Expert Advice Community

Guest

Network controls

  Quote
Guest
Guest user Created:   Jan 18, 2021 Last commented:   Jan 18, 2021

Network controls

The ISO 27002 requires (in A.13.1.1) Control: „Networks should be managed and controlled to protect information in systems and applications“.


I am interested in particular for items f) and g).

What is meant by “systems on the network should be authenticated“ / „systems connection to the network should be restricted“ ?

What is meant by „systems“ ?

Can you please give me some example for better understanding ?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 18, 2021

By “system” you should understand software or set of software. For example, operational systems, Office 365, and SaaS applications are examples of systems.

When control A.13.1.1 (Network controls) requires a system to be authenticated, it means that the system must show proof that it is the system it claims to be (much like a human user must prove his identity when accessing a system or physical area), by means of presenting a password or one-time code provided by a token along with its identification. By adopting this control, you can ensure that only systems you know and have authorized can access your network. For example, when you access your organization’s network you need to provide your identification and authentication information, right? It is the same thing, only applied to systems (each system should have its own identification and authentication information).

When we talk about the restriction of system connection, we mean that a system should access only what is necessary for its activities. For example, a payment application should have access to the organization’s finance systems and customer databases, but most probably should not have access to HR systems or R&D applications.

These articles will provide you a further explanation about network controls:

These materials will also help you regarding network controls:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 18, 2021

Jan 18, 2021