ISO 27001 is the international standard for information security management systems. It is constantly evolving to address the changing landscape of cyber security threats. The most recent update in 2022 introduced eleven new controls. Know about these new controls and understand why these are crucial for organizations aiming to achieve ISO 27001 compliance.
5.7: Threat Intelligence
This control emphasizes the importance of gathering and analyzing data related to information security threats. By generating threat intelligence, organizations can gain valuable insights to inform their preventive and responsive actions.
It is essential for staff members to be trained in recognizing and responding to threats effectively. Use of CybeReady and other training platforms can boost employee awareness about how they can make ISO 27001 controls more effective.
5.23: Information Security for Use of Cloud Services
As organizations increasingly rely on cloud services, it is crucial to establish secure processes for their use, termination, and management. Due to the lack of direct physical control over cloud data, user training, and strong policies are vital for ensuring data integrity.
5.30: Maintaining Information and Communications Technology (ICT)
This control emphasizes the need for secure and reliable ICT systems to maintain communications and functionality during disruptive cyber attacks. Adequate planning, hardware, and training are necessary to ensure continuity.
7.4: Monitoring physical security
While cyber-attacks predominantly occur online, physical security is equally important. Cameras, alarm systems, and security patrols can be implemented to enhance physical security.
8.9: Management of configuration
To prevent configuration drift and unauthorized changes, organizations must define appropriate security configurations for their technological assets and regularly monitor them. Thorough documentation of configuration setup and review processes is essential.
8.10: Deletion of unnecessary information
Establishing data retention policies and securely deleting stored data when it is no longer needed is the objective of this control. It is important to reduce storing of sensitive data that is not needed for business requirements anymore. User training should include guidelines on when and how to safely delete unnecessary records.
8.11: Use of data masking
Data masking procedures, such as encryption or anonymization, should be employed whenever possible, particularly during development or testing phases. This control emphasizes the importance of educating staff about the processes and situations for data masking.
8.12: Data Leakage Protection
The focus of this control is to minimize data leakage during storage, transfer, and processing. Policies and processes should be in place to reduce the risk of leakage. Users should be trained on best practices to handle data safely.
8.16: Monitoring Activities
Continuous monitoring of networks, software applications, and technological assets is essential in order to detect suspicious behavior. Users should be informed about the systems and activities being monitored.
8.23: Web Filtering
Limiting access to external websites is crucial to prevent risky user behavior. Communicating policies and expectations to users is important. It is also essential to train them to identify potentially dangerous sites that are not intercepted by the web filter.
8.28: Secure Coding
This control emphasizes the establishment of secure coding principles for in-house software developers. Maintaining a safe development environment, implementing measures to avoid unauthorized source code changes, thoroughly documenting changes, and providing relevant training to coders are essential to ensure secure coding practices.
Businesses need to be aware of these new controls and should implement them to enhance their data protection practices.
Know the cyber security course in Kolkata fees and syllabus.
——————