Internet Access
With reference to the document ‘A.8.2_IT_Security_Policy_Premium_EN’ under ‘3.13 Internet Use’
Is it mandatory to define access to the Internet, only through organization and not direct access?
If yes, how do we restrict/ define actions for email services, cloud platforms which in general are accessible from the direct network?
If no, what set of restrictions are defined to comply with the requirements of ISO 27001?
Please let me know if more clarification required.
Assign topic to the user
Although ISO 27001 does not prescribe access to the Internet only through the organization as mandatory, what happens in real life is that this is more a common sense for business practice, as survival and competitive question than a standard's requirement (most of the businesses and their relations go through the Internet).
Considering that, when organizations resources, like email services, are available through direct access to the Internet (e.g., to allow remote work), a common practice is the usage of access through Virtual Private Networks (VPNs), where the organizations implement controls such as protected communication, and access control to limit external access to authorized users, only to needed information, and also can monitor activities and information flow.
A third important point is awareness activities, so employees can understand the importance to access the Internet only through the organization, and the consequences on direct access.
This article will provide you a further explanation about network controls:
- How to manage the security of network services according to ISO 27001 A.13.1.2 https://advisera.com/27001academy/blog/2017/02/13/how-to-manage-the-security-of-network-services-according-to-iso-27001-a-13-1-2/
This material will provide you further information about employee awareness:
- Free Security Awareness Training: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.
Comment as guest or Sign in
May 27, 2020