessary resources investigating a supposedly non-authenticated connection to external systems.
The flow of information to/from external systems shall be mapped, documented, authorized, and update when changes occur.
Guidance
Consider requiring external service providers to identify and document the functions, ports, protocols, and services necessary for the connection services.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
Break down the framework into specific obligations that must be met.
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.