Adopting new technologies as a fundamental part of the evolutionary process of digital transformation implies knowing, identifying and understanding new risks, incidents, events, vulnerabilities and threats that companies may be facing.
What is information security assessment?
It is a process that helps organizations identify, analyze and apply security controls in the workplace or workstation.
In this sense, and to avoid any threat or cyber risk, we must carry out an assessment or checklist, with which it is possible to take corrective measures immediately to avoid that they mean a great cost to future.
What is information security?
It is the set of preventive and reactive measures, both for organizations and technological systems, that allow the safeguarding and protection of information, as well as maintaining the confidentiality, integrity and availability of data.
What controls should we evaluate for information security?
We must use the ISO/IEC 27001:2013 standard, considered one of the most important International Standards on the subject and which allows the assurance, confidentiality, integrity and availability of data or information, as well as the systems that process it.
In this sense, ISO/IEC 27001:2013 contains “Annex A” which, in turn, has 14 domains, 35 control objectives and 114 controls for, depending on the risk analysis and the statement of applicability that is perform, allow us to select those that apply, while justifying those that are excluded.
In the following image you can see annexes 5 to 18: