Network security is a key component of an organisation’s broader information security policy.
Whilst several controls deal with individual elements of an organisation’s LAN and WAN setup, Control 8.20 is a series of broad protocols that deal with the concept of network security as a governing principle in all its various forms, and draws on guidance from several major information security controls across ISO 27002.
Control 8.20 is a dual-purpose preventive and detective control that maintains risk by implementing controls that safeguard an organisation’s ICT network from the top down, by ensuring that network activity is adequately logged, partitioned and carried out by authorised personnel.
Control Type | Information Security Properties | Cybersecurity Concepts | Operational Capabilities | Security Domains |
---|---|---|---|---|
#Preventive #Detective | #Confidentiality #Integrity #Availability | #Protect #Detect | #System and Network Security | #Protection |
Control 8.20 deals primarily with the operation of back-end networking, maintenance and diagnostic tools and procedures, but its broad scope encompasses far more than day-to-day maintenance operations. As such, ownership should reside with the organisation’s CISO, or equivalent.
Control 8.20 focused on two key aspects of network security across all its general guidance points:
To achieve these two goals, Control 8.20 asks organisations to do the following:
27002:2022-8.20 replaces 27002:2013-13.1.1 (Network controls).
27002:2022-8.20 advocates for a far more comprehensive approach to network security, and contains a number of additional guidance points that deal with several key elements of network security, including:
The ISMS.Online platform helps with all aspects of implementing ISO 27002, from managing risk assessment activities through to developing policies, procedures and guidelines for complying with the standard’s requirements.
It provides a way to document your findings and communicate them with your team members online. ISMS.Online also allows you to create and save checklists for all of the tasks involved in implementing ISO 27002, so that you can easily track the progress of your organisation’s security program.
With its automated tool-set, ISMS.Online makes it easy for organisations to demonstrate compliance with the ISO 27002 standard.
Contact us today to schedule a demo.
ISMS.online makes setting up and managing your ISMS as easy as it can get.
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
5.7 | New | Threat intelligence |
5.23 | New | Information security for use of cloud services |
5.30 | New | ICT readiness for business continuity |
7.4 | New | Physical security monitoring |
8.9 | New | Configuration management |
8.10 | New | Information deletion |
8.11 | New | Data masking |
8.12 | New | Data leakage prevention |
8.16 | New | Monitoring activities |
8.23 | New | Web filtering |
8.28 | New | Secure coding |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
6.1 | 07.1.1 | Screening |
6.2 | 07.1.2 | Terms and conditions of employment |
6.3 | 07.2.2 | Information security awareness, education and training |
6.4 | 07.2.3 | Disciplinary process |
6.5 | 07.3.1 | Responsibilities after termination or change of employment |
6.6 | 13.2.4 | Confidentiality or non-disclosure agreements |
6.7 | 06.2.2 | Remote working |
6.8 | 16.1.2, 16.1.3 | Information security event reporting |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
7.1 | 11.1.1 | Physical security perimeters |
7.2 | 11.1.2, 11.1.6 | Physical entry |
7.3 | 11.1.3 | Securing offices, rooms and facilities |
7.4 | New | Physical security monitoring |
7.5 | 11.1.4 | Protecting against physical and environmental threats |
7.6 | 11.1.5 | Working in secure areas |
7.7 | 11.2.9 | Clear desk and clear screen |
7.8 | 11.2.1 | Equipment siting and protection |
7.9 | 11.2.6 | Security of assets off-premises |
7.10 | 08.3.1, 08.3.2, 08.3.3, 11.2.5 | Storage media |
7.11 | 11.2.2 | Supporting utilities |
7.12 | 11.2.3 | Cabling security |
7.13 | 11.2.4 | Equipment maintenance |
7.14 | 11.2.7 | Secure disposal or re-use of equipment |