roboapi.blogg.se - Iso 27002 checklist

#Iso 27002 checklist how to

Acceptance policy: All connections are accepted by default, and IT personnel have to establish parameters (or rules) for the configuration of the firewall to reject certain connections.

ISO 27002.įirewall policies are related to the global operating mode of the firewall, and most of them have two basic configuration policies: To see differences between the standards, read this article ISO 27001 vs.

#Iso 27002 checklist how to

It is important to know how to implement the controls that are related to firewalls, because they protect us from threats related to connections and networks, and can therefore help us to reduce risks. A company must perform risk assessment to find out which kind of protection it needs, and set its own rules on how to mitigate those risks.

ISO 27001 does not set the technical details, so it needs the security controls of ISO 27002 to reduce risks related to loss of confidentiality, integrity, and availability. Our house would be safer if we had two locks and the doors were armored, wouldn’t it? For a network security perimeter, the concept is basically the same.

Because this is a key component in any organization, we can consider it as if it were the door of our house. A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept a connection, reject it, or filter it under certain parameters.