Expert Advice Community

Guest

Template content

  Quote
Guest
Guest user Created:   Jun 29, 2018 Last commented:   Jun 29, 2018

Template content

Our question is about document [A.8 Acceptable Use Policy]: do you have any extended template to cover the [A.12.2 Protection from malware]?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 29, 2018
Provided template consist only requirements of deploying any sort of anvivirus software with auto-updates ON, but in our case it isn't enough.
The reason i ask for assistance is that we provide SMB SaaS with access for customers to terminal servers with this software installed on it, and this software has the functionality to modify clientside source code for customization needs. We dont surely know how we shall consider this threat: as a potential to execute any malware or just as a technical vulnerability (so shall refer to A.12.6).

Can you help us to complete understanding?

Answer: There is no extended template, but as a part of the toolkit you bought you can schedule a meeting with one of our experts so he can help you develop the extensions you need. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/

Considering the information you provided, the po ssibility to modify client's side source code should be treated as a technical vulnerability, because this feature is part of how the antivirus software works to protect the assets, but may have a negative impact that must be assessed first before releasing the software on operational environment, which can be handled by controls from section A.12.6.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 29, 2018

Jun 29, 2018

Suggested Topics

Guest user Created:   Mar 13, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Mar 11, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content

Guest user Created:   Feb 26, 2020 ISO 27001 & 22301
Replies: 1
0 0

Template content - DRP