2. Key element of ISM Framework.pdf

Transcript

Key Element of the Cyber Framework:-
Cyber security is the shielding of web associated systems, for example,
hardware, software, and information from cyber dangers. The training
is utilized by people and ventures to defend against unapproved access
to the servers and other electronic systems.

Various elements of cyber security are given below:

Application Security
Information Security
Network Security
Disaster Recovery Planning
Operational Security
End-user Security
Let’s see an explanation of the elements in detail:

1. Application Security:- Application security is the principal key
component of cyber security which adds security highlights inside
applications during the improvement time frame to defend against
cyberattacks. It shields sites and online applications from various sorts
of cyber security dangers which exploit weaknesses in source code.
Application security is tied in with keeping software applications away
from dangers. The general focus of application security is on cloud
service-based organizations.

Due to misconfiguration of settings the data of the cloud gets insecure.
The fundamental reason for cloud application misconfiguration are:

Absence of attention to cloud security approaches
Absence of sufficient controls and oversight
Utilization of such a large number of connection points to oversee.
Vulnerabilities of Application:- Denial-of-service (DoS) and
Distributed denial-of-service(DDoS) attacks are used by some isolated
attackers to flood a designated server or the framework that upholds it
with different sorts of traffic. This traffic in the end keeps real users
from getting to the server, making it shut down. A strategy called SQL
injection (SQLi) is used by hackers to take advantage of database flaws.
These hackers, specifically, can uncover user personalities and
passwords and can also create, modify and delete data without taking
permission of the user.

Types of Application Security:- The types of Application Security are
Authentication, Authorization, Encryption, Logging, and Application
security testing.
Tools of Application Security:- The various tools of application
security are firewall, antivirus, encryption techniques, web application
firewalls that protect applications from threats.

2. Information Security:- Information Security is the component of
cyber security that denotes the methods for defending unapproved
access, use, revelation, interruption, modification, or deletion of
information. The protection of the companies data, code, and
information that is collected by the company from their clients and
users is protected by Information security. The primary standards and
principles of Information security are Confidentiality, Integrity, and
Availability. Together it is called as CIA.

Confidentiality:- The protection of information of authorized clients
which allows them to access sensitive information is known as
Confidentiality. For example, assuming we say X has a password for
my Facebook account yet somebody saw while X was doing a login into
the Facebook account. All things considered, my password has been
compromised and Confidentiality has been penetrated.
Integrity:- The maintaining of consistency, accuracy, and
completeness of the information is known as Integrity. Information
cannot be modified in an unapproved way. For example, in an
information break that compromises the integrity, a programmer might
hold onto information and adjust it prior to sending it on to the planned
beneficiary. Some security controls intended to keep up with the
integrity of information include Encryption, Controls of Client access,
Records Control, Reinforcement, recovery methodology, and Detecting
the error.
Availability:- The information which can be accessed any time
whenever authorized users want. There are primarily two dangers to
the accessibility of the system which are as per the following:
Denial of Service
Loss of Data Processing Capabilities
3. Network Security:- Network security is the security given to a
network from unapproved access and dangers. It is the obligation of
network heads to embrace preventive measures to safeguard their
networks from potential security dangers. Network security is one more
element of IT security which is a method of defending and preventing
unapproved access into computer networks.

Network Security Strategies:- There are numerous strategies to further
develop network security and the most well-known network security
parts are as per following: Firewalls, Antivirus, Email Security, Web
Security, Wireless Security.
Network Security Software: There are different types of tools that can
shield a computer network like Network firewall, Cloud application
firewall, Web application firewall, etc.
4. Disaster Recovery Planning/Business Continuity Planning:- The
planning that describes the continuity of work in a fast and efficient
way after a disaster is known as Disaster Recovery Planning or
Business Continuity Planning. A disaster recovery technique should
begin at the business level and figure out which applications are
generally vital to run the activities of the association. Business
continuity planning (BCP) is tied in with being ready for cyber danger
by distinguishing dangers to the association on schedule and
examining how activities might be impacted and how to conquer that.

The primary objectives of disaster recovery planning include:

Protect the organization during a disaster
Giving a conviction of security
Limiting the risk of postponements
Ensuring the dependability of backup systems
Giving a standard to testing the plan.
Limiting decision-production during a disaster
Disaster Recovery Planning Categories: The categories of Disaster
Recover Planning are
Data Center disaster recovery
Cloud applications disaster recovery
Service-based disaster recovery
Virtual disaster recovery
Steps of Disaster Recovery Planning: The steps are:
Acquire Top Management Commitment
Planning panel establishment
Performing risk management
Establish priorities for handling and tasks
Decide Recovery Strategies
Data Collection
Record a composed plan
Build testing rules and methods
Plan testing
Support the plan
5. Operational Security:- The process that encourages the managers
to see the activities according to the viewpoint of a hacker to protect
sensitive data from various threats is known as Operational Security
(OPSEC)n or Procedural security. Operations security (OPSEC) is
utilized to defend the functions of an association. It tracks basic data
and resources to distinguish weaknesses that exist in the useful
technique.

Steps of Operational Security:- There are five stages to deal with the
operational security program, which are as per the following:
Characterize the association’s delicate data
Distinguish the types of dangers
Investigate security openings and weaknesses
Evaluation of Risks
Execution of accurate countermeasures
Practices of Operational Security:- The best practices of Operational
Securities are:
Implement exact change management processes
Limit access to network devices
Minimum access to the employees
Carry out double control
Task automation
Reaction and disaster recovery planning
6. End User Education:- End-user training is most the significant
element of computer security. End users are turning into the biggest
security threat in any association since it can happen whenever. One
of the primary errors that lead to information breaks is human
mistakes. An association should prepare its workers about
cybersecurity. Each representative should know about phishing attacks
through messages and interfaces and can possibly manage cyber
dangers.

Threats of End-User:- There are many reasons, that danger can be
made. The end-user dangers can be made in the following ways:

Utilizing of Social Media
Text Messaging
Utilization of Email
Applications Download
Creation and irregular uses of passwords

Planning In ISM Framework:-
What is an ISMS?
An information security management system (ISMS) is a framework of
policies and controls that manage security and risks systematically and
across your entire enterprise—information security. These security
controls can follow common security standards or be more focused on
your industry.
What is an ISMS?
An information security management system (ISMS) is a framework of
policies and controls that manage security and risks systematically and
across your entire enterprise—information security. These security
controls can follow common security standards or be more focused on
your industry.

For example, ISO 27001 is a set of specifications detailing how to
create, manage, and implement ISMS policies and controls. The ISO
doesn’t mandate specific actions; instead, it provides guideline on
developing appropriate ISMS strategies.

The framework for ISMS is usually focused on risk assessment and risk
management. Think of it as a structured approach to the balanced
tradeoff between risk mitigation and the cost (risk) incurred.

Organizations operating in tightly regulated industry verticals, such as
healthcare or finance, may require a broad scope of security activities
and risk mitigation strategies.
Continuous Improvement in Information Security:-
While ISMS is designed to establish holistic information security
management capabilities, digital transformation requires
organizations to adopt ongoing improvements and evolution of their
security policies and controls.

The structure and boundaries defined by an ISMS may apply only for a
limited time frame and the workforce may struggle to adopt them in the
initial stages. The challenge for organizations is to evolve these
security control mechanisms as their risks, culture, and resources
change.

According to ISO 27001, ISMS implementation follows a Plan-Do-
Check-Act (PCDA) model for continuous improvement in ISM
processes:

Plan. Identify the problems and collect useful information to evaluate
security risk. Define the policies and processes that can be used to
address problem root causes. Develop methods to establish continuous
improvement in information security management capabilities.
Do. Implement the devised security policies and procedures. The
implementation follows the ISO standards, but actual implementation
is based on the resources available to your company.
Check. Monitor the effectiveness of ISMS policies and controls.
Evaluate tangible outcomes as well as behavioral aspects associated
with the ISM processes.
Act. Focus on continuous improvement. Document the results, share
knowledge, and use a feedback loop to address future iterations of the
PCDA model implementation of ISMS policies and controls.
Popular ISMS frameworks:-
ISO 27001 is a leader in information security, but other frameworks
offer valuable guidance as well. These other frameworks often borrow
from ISO 27001 or other industry-specific guidelines.

ITIL, the widely adopted service management framework, has a
dedicated component called Information Security Management (ISM).
The goal of ISM is to align IT and business security to ensure InfoSec
is effectively managed in all activities.
COBIT, another IT-focused framework, spends significant time on how
asset management and configuration management are foundational to
information security as well as nearly every other ITSM function—even
those unrelated to InfoSec.
ISMS security controls:-
ISMS security controls span multiple domains of information security
as specified in the ISO 27001 standard. The catalog contains practical
guidelines with the following objectives:

Information security policies. An overall direction and support help
establish appropriate security policies. The security policy is unique to
your company, devised in context of your changing business and
security needs.
Organization of information security. This addresses threats and risks
within the corporate network, including cyberattacks from external
entities, inside threats, system malfunctions, and data loss.
Asset management. This component covers organizational assets
within and beyond the corporate IT network., which may involve the
exchange of sensitive business information.
Human resource security. Policies and controls pertaining to your
personnel, activities, and human errors, including measures to reduce
risk from insider threats and workforce training to reduce
unintentional security lapses.
Physical and environmental security. These guidelines cover security
measures to protect physical IT hardware from damage, loss, or
unauthorized access. While many organizations are taking advantage
of digital transformation and maintaining sensitive information in
secure cloud networks off-premise, security of physical devices used to
access that information must be considered.
Communications and operations management. Systems must be
operated with respect and maintenance to security policies and
controls. Daily IT operations, such as service provisioning and
problem management, should follow IT security policies and ISMS
controls.
Access control. This policy domain deals with limiting access to
authorized personnel and monitoring network traffic for anomalous
behavior. Access permissions relate to both digital and physical
mediums of technology. The roles and responsibilities of individuals
should be well defined, with access to business information available
only when necessary.
Information system acquisition, development, and maintenance.
Security best practices should be maintained across the entire lifecycle
of the IT system, including the phases of acquisition, development, and
maintenance.
Information security and incident management. Identify and resolve IT
issues in ways that minimize the impact to end users. In complex
network infrastructure environments, advanced technology solutions
may be required to identify insightful incident metrics and proactively
mitigate potential issues.
Business continuity management. Avoid interruptions to business
processes whenever possible. Ideally, any disaster situation is followed
immediately by recovery and procedures to minimize damage.
Compliance. Security requirements must be enforced per regulatory
bodies.
Cryptography. Among the most important and effective controls to
protect sensitive information, it is not a silver bullet on its own.
Therefore, ISMS govern how cryptographic controls are enforced and
managed.
Supplier relationships. Third-party vendors and business partners may
require access to the network and sensitive customer data. It may not
be possible to enforce security controls on some suppliers. However,
adequate controls should be adopted to mitigate potential risks through
IT security policies and contractual obligations.
These components and domains offer general best practices towards
InfoSec success. Though these may vary subtly from one framework to
another, considering and aligning with these domains will provide
much in the way of information security.

Key Features of an ISMS:

Risk Assessment: An ISMS includes a systematic evaluation of
potential security risks to identify vulnerabilities and prioritize
mitigation measures.
Policies and Procedures: Establishing clear and comprehensive
security policies and procedures that outline specific security
measures, access controls, and acceptable usage guidelines.
Asset Management: Identifying and classifying organizational assets
(hardware, software, data) to effectively allocate resources and protect
critical information.
Access Control: Implementing measures to prevent unauthorized
access to information and resources through user authentication, role-
based permissions, and regular review of user access rights.
Incident Management: Developing a process to detect, respond to,
and recover from security incidents, ensuring business continuity and
limiting the impact of any breach.
Internal Audits: Regularly conducting internal audits to assess the
effectiveness of security controls, identify areas for improvement, and
ensure compliance with security policies.
Training and Awareness: Educating employees on security best
practices, potential risks, and their roles and responsibilities in
maintaining information security.
Continuous Improvement: Establishing a culture of continual
improvement by regularly reviewing and updating security measures
based on changing threats, new technologies, and industry best
practices.
External audits and certification: Seeking certification from
independent certification bodies validates the effectiveness of the
organization's security management system and demonstrates
compliance with international standards such as ISO 27001.
Scope of the article
Scope of the Article: Exploring the Key Features of an ISMS

In today's digital age, where security risks and threats are prevalent,
organizations need to prioritize safeguarding their valuable
information from unauthorized access and cyber attacks. This is where
an Information Security Management System (ISMS) plays a pivotal
role. The purpose of this article is to delve into the key features of an
ISMS and shed light on how it helps organizations address security
risks and meet compliance requirements.
An ISMS is a comprehensive framework that ensures the
confidentiality, integrity, and availability of an organization's
information. It goes beyond implementing security measures and
focuses on establishing a proactive approach to manage and mitigate
risks effectively. By adopting an ISMS, organizations can implement a
systematic evaluation of potential security risks, identify
vulnerabilities, and prioritize measures to counteract them. This risk
assessment is a crucial first step towards developing robust security
measures.

Furthermore, an ISMS facilitates the establishment of clear and
comprehensive security policies and procedures. These guidelines
outline specific security measures, access controls, and acceptable
usage guidelines that all employees must adhere to. By doing so,
organizations can enforce access control policies and prevent
unauthorized access to sensitive information, ensuring that only
authorized personnel can access relevant resources.

Another essential feature of an ISMS is incident management. It helps
organizations develop a process to detect, respond to, and recover from
security incidents swiftly. By having a well-defined incident
management process, organizations can ensure business continuity,
limit the impact of any security breach, and effectively minimize the
damage caused.

Additionally, an ISMS includes regular internal audits to assess the
effectiveness of the implemented security controls. These audits help
organizations identify areas for improvement and ensure compliance
with security policies and standards. By conducting comprehensive
internal audits, organizations can proactively identify and address any
potential weaknesses and enhance their security posture.
Security management
Security management is a critical aspect of any organization's
operations in today's digital age. With the increasing frequency and
complexity of cyber attacks, organizations must prioritize safeguarding
their valuable information from unauthorized access and breaches.
Effective security management involves implementing security
measures, establishing clear policies and procedures, conducting
regular audits, and having a proactive incident management process
in place. In this article, we will explore the key features of security
management and how they help organizations address security risks,
meet compliance requirements, and ensure the confidentiality,
integrity, and availability of their information.

Security measures
Implementing effective security measures is crucial to protect the
confidentiality, integrity, and availability of an organization's
information assets. The ISO 27001 standard provides practical
guidelines to establish and maintain an Information Security
Management System (ISMS).
The first key feature is the development and implementation of
information security policies. These policies help define the
organization's approach to managing information security and provide
a framework for action. They should be regularly reviewed and
updated to address evolving risks and compliance requirements.
Asset management is another important aspect. Organizations need to
identify their information assets, assess their value, and implement
appropriate security measures to protect them. This includes
conducting regular inventories, classifying assets based on their
criticality, and implementing safeguards such as data encryption and
backup procedures.
Access control is a critical security measure to ensure that only
authorized individuals can access sensitive information. It involves
implementing strong authentication mechanisms, role-based access
controls, and regular user access reviews.
ISO 27001 also emphasizes the importance of physical and
environmental security. Organizations should implement physical
controls such as access control systems, surveillance cameras, and
secure storage areas for sensitive information.
Regularly monitoring and managing security incidents is essential.
Organizations should establish incident management procedures to
detect, respond to, and recover from security incidents promptly.
Ensuring compliance with legal and regulatory requirements is a key
obligation. Compliance requirements should be regularly assessed,
and appropriate measures implemented to meet these obligations.
Implementing these key security measures as per the ISO 27001
standard enables organizations to establish a robust ISMS that
effectively mitigates risks and protects their valuable information
assets.

Access control policies:-
Access control policies play a crucial role in an Information Security
Management System (ISMS) as they establish rules and procedures to
govern who can access and use an organization's information assets.
Implementing effective access control policies is essential to limit
access to authorized personnel and protect sensitive data from
unauthorized access and potential security breaches.
Access control policies should include mechanisms for strong
authentication, such as password complexity requirements, two-factor
authentication, or biometric identification. These measures ensure that
only authorized individuals can gain access to the organization's
systems and data.
Monitoring network traffic is another vital aspect of access control. By
implementing monitoring tools, organizations can analyze network
traffic patterns, identify potential threats or unusual activities, and take
action to prevent security breaches. This constant monitoring and
analysis provide real-time protection against unauthorized access
attempts and enhance the organization's ability to respond to security
incidents promptly.
It is equally important to establish well-defined roles and
responsibilities for both digital and physical mediums of technology.
By clearly stating who has access to certain systems or areas,
organizations can ensure that access is limited to only those who
require it to perform their duties. This helps minimize the risk of insider
threats and unauthorized access attempts.

Unauthorized access:-
Unauthorised access refers to unauthorized individuals gaining entry
into an Information Security Management System (ISMS) or its
associated resources without proper authorization. This could result in
severe implications for an organization's information security and
overall operations.
The implications of unauthorised access can be significant. It can lead
to data breaches, loss or theft of sensitive information, sabotage, or
disruption of services. Unauthorised access can also compromise the
integrity and confidentiality of data, affecting an organization's
reputation and customer trust.
To prevent unauthorised access, several measures can be implemented
within an ISMS. One key measure is establishing robust access control
policies. These policies define who can access specific systems, data,
or physical areas, and under what circumstances. Access control
policies should incorporate mechanisms for strong authentication,
such as password complexity requirements, two-factor authentication,
or biometric identification.
Furthermore, organizations should regularly review and update their
access control policies to align with changing security requirements.
Implementing continuous monitoring and analysis of network traffic
patterns is also essential. This allows for the detection of potential
threats or unusual activities, facilitating proactive prevention of
security breaches.
Training employees on security best practices, conducting regular
internal audits, and ensuring compliance with regulatory and
contractual requirements are additional prevention measures that can
mitigate the risk of unauthorised access.

Risk assessment:-
When conducting a risk assessment for an ISMS implementation, there
are several key factors that need to be considered. One important factor
is the ISO/IEC 27001 standard, which provides a framework for
establishing, implementing, maintaining, and continually improving an
ISMS. This standard outlines specific requirements that organizations
must meet to effectively manage their information security risks.
In conducting a risk assessment, it is crucial to evaluate both internal
and external drivers for the ISMS initiative. Internal drivers can
include the organization's goals, objectives, and strategies, as well as
its internal resources and capabilities. External drivers, on the other
hand, can include legal, regulatory, and industry requirements, as well
as the expectations of customers, suppliers, and other stakeholders.
Another crucial aspect of a risk assessment is considering the interests
of internal and external parties. This means identifying and
understanding the concerns, needs, and expectations of stakeholders,
and ensuring that these are taken into account when defining the scope
and objectives of the ISMS. Additionally, it is important to recognize
the impact of internal and external interfaces and dependencies on the
ISMS. This involves evaluating the relationships and interactions
between different parts of the organization, as well as between the
organization and its external partners, suppliers, and customers.

Vast majority:-
The vast majority of organizations today face numerous security risks
and compliance requirements. To effectively manage these challenges,
implementing an Information Security Management System (ISMS) is
crucial. An ISMS is a framework of policies, processes, and controls
that helps organizations protect their information assets and address
security risks.
Key features of an ISMS include comprehensive security measures to
safeguard sensitive information. These measures can include technical
controls like firewalls, encryption, and intrusion detection systems, as
well as physical controls like CCTV monitoring and access control
policies. By implementing these measures, organizations can prevent
unauthorized access to their systems and data.
Another important feature of an ISMS is conducting regular risk
assessments. This involves identifying potential threats and
vulnerabilities and assessing their potential impact on the
organization. By understanding these risks, organizations can develop
appropriate controls and mitigation strategies to minimize their
impact.
Security policies are also essential components of an ISMS. These
policies outline the organization's approach to information security
and define the responsibilities of individuals within the organization.
By establishing clear policies, organizations can ensure consistency
and adherence to security protocols.
Asset management practices are equally important within an ISMS.
This involves identifying and categorizing organizational assets, such
as data, systems, and physical resources, and implementing measures
to protect them. Asset management helps organizations prioritize their
security efforts and allocate resources effectively.
Implementing an ISMS with seriousness and commitment is crucial. It
offers numerous benefits, including enhanced security, compliance
with legal and regulatory requirements, protection against cyber
attacks, improved business continuity planning, and increased
customer trust. By effectively managing risks and protecting
organizational assets, an ISMS provides a solid foundation for overall
security and helps organizations navigate the constantly evolving
security landscape.

Security policies:-
Security policies are an integral component of an Information Security
Management System (ISMS). These policies are the documented
guidelines and procedures that outline how an organization will
protect its information assets. They provide a framework for ensuring
the confidentiality, integrity, and availability of sensitive information.

Common security policies in an ISMS include:
Password Management:- This policy governs the creation, usage, and
storage of passwords. It outlines best practices for creating strong and
unique passwords, as well as guidelines for securely storing and
changing passwords.
Data Classification:- This policy defines how data should be classified
based on its sensitivity and criticality. It establishes rules for handling,
storing, transmitting, and disposing of different types of data.
Incident Response:- This policy outlines the procedures to be followed
in the event of a security incident or breach. It details the steps to be
taken to mitigate the impact, investigate the incident, and restore
normal operations.
Regular review and updates of security policies are crucial to ensure
they remain effective in the face of evolving security threats and
organizational needs. As the threat landscape continues to evolve, new
risks and vulnerabilities emerge. Therefore, security policies must be
revised and updated to address these changes and provide adequate
protection.

Asset management:-
Asset management is a key component of an Information Security
Management System (ISMS) and involves the effective management
and protection of organizational assets. The ISM code, which stands
for the International Safety Management Code, emphasizes the
company's responsibility for managing and documenting the
responsibilities and authority of those involved in asset management.

One of the key features of asset management in an ISMS is the
documentation of all assets owned or used by the organization. This
includes hardware, software, data, and physical assets. Documentation
should include details such as asset location, ownership, value, and
criticality to the organization's operations. This helps in identifying and
prioritizing assets that require protection and supports effective
decision-making.
Another feature is the implementation of specific measures and
processes to effectively manage and protect organizational assets. This
includes conducting risk assessments to identify potential threats and
vulnerabilities, implementing access control policies to prevent
unauthorized access, regularly conducting internal audits to assess the
effectiveness of asset management practices, and establishing physical
controls to secure assets against theft, loss, or damage.
Providing support and resources is also important to ensure the
effective functioning and safety of the assets. This includes regular
training and awareness programs for staff to understand their roles
and responsibilities in asset management, ensuring adequate funding
and resources are allocated for asset protection measures, and
establishing a culture of continual improvement to adapt to evolving
security threats.

Effective Risk management:-
Effective risk management is crucial in ensuring the smooth and safe
operations of any organization. In the context of safety management
certificates and management packs, there are key components and
strategies that contribute to effective risk management.
First and foremost, risk assessment plays a critical role in identifying
and mitigating security risks. Through a systematic evaluation of
potential threats and vulnerabilities, organizations can determine the
likelihood and impact of various risks. This enables them to prioritize
their efforts and allocate resources effectively.
When implementing effective risk management practices, there are
several key actions and considerations to keep in mind. These include
developing and implementing robust security measures to prevent or
minimize the impact of security risks. This may involve establishing
access control policies, implementing physical controls, and regularly
conducting audits to ensure compliance with security requirements.
Furthermore, continuous improvement is vital in risk management
processes. With the ever-evolving security landscape, organizations
must constantly review and update their risk management strategies to
address emerging threats. This involves monitoring changes in
regulations and compliance requirements, staying informed about the
latest security technologies and best practices, and actively seeking
feedback from stakeholders.
By adopting effective risk management practices, organizations can
better protect their assets, mitigate security risks, and ultimately ensure
the safety of their personnel and operations. This not only helps in
obtaining safety management certificates and management packs but
also contributes to the overall success and resilience of the
organization.
Compliance requirements:-
Compliance requirements for an ISMS (Information Security
Management System) play a crucial role in ensuring the security and
integrity of organizational assets. In the maritime industry, these
requirements are established by the International Maritime
Organization (IMO) through guidelines such as Maritime Safety
Committee (MSC) circular 1059 and Marine Environment Protection
Committee (MEPC) circular 401.
One key aspect of compliance is the handling of major non-
conformities within the ISMS. Major non-conformities refer to
significant deviations from the established security management
practices. When a major non-conformity is identified, organizations
must initiate the downgrading process, which involves reducing the
status of their ISMS certification.
To address major non-conformities, organizations must take timely
corrective actions within a specified time frame. This requires
identifying the root causes of the non-conformity and implementing
appropriate measures to rectify the issues. Failure to comply with these
corrective actions can lead to serious consequences, including the
withdrawal of the Safety Management Certificate.
To ensure compliance with ISMS requirements and effectively handle
major non-conformities, organizations should closely follow the
guidelines provided by IMO's MSC circ 1059 and MEPC circ 401.
These guidelines provide detailed instructions and recommendations
on how to establish and maintain an effective ISMS, including
procedures for identifying, reporting, and addressing major non-
conformities.
By adhering to these compliance requirements and guidelines,
organizations can strengthen the security and safety of their
operations, protecting against potential risks and vulnerabilities. This
commitment to compliance ensures the continuous improvement and
effectiveness of the ISMS in an ever-evolving security landscape.
Contractual requirements:-
Contractual requirements play a crucial role in ensuring the effective
implementation of an Information Security Management System (ISMS)
within the shipping industry. These requirements, often outlined in
contracts between companies and their clients or service providers, set
the minimum standards and expectations for information security.
One key contractual requirement related to an ISMS is the compliance
with the International Safety Management (ISM) Code. The ISM Code,
developed by the International Maritime Organization (IMO), requires
shipping companies to establish an ISMS to ensure the safety of their
vessels and the protection of the environment. By complying with the
ISM Code, companies demonstrate their commitment to maintaining a
high level of information security.
The ISM Code has also changed the meaning of the Hague-Visby Rules,
an international maritime convention that governs the liability of
carriers for loss or damage to goods. Previously, carriers were only
responsible for losses resulting from their own negligence. However,
under the ISM Code, companies are made responsible for crew
negligence as well. This means that shipping companies must now
ensure that their crew members are adequately trained and that proper
safety and security measures are in place to prevent incidents.
In addition to compliance with the ISM Code, companies may also need
to obtain a Document of Compliance (DOC) from different flags and
classification societies. A DOC serves as evidence that a company's
ISMS has been audited and found to be in compliance with the required
standards. Different flags and classification societies may have their
own specific requirements for obtaining a DOC, and companies may
need to undergo regular audits to maintain their compliance status.
Legal requirements
Legal requirements related to an ISMS are defined by the International
Safety Management (ISM) Code, which holds shipping companies
responsible for shipboard operations. This code, developed by the
International Maritime Organization (IMO), has significant
implications in the shipping business.
Under the ISM Code, companies are required to define and document
the responsibilities and authority of personnel at all levels of the
organization. This ensures that everyone understands their role in
maintaining information security. By clearly outlining responsibilities,
companies can reduce the risk of unauthorized access and data
breaches.
Another key responsibility under the ISM Code is providing support
and resources for the effective functioning of the ISMS. This includes
ensuring that necessary resources, such as training and equipment, are
provided to maintain a high level of information security. Companies
must also establish and maintain procedures to respond to security
risks and incidents promptly and effectively.
The ISM Code's legal requirements emphasize the importance of a
proactive approach to information security within shipping companies.
By complying with these requirements, companies can mitigate security
risks, protect their assets, and maintain a strong reputation in the
industry. Ultimately, adherence to the ISM Code contributes to safer
and more secure shipboard operations.

Internal audits
Internal audits play a critical role in an ISMS (Information Security
Management System) as they help ensure compliance with the ISM
Code and identify areas for improvement. These audits are conducted
by internal auditors who are independent from the processes they are
auditing.
The ISM Code requires companies to conduct internal audits at
planned intervals to assess the effectiveness of their ISMS. These audits
must be objective and impartial, with auditors having the necessary
competence and knowledge of the ISMS. Auditors should be trained in
audit techniques and have sufficient understanding of the relevant
security measures and key features of the ISMS.
When conducting internal audits, auditors are responsible for
evaluating the implementation of security policies, procedures, and
controls. They review the compliance with regulatory requirements,
contractual obligations, and company policies. Auditors also assess the
effectiveness of risk management processes, access control policies,
physical controls, and business continuity plans.
Additionally, the ISM Code requires a Document of Compliance
(DOC) to be issued by an independent auditor. The DOC certifies that
a company's ISMS is in conformity with the ISM Code requirements.
This certification demonstrates that the company has implemented and
maintains an effective ISMS. It also enhances the company's reputation
and provides assurance to customers, stakeholders, and regulatory
bodies.

Key Features of an ISMS:

Risk Assessment: An ISMS includes a systematic evaluation of potential
security risks to identify vulnerabilities and prioritize mitigation
measures.
Policies and Procedures: Establishing clear and comprehensive
security policies and procedures that outline specific security
measures, access controls, and acceptable usage guidelines.
Asset Management: Identifying and classifying organizational assets
(hardware, software, data) to effectively allocate resources and protect
critical information.
Access Control: Implementing measures to prevent unauthorized
access to information and resources through user authentication, role-
based permissions, and regular review of user access rights.
Incident Management: Developing a process to detect, respond to, and
recover from security incidents, ensuring business continuity and
limiting the impact of any breach.
Internal Audits: Regularly conducting internal audits to assess the
effectiveness of security controls, identify areas for improvement, and
ensure compliance with security policies.
Training and Awareness: Educating employees on security best
practices, potential risks, and their roles and responsibilities in
maintaining information security.
Continuous Improvement: Establishing a culture of continual
improvement by regularly reviewing and updating security measures
based on changing threats, new technologies, and industry best
practices.
External audits and certification: Seeking certification from
independent certification bodies validates the effectiveness of the
organization's security management system and demonstrates
compliance with international standards such as ISO 27001.
Scope of the article
Scope of the Article: Exploring the Key Features of an ISMS

In today's digital age, where security risks and threats are prevalent,
organizations need to prioritize safeguarding their valuable
information from unauthorized access and cyber attacks. This is where
an Information Security Management System (ISMS) plays a pivotal
role. The purpose of this article is to delve into the key features of an
ISMS and shed light on how it helps organizations address security
risks and meet compliance requirements.

An ISMS is a comprehensive framework that ensures the
confidentiality, integrity, and availability of an organization's
information. It goes beyond implementing security measures and
focuses on establishing a proactive approach to manage and mitigate
risks effectively. By adopting an ISMS, organizations can implement a
systematic evaluation of potential security risks, identify
vulnerabilities, and prioritize measures to counteract them. This risk
assessment is a crucial first step towards developing robust security
measures.

Furthermore, an ISMS facilitates the establishment of clear and
comprehensive security policies and procedures. These guidelines
outline specific security measures, access controls, and acceptable
usage guidelines that all employees must adhere to. By doing so,
organizations can enforce access control policies and prevent
unauthorized access to sensitive information, ensuring that only
authorized personnel can access relevant resources.

Another essential feature of an ISMS is incident management. It helps
organizations develop a process to detect, respond to, and recover from
security incidents swiftly. By having a well-defined incident
management process, organizations can ensure business continuity,
limit the impact of any security breach, and effectively minimize the
damage caused.

Additionally, an ISMS includes regular internal audits to assess the
effectiveness of the implemented security controls. These audits help
organizations identify areas for improvement and ensure compliance
with security policies and standards. By conducting comprehensive
internal audits, organizations can proactively identify and address any
potential weaknesses and enhance their security posture.

Security management
Security management is a critical aspect of any organization's
operations in today's digital age. With the increasing frequency and
complexity of cyber attacks, organizations must prioritize safeguarding
their valuable information from unauthorized access and breaches.
Effective security management involves implementing security
measures, establishing clear policies and procedures, conducting
regular audits, and having a proactive incident management process
in place. In this article, we will explore the key features of security
management and how they help organizations address security risks,
meet compliance requirements, and ensure the confidentiality,
integrity, and availability of their information.

Security measures
Implementing effective security measures is crucial to protect the
confidentiality, integrity, and availability of an organization's
information assets. The ISO 27001 standard provides practical
guidelines to establish and maintain an Information Security
Management System (ISMS).

The first key feature is the development and implementation of
information security policies. These policies help define the
organization's approach to managing information security and provide
a framework for action. They should be regularly reviewed and
updated to address evolving risks and compliance requirements.
Asset management is another important aspect. Organizations need to
identify their information assets, assess their value, and implement
appropriate security measures to protect them. This includes
conducting regular inventories, classifying assets based on their
criticality, and implementing safeguards such as data encryption and
backup procedures.

Access control is a critical security measure to ensure that only
authorized individuals can access sensitive information. It involves
implementing strong authentication mechanisms, role-based access
controls, and regular user access reviews.

ISO 27001 also emphasizes the importance of physical and
environmental security. Organizations should implement physical
controls such as access control systems, surveillance cameras, and
secure storage areas for sensitive information.

Regularly monitoring and managing security incidents is essential.
Organizations should establish incident management procedures to
detect, respond to, and recover from security incidents promptly.

Ensuring compliance with legal and regulatory requirements is a key
obligation. Compliance requirements should be regularly assessed,
and appropriate measures implemented to meet these obligations.

Implementing these key security measures as per the ISO 27001
standard enables organizations to establish a robust ISMS that
effectively mitigates risks and protects their valuable information
assets.
Access control policies
Access control policies play a crucial role in an Information Security
Management System (ISMS) as they establish rules and procedures to
govern who can access and use an organization's information assets.
Implementing effective access control policies is essential to limit
access to authorized personnel and protect sensitive data from
unauthorized access and potential security breaches.

Access control policies should include mechanisms for strong
authentication, such as password complexity requirements, two-factor
authentication, or biometric identification. These measures ensure that
only authorized individuals can gain access to the organization's
systems and data.

Monitoring network traffic is another vital aspect of access control. By
implementing monitoring tools, organizations can analyze network
traffic patterns, identify potential threats or unusual activities, and take
action to prevent security breaches. This constant monitoring and
analysis provide real-time protection against unauthorized access
attempts and enhance the organization's ability to respond to security
incidents promptly.

It is equally important to establish well-defined roles and
responsibilities for both digital and physical mediums of technology.
By clearly stating who has access to certain systems or areas,
organizations can ensure that access is limited to only those who
require it to perform their duties. This helps minimize the risk of insider
threats and unauthorized access attempts.

Unauthorised access
Unauthorised access refers to unauthorized individuals gaining entry
into an Information Security Management System (ISMS) or its
associated resources without proper authorization. This could result in
severe implications for an organization's information security and
overall operations.

The implications of unauthorised access can be significant. It can lead
to data breaches, loss or theft of sensitive information, sabotage, or
disruption of services. Unauthorised access can also compromise the
integrity and confidentiality of data, affecting an organization's
reputation and customer trust.

To prevent unauthorised access, several measures can be implemented
within an ISMS. One key measure is establishing robust access control
policies. These policies define who can access specific systems, data,
or physical areas, and under what circumstances. Access control
policies should incorporate mechanisms for strong authentication,
such as password complexity requirements, two-factor authentication,
or biometric identification.

Furthermore, organizations should regularly review and update their
access control policies to align with changing security requirements.
Implementing continuous monitoring and analysis of network traffic
patterns is also essential. This allows for the detection of potential
threats or unusual activities, facilitating proactive prevention of
security breaches.

Training employees on security best practices, conducting regular
internal audits, and ensuring compliance with regulatory and
contractual requirements are additional prevention measures that can
mitigate the risk of unauthorised access.
Risk assessment
When conducting a risk assessment for an ISMS implementation, there
are several key factors that need to be considered. One important factor
is the ISO/IEC 27001 standard, which provides a framework for
establishing, implementing, maintaining, and continually improving an
ISMS. This standard outlines specific requirements that organizations
must meet to effectively manage their information security risks.

In conducting a risk assessment, it is crucial to evaluate both internal
and external drivers for the ISMS initiative. Internal drivers can
include the organization's goals, objectives, and strategies, as well as
its internal resources and capabilities. External drivers, on the other
hand, can include legal, regulatory, and industry requirements, as well
as the expectations of customers, suppliers, and other stakeholders.

Another crucial aspect of a risk assessment is considering the interests
of internal and external parties. This means identifying and
understanding the concerns, needs, and expectations of stakeholders,
and ensuring that these are taken into account when defining the scope
and objectives of the ISMS. Additionally, it is important to recognize
the impact of internal and external interfaces and dependencies on the
ISMS. This involves evaluating the relationships and interactions
between different parts of the organization, as well as between the
organization and its external partners, suppliers, and customers.

Vast majority
The vast majority of organizations today face numerous security risks
and compliance requirements. To effectively manage these challenges,
implementing an Information Security Management System (ISMS) is
crucial. An ISMS is a framework of policies, processes, and controls
that helps organizations protect their information assets and address
security risks.

Key features of an ISMS include comprehensive security measures to
safeguard sensitive information. These measures can include technical
controls like firewalls, encryption, and intrusion detection systems, as
well as physical controls like CCTV monitoring and access control
policies. By implementing these measures, organizations can prevent
unauthorized access to their systems and data.

Another important feature of an ISMS is conducting regular risk
assessments. This involves identifying potential threats and
vulnerabilities and assessing their potential impact on the
organization. By understanding these risks, organizations can develop
appropriate controls and mitigation strategies to minimize their
impact.

Security policies are also essential components of an ISMS. These
policies outline the organization's approach to information security
and define the responsibilities of individuals within the organization.
By establishing clear policies, organizations can ensure consistency
and adherence to security protocols.

Asset management practices are equally important within an ISMS.
This involves identifying and categorizing organizational assets, such
as data, systems, and physical resources, and implementing measures
to protect them. Asset management helps organizations prioritize their
security efforts and allocate resources effectively.

Implementing an ISMS with seriousness and commitment is crucial. It
offers numerous benefits, including enhanced security, compliance
with legal and regulatory requirements, protection against cyber
attacks, improved business continuity planning, and increased
customer trust. By effectively managing risks and protecting
organizational assets, an ISMS provides a solid foundation for overall
security and helps organizations navigate the constantly evolving
security landscape.

Security policies
Security policies are an integral component of an Information Security
Management System (ISMS). These policies are the documented
guidelines and procedures that outline how an organization will
protect its information assets. They provide a framework for ensuring
the confidentiality, integrity, and availability of sensitive information.

Common security policies in an ISMS include:

Password Management: This policy governs the creation, usage, and
storage of passwords. It outlines best practices for creating strong and
unique passwords, as well as guidelines for securely storing and
changing passwords.
Data Classification: This policy defines how data should be classified
based on its sensitivity and criticality. It establishes rules for handling,
storing, transmitting, and disposing of different types of data.
Incident Response: This policy outlines the procedures to be followed
in the event of a security incident or breach. It details the steps to be
taken to mitigate the impact, investigate the incident, and restore
normal operations.
Regular review and updates of security policies are crucial to ensure
they remain effective in the face of evolving security threats and
organizational needs. As the threat landscape continues to evolve, new
risks and vulnerabilities emerge. Therefore, security policies must be
revised and updated to address these changes and provide adequate
protection.

Asset management
Asset management is a key component of an Information Security
Management System (ISMS) and involves the effective management
and protection of organizational assets. The ISM code, which stands
for the International Safety Management Code, emphasizes the
company's responsibility for managing and documenting the
responsibilities and authority of those involved in asset management.

One of the key features of asset management in an ISMS is the
documentation of all assets owned or used by the organization. This
includes hardware, software, data, and physical assets. Documentation
should include details such as asset location, ownership, value, and
criticality to the organization's operations. This helps in identifying and
prioritizing assets that require protection and supports effective
decision-making.

Another feature is the implementation of specific measures and
processes to effectively manage and protect organizational assets. This
includes conducting risk assessments to identify potential threats and
vulnerabilities, implementing access control policies to prevent
unauthorized access, regularly conducting internal audits to assess the
effectiveness of asset management practices, and establishing physical
controls to secure assets against theft, loss, or damage.

Providing support and resources is also important to ensure the
effective functioning and safety of the assets. This includes regular
training and awareness programs for staff to understand their roles
and responsibilities in asset management, ensuring adequate funding
and resources are allocated for asset protection measures, and
establishing a culture of continual improvement to adapt to evolving
security threats.

Effective Risk management
Effective risk management is crucial in ensuring the smooth and safe
operations of any organization. In the context of safety management
certificates and management packs, there are key components and
strategies that contribute to effective risk management.

First and foremost, risk assessment plays a critical role in identifying
and mitigating security risks. Through a systematic evaluation of
potential threats and vulnerabilities, organizations can determine the
likelihood and impact of various risks. This enables them to prioritize
their efforts and allocate resources effectively.

When implementing effective risk management practices, there are
several key actions and considerations to keep in mind. These include
developing and implementing robust security measures to prevent or
minimize the impact of security risks. This may involve establishing
access control policies, implementing physical controls, and regularly
conducting audits to ensure compliance with security requirements.

Furthermore, continuous improvement is vital in risk management
processes. With the ever-evolving security landscape, organizations
must constantly review and update their risk management strategies to
address emerging threats. This involves monitoring changes in
regulations and compliance requirements, staying informed about the
latest security technologies and best practices, and actively seeking
feedback from stakeholders.
By adopting effective risk management practices, organizations can
better protect their assets, mitigate security risks, and ultimately ensure
the safety of their personnel and operations. This not only helps in
obtaining safety management certificates and management packs but
also contributes to the overall success and resilience of the
organization.

Compliance requirements
Compliance requirements for an ISMS (Information Security
Management System) play a crucial role in ensuring the security and
integrity of organizational assets. In the maritime industry, these
requirements are established by the International Maritime
Organization (IMO) through guidelines such as Maritime Safety
Committee (MSC) circular 1059 and Marine Environment Protection
Committee (MEPC) circular 401.

One key aspect of compliance is the handling of major non-
conformities within the ISMS. Major non-conformities refer to
significant deviations from the established security management
practices. When a major non-conformity is identified, organizations
must initiate the downgrading process, which involves reducing the
status of their ISMS certification.

To address major non-conformities, organizations must take timely
corrective actions within a specified time frame. This requires
identifying the root causes of the non-conformity and implementing
appropriate measures to rectify the issues. Failure to comply with these
corrective actions can lead to serious consequences, including the
withdrawal of the Safety Management Certificate.
To ensure compliance with ISMS requirements and effectively handle
major non-conformities, organizations should closely follow the
guidelines provided by IMO's MSC circ 1059 and MEPC circ 401.
These guidelines provide detailed instructions and recommendations
on how to establish and maintain an effective ISMS, including
procedures for identifying, reporting, and addressing major non-
conformities.

By adhering to these compliance requirements and guidelines,
organizations can strengthen the security and safety of their
operations, protecting against potential risks and vulnerabilities. This
commitment to compliance ensures the continuous improvement and
effectiveness of the ISMS in an ever-evolving security landscape.

Contractual requirements
Contractual requirements play a crucial role in ensuring the effective
implementation of an Information Security Management System (ISMS)
within the shipping industry. These requirements, often outlined in
contracts between companies and their clients or service providers, set
the minimum standards and expectations for information security.

One key contractual requirement related to an ISMS is the compliance
with the International Safety Management (ISM) Code. The ISM Code,
developed by the International Maritime Organization (IMO), requires
shipping companies to establish an ISMS to ensure the safety of their
vessels and the protection of the environment. By complying with the
ISM Code, companies demonstrate their commitment to maintaining a
high level of information security.

The ISM Code has also changed the meaning of the Hague-Visby Rules,
an international maritime convention that governs the liability of
carriers for loss or damage to goods. Previously, carriers were only
responsible for losses resulting from their own negligence. However,
under the ISM Code, companies are made responsible for crew
negligence as well. This means that shipping companies must now
ensure that their crew members are adequately trained and that proper
safety and security measures are in place to prevent incidents.

In addition to compliance with the ISM Code, companies may also need
to obtain a Document of Compliance (DOC) from different flags and
classification societies. A DOC serves as evidence that a company's
ISMS has been audited and found to be in compliance with the required
standards. Different flags and classification societies may have their
own specific requirements for obtaining a DOC, and companies may
need to undergo regular audits to maintain their compliance status.

Legal requirements
Legal requirements related to an ISMS are defined by the International
Safety Management (ISM) Code, which holds shipping companies
responsible for shipboard operations. This code, developed by the
International Maritime Organization (IMO), has significant
implications in the shipping business.

Under the ISM Code, companies are required to define and document
the responsibilities and authority of personnel at all levels of the
organization. This ensures that everyone understands their role in
maintaining information security. By clearly outlining responsibilities,
companies can reduce the risk of unauthorized access and data
breaches.

Another key responsibility under the ISM Code is providing support
and resources for the effective functioning of the ISMS. This includes
ensuring that necessary resources, such as training and equipment, are
provided to maintain a high level of information security. Companies
must also establish and maintain procedures to respond to security
risks and incidents promptly and effectively.

The ISM Code's legal requirements emphasize the importance of a
proactive approach to information security within shipping companies.
By complying with these requirements, companies can mitigate security
risks, protect their assets, and maintain a strong reputation in the
industry. Ultimately, adherence to the ISM Code contributes to safer
and more secure shipboard operations.

Internal audits
Internal audits play a critical role in an ISMS (Information Security
Management System) as they help ensure compliance with the ISM
Code and identify areas for improvement. These audits are conducted
by internal auditors who are independent from the processes they are
auditing.

The ISM Code requires companies to conduct internal audits at
planned intervals to assess the effectiveness of their ISMS. These audits
must be objective and impartial, with auditors having the necessary
competence and knowledge of the ISMS. Auditors should be trained in
audit techniques and have sufficient understanding of the relevant
security measures and key features of the ISMS.

When conducting internal audits, auditors are responsible for
evaluating the implementation of security policies, procedures, and
controls. They review the compliance with regulatory requirements,
contractual obligations, and company policies. Auditors also assess the
effectiveness of risk management processes, access control policies,
physical controls, and business continuity plans.

Additionally, the ISM Code requires a Document of Compliance
(DOC) to be issued by an independent auditor. The DOC certifies that
a company's ISMS is in conformity with the ISM Code requirements.
This certification demonstrates that the company has implemented and
maintains an effective ISMS. It also enhances the company's reputation
and provides assurance to customers, stakeholders, and regulatory
bodies.

Useful References

Official Guides
What is an ISMS?
What standards should we follow?
What are the benefits of ISMS?
What are the best practices for ISMS?
What are the steps to implement ISMS?
Answers
What is ISMS management system?
What is the difference between ISMS and ISO 27001?
How many ISMS controls are there?
How many domains are there in ISMS?
What are the 3 ISMS security objectives?
Implementation of the measures from Annex A in the current version is
supported by the identically structured implementation guidance of
ISO/IEC 27002:2022, which was already updated in February.
Generic controls for strategic attack prevention and faster detection
are newly included.

Three new controls for detection and prevention
The now 93 measures in Annex A of ISO/IEC 27001:2022 are now
reorganized under the update into four topics

Organizational measures,
Personal measures,
Physical measures and
Technological measures.
Three of the eleven newly introduced information security controls
relate to the prevention and timely detection of cyber attacks. These
three controls are

5.7 Threat intelligence (organizational).
8.16 Monitoring activities (technological)
8.23 Web filtering (technological).
Below we will take a closer look at these 3 new controls.
Threat intelligence
Organizational control 5.7 deals with the systematic collection and
analysis of information about relevant threats. The purpose of the
measure is to make organizations aware of their own threat situation
so that they can subsequently take appropriate action to mitigate the
risk. Threat data should be analyzed in a structured manner according
to three aspects: strategic, tactical and operational.

Cyber attacks remain undetected for too long
The eminent value of information and data in the 21st century business
world is increasingly forcing companies and organizations to focus on
information security and invest in the systematic protection of their
digital assets. Why? In dynamic threat landscapes, attackers' tactics
are becoming increasingly sophisticated and multi-layered - resulting
in serious damage to the image and reputation of affected companies
and billions of dollars in annual economic losses worldwide.

Experts agree that there is no longer complete protection against
cyberattacks - if only because of the human factor of uncertainty. This
makes early detection of potential and actual attacks all the more
important in order to limit their lateral vector in corporate networks
and keep the number of compromisable systems as low as possible. But
there is still a huge amount of catching up to do in this area: research
conducted as part of IBM's "Cost of a data breach 2022" study shows
that it took an average of 277 days to detect and contain an attack in
2022.

The new ISO 27001:2022
To assist companies and organizations with a contemporary,
standardized framework for information security management systems,
ISO published the new ISMS standard ISO/IEC 27001:2022 on
October 25, 2022. Annex A provides controls/measures that can be
used on a company-specific basis to address information security risks.

Strategic threat analysis provides insights into changing threat
landscapes, such as attack types and the actors, e.g., state-motivated
actors, cybercriminals, contract attackers, hacktivists. National and
international government agencies (such as BSI - German Federal
Office for Information Security, enisa - European Union Agency for
Cybersecurity, U.S. Department of Homeland Security or NIST -
National Institute of Standards and Technology), as well as non-profit
organizations and relevant forums, provide well-researched threat
intelligence across all industries and critical infrastructures.

In order to detect this unusual behavior, relevant activities must be
monitored in accordance with business and information security
requirements and any anomalies must be compared with existing threat
data, among other things (see above, requirement 5.7). The following
aspects are relevant to the monitoring system:

Inbound and outbound network, system and application traffic,
Access to systems, servers, network equipment, monitoring systems,
critical applications, etc...,
System and network configuration files at the administrative or
mission-critical level;
Security tool logs [e.g., antivirus, intrusion detection systems (IDS),
intrusion prevention system (IPS), web filters, firewalls, data leakage
prevention],
Event logs related to system and network activities,
Verification that executable code in a system has integrity and
authorization,
Resource usage, e.g., processor power, disk capacity, memory usage,
bandwidths.
The basic requirements for a functioning monitoring of activities are a
cleanly and transparently configured IT/OT infrastructure and
properly functioning IT/OT networks. Any change against this basic
state is detected as a potential threat to functionality and thus as an
anomaly. Depending on the complexity of an infrastructure,
implementing this measure is a major challenge despite relevant
vendor solutions. The importance of systems for anomaly detection was
recognized almost simultaneously with requirement 8.16 of ISO/IEC
27002:2022 for operators of so-called critical infrastructures. Thus, in
the national scope of relevant, legal regulations, there is an obligation
for these to effectively apply so-called systems for attack detection with
deadlines.

Web filtering
The Internet is both a blessing and a curse. Access to dubious websites
continues to be a gateway for malicious content and malware. The
information security control 8.23 Web filtering has the preventive
purpose of protecting an organization's own systems from malware
intrusion and preventing access to unauthorized web resources.
Organizations should establish rules for safe and appropriate use of
online resources for this purpose - including mandatory access
restrictions to unwanted or inappropriate websites and web-based
applications. Access to the following types of websites should be
blocked by the organization:

Websites that have an upload feature - unless this would be necessary
for legitimate, business reasons,
Known or even suspected malicious websites,
Command and control servers,
Malicious websites identified as such from the threat data (see also
measure 5.7),
Websites with illegal content.
The web filtering measure only really works with trained personnel
who are sufficiently aware of the safe and appropriate use of online
resources.

Tactical threat intelligence and its evaluation provide assessments of
attackers' methods, tools, and technologies.

Operational evaluation of specific threats provides detailed
information on specific attacks, including technical indicators, e.g.,
currently the extreme increase in cyber attacks by ransomware and its
variants in 2022.

Threat analysis can provide support in the following ways:

Procedurally to integrate threat data into the risk management
process,
Technically preventive and detection, e.g. by updating firewall rules,
intrusion detection systems (IDS), anti-malware solutions,
With input information for specific test procedures and test techniques
against information security.
The data quality from organizational control 5.7 for determining the
threat situation and analyzing it directly affects the two technical
controls for monitoring activities (8.16) and web filtering (8.23)
discussed below, which are also new to ISO/IEC 27002.
Monitoring activities
Detective and corrective information security control 8.16 on technical
monitoring of activities focuses on anomaly detection as a method for
averting threats. Networks, systems, and applications behave
according to expected patterns, such as data throughput, protocols,
messages, and so on. Any change or deviation from these expected
patterns is detected as an anomaly.