ISO/IEC 27001 Control 5.14: Information transfer

Control

Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint can use classifications and policy rules to limit and partially control information transfer.

Implementation Details

Policy rules can prohibit access to internal information to external users, or it may require appropriate non-disclosure agreements in place (in a form of clearance). Archetypes can be used to grant access to internal information for a broad classes of users, e.g. automatically grant access to internal information to all employees by including appropriate clearance in employee archetype. Object governance mechanism can be used to set information owners, as appropriate contacts related to information transfer. Policy rules can be used to enforce stronger levels of authentication for users that have access to internal or sensitive information. Object history mechanism can provide supplementary information during investigations of inappropriate information transfer, e.g. demonstrating that certain user has access to leaked information in the past.

Rationale

MidPoint provides added value for information transfer control, prohibiting some of several undesirable scenarios.

Documentation

Version Title Description
Development Information Classification and Clearances Description of an idea for limiting access to internal information using classification scheme
4.8 Information Classification and Clearances Description of an idea for limiting access to internal information using classification scheme
Was this page helpful?
YES NO
Thanks for your feedback