ISO 27001
Definition
ISO 27001 is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. The standard outlines requirements for establishing, implementing, maintaining, and continually improving an ISMS, with the aim of helping organizations protect their information assets and comply with legal and regulatory requirements.
Secure Settings Example
# Example of an ISO 27001 compliant access control policy
access_control_policy:
- policy_id: "ACP-001"
description: "Access to sensitive data is restricted to authorized personnel only."
controls:
- control_id: "AC-1"
description: "User access reviews are conducted quarterly."
- control_id: "AC-2"
description: "Multi-factor authentication is required for all remote access."
Insecure Settings Example
# Example of a non-compliant access control policy
access_control_policy:
- policy_id: "ACP-001"
description: "Access to sensitive data is not restricted."
controls:
- control_id: "AC-1"
description: "User access reviews are conducted annually."
- control_id: "AC-2"
description: "Single-factor authentication is allowed for remote access."