While cyber threats such as malware attacks, SQL injection, and traffic interception are becoming more sophisticated and pose a great risk to the security of information assets.
The risk landscape is not limited to software-based cyber attacks:
For example, spillage of a drink onto a server, a shutdown of a computer system due to high temperature, and unauthorised access to a computer system not located in a secure area are all examples of physical threats to equipment housing information assets.
Control 7.8 addresses how organisations can eliminate and mitigate risks arising out of physical and environmental threats to equipment hosting information assets.
Control 7.8 enables organisations to eliminate and/or mitigate two types of risks to equipment containing information assets:
Control 7.8 is a preventive type of control that requires organisations to maintain the integrity, availability, and confidentiality of information assets by protecting equipment containing information assets against physical and environmental threats.
Control Type | Information Security Properties | Cybersecurity Concepts | Operational Capabilities | Security Domains |
---|---|---|---|---|
#Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical Security #Asset Management | #Protection |
Compliance with Control 7.8 entails the creation of an inventory of equipment hosting information assets, siting of all equipment in secure areas and implementation of appropriate measures to prevent physical and environmental threats.
Therefore, information security managers should be responsible for establishing, implementing, and maintaining necessary measures and guidelines on secure siting and protection of equipment.
Control 7.8 prescribes nine specific requirements that should be taken into account for compliance:
27002:2022/7.8 replaces 27002:2013/(11.2.1)
While the 2022 and the 2013 versions are similar to a great extent, there is one key difference to be highlighted:
In contrast to the 2013 Version, Control 7.8 in 2022 Version introduces the following requirement:
Our platform is intuitive and easy-to-use. It’s not just for highly technical people; it’s for everyone in your organisation. We encourage you to involve staff at all levels of your business in the process of building your ISMS, because that helps you to build a truly sustainable system.
Some of the key benefits of using ISMS.online include:
Get in touch today to book a demo.
It helps drive our behaviour in a positive way that works for us
& our culture.
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
5.7 | New | Threat intelligence |
5.23 | New | Information security for use of cloud services |
5.30 | New | ICT readiness for business continuity |
7.4 | New | Physical security monitoring |
8.9 | New | Configuration management |
8.10 | New | Information deletion |
8.11 | New | Data masking |
8.12 | New | Data leakage prevention |
8.16 | New | Monitoring activities |
8.23 | New | Web filtering |
8.28 | New | Secure coding |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
6.1 | 07.1.1 | Screening |
6.2 | 07.1.2 | Terms and conditions of employment |
6.3 | 07.2.2 | Information security awareness, education and training |
6.4 | 07.2.3 | Disciplinary process |
6.5 | 07.3.1 | Responsibilities after termination or change of employment |
6.6 | 13.2.4 | Confidentiality or non-disclosure agreements |
6.7 | 06.2.2 | Remote working |
6.8 | 16.1.2, 16.1.3 | Information security event reporting |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
7.1 | 11.1.1 | Physical security perimeters |
7.2 | 11.1.2, 11.1.6 | Physical entry |
7.3 | 11.1.3 | Securing offices, rooms and facilities |
7.4 | New | Physical security monitoring |
7.5 | 11.1.4 | Protecting against physical and environmental threats |
7.6 | 11.1.5 | Working in secure areas |
7.7 | 11.2.9 | Clear desk and clear screen |
7.8 | 11.2.1 | Equipment siting and protection |
7.9 | 11.2.6 | Security of assets off-premises |
7.10 | 08.3.1, 08.3.2, 08.3.3, 11.2.5 | Storage media |
7.11 | 11.2.2 | Supporting utilities |
7.12 | 11.2.3 | Cabling security |
7.13 | 11.2.4 | Equipment maintenance |
7.14 | 11.2.7 | Secure disposal or re-use of equipment |