This presentation describes the about ISO Control a.11 and a.11.1 by software outsourcing company in India http://www.ifourtechnolab.com/

1. iFour ConsultancyControl A.11 and A.11.1

2.  Control A.11
 A.11.1 : Secure areas
 A.11.1.1
 A.11.1.2
 A.11.1.3
 A.11.1.4
 A.11.1.5
 A.11.1.6
 References
Contents
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

3. Control A.11 Physical and environmental security
Takes care of both physical and environmental security of an organization
Two sub-controls:
 A.11.1 : Secure areas
 A.11.2 : Equipment
 Physical security includes security guards, biometric machines etc
 Environmental security includes disaster recovery from earthquake, fire etc
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

4.  Control objective of A.11.1 :
 To prevent unauthorized physical access, damage and interference to the organization’s
information and information processing facilities.
 Security breach of this control can be there if someone gets unauthorized access to
secure areas.
 Areas like data centre are critical because of storage of critical information. So, it
should be highly secured.
Control A.11.1 Secure areas
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

5. A.11.1.1 : Physical security perimeter
 Safety measures should be taken across physical security perimeter to protect
areas from any unauthorized access.
Control objective:
 Security perimeters shall be defined and used to protect areas that contain either
sensitive or critical information and information processing facilities.
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

6.  Control objective:
 Secure areas shall be protected by appropriate entry controls to ensure that only
authorized personnel are allowed access.
 Physical entry controls include:
 Password
 Passphrase
 Biometric
 Smart card
A.11.1.2 : Physical entry controls
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

7. A.11.1.3 : Securing offices, rooms and facilities
 Control objective:
 Physical security for offices, rooms and facilities shall be designed and applied.
 Physical security includes:
 Security guard
 Swipe-in/Swipe-out
 Luggage scan
 Biometric
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

8. A.11.1.4 : Protecting against external and environmental threats
 Control Objective:
 Physical protection against natural disasters, malicious attack or accidents shall be
designed and applied.
 External threats include:
 Earthquake
 Tsunami
 Environmental threats include:
 Global warming
 Fire
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

9.  Control Objective:
 Procedures for working in secure areas shall be designed and applied.
 Procedures:
 CCTV cameras installation
 Body scan of people working there
 Biometric
A.11.1.5 : Working in secure areas
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

10.  Control Objective:
 Access points such as delivery and loading areas and other points where unauthorized
persons could enter the premises shall be controlled and, if possible, isolated from
information processing facilities to avoid unauthorized access.
 Unauthorized access:
 Shoulder surfing
 Theft of employee ID card
 Social Engineering
A.11.1.6 : Delivery and loading areas
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

11. References
http://www.slideshare.net/null0x00/iso-27001-2013-changes
http://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27001/resources/BSI-
ISO27001-transition-guide-UK-EN-pdf.pdf
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
http://www.iso27001security.com/html/27001.html
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com

12. iFour Consultancy Services
 Visit these websites for more details:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
THANK YOU!!!
Custom eCommerce Solution Providershttp://www.ifourtechnolab.com