Expert Advice Community

Guest

Isolation of Sensitive Systems

  Quote
Guest
Guest user Created:   Nov 18, 2020 Last commented:   Nov 18, 2020

Isolation of Sensitive Systems

I would like to request for your comment or idea on which I still doubt on how to check this point "Isolation of Sensitive Systems" - According to identified risks, do sensitive application systems operate in an isolated processing environment?

I would very much appreciate for your kindly comment and any idea.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 18, 2020

This question can be answered from two points of view: auditor and pen tester.

From the auditor's point of view, you need to check the evidence that shows isolation is implemented (e.g., network topology, pentest report, etc.)

From a pen tester's point of view, to check isolation you need to try to access the systems from outside their defined perimeter of work (i.e., environment).

For example, if a system stated environment is the companies premises, you should try to access it from outside the companies premises, like:

  • from a side street, trying to find out a hide wireless connection
  • from the company's website, trying to explore a site vulnerability

In case the system stated environment is a single room int the companies premises, or it is disconnected from the main company's network, you should try to access by:

  • trying to find out a hide wireless connection
  • trying to explore an intranet vulnerability
  • trying to physically access a network device connected to the system
  • trying to get physical access to the room

This article will provide you a further explanation about exploring vulnerabilities:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 18, 2020

Nov 18, 2020

Suggested Topics