Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
clear tags
93 barriers — page 1 of 2
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| Use of Cryptography | prevention | Data Confidentiality | Apply cryptographic controls to protect the confidentiality and integrity of information at rest and… | Edit | |
| 5.1 – Policies for Information Security | prevention | Organizational | Define, approve, publish, and communicate a set of information security policies. Policies shall ref… | Edit | |
| 5.10 – Acceptable Use of Information and Other Associated Assets | prevention | Organizational | Identify, document, and implement rules for the acceptable use of information and assets associated … | Edit | |
| 5.11 – Return of Assets | prevention | Organizational | All personnel and external party users shall return all organisational assets in their possession up… | Edit | |
| 5.12 – Classification of Information | prevention | Organizational | Classify information according to the organisation's defined classification scheme based on confiden… | Edit | |
| 5.13 – Labelling of Information | prevention | Organizational | Develop and implement a set of procedures for information labelling in accordance with the classific… | Edit | |
| 5.14 – Information Transfer | prevention | Organizational | Implement policies, procedures, and controls to protect the transfer of information through all type… | Edit | |
| 5.15 – Access Control | prevention | Organizational | Establish, document, and review access control rules based on business and information security requ… | Edit | |
| 5.16 – Identity Management | prevention | Organizational | Manage the full lifecycle of digital identities, including allocation, maintenance, and revocation. … | Edit | |
| 5.17 – Authentication Information | prevention | Organizational | Manage authentication information — including passwords, keys, tokens, and certificates — securely t… | Edit | |
| 5.18 – Access Rights | prevention | Organizational | Provision, review, modify, and revoke access rights through a formal process that includes authorisa… | Edit | |
| 5.19 – Information Security in Supplier Relationships | prevention | Organizational | Define and implement processes and procedures to manage the information security risks associated wi… | Edit | |
| 5.2 – Information Security Roles and Responsibilities | prevention | Organizational | Define and allocate information security responsibilities in accordance with the security policy. Re… | Edit | |
| 5.20 – Addressing Information Security Within Supplier Agreements | prevention | Organizational | Establish and agree relevant information security requirements with suppliers based on the type of s… | Edit | |
| 5.21 – Managing Information Security in the ICT Supply Chain | prevention | Organizational | Define and implement processes and procedures to manage information security risks associated with t… | Edit | |
| 5.22 – Monitoring, Review and Change Management of Supplier Services | prevention | Organizational | Regularly monitor, review, and audit supplier service delivery. Changes to supplier agreements or se… | Edit | |
| 5.23 – Information Security for Use of Cloud Services | prevention | Organizational | Establish processes for the acquisition, use, management, and exit from cloud services in accordance… | Edit | |
| 5.24 – Information Security Incident Management Planning and Preparation | mitigation | Organizational | Plan and prepare for information security incident management by defining processes, roles, and resp… | Edit | |
| 5.25 – Assessment and Decision on Information Security Events | mitigation | Organizational | Assess information security events against defined criteria and decide whether they are to be classi… | Edit | |
| 5.26 – Response to Information Security Incidents | mitigation | Organizational | Respond to information security incidents in accordance with documented procedures. Responses shall … | Edit | |
| 5.27 – Learning from Information Security Incidents | mitigation | Organizational | Use knowledge gained from analysing and resolving information security incidents to reduce the likel… | Edit | |
| 5.28 – Collection of Evidence | mitigation | Organizational | Define and apply procedures for the identification, collection, acquisition, and preservation of evi… | Edit | |
| 5.29 – Information Security During Disruption | mitigation | Organizational | Plan how to maintain information security at an appropriate level during disruption. Security contro… | Edit | |
| 5.3 – Segregation of Duties | prevention | Organizational | Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unaut… | Edit | |
| 5.30 – ICT Readiness for Business Continuity | mitigation | Organizational | Plan, implement, maintain, and test ICT readiness to ensure the availability of information systems … | Edit | |
| 5.31 – Legal, Statutory, Regulatory and Contractual Requirements | prevention | Organizational | Identify, document, and keep current all legal, statutory, regulatory, and contractual requirements … | Edit | |
| 5.32 – Intellectual Property Rights | prevention | Organizational | Implement appropriate procedures to ensure compliance with legislative, regulatory, and contractual … | Edit | |
| 5.33 – Protection of Records | prevention | Organizational | Protect records from loss, destruction, falsification, and unauthorised access or release in accorda… | Edit | |
| 5.34 – Privacy and Protection of Personally Identifiable Information | prevention | Organizational | Identify and meet requirements for the preservation of privacy and protection of personally identifi… | Edit | |
| 5.35 – Independent Review of Information Security | prevention | Organizational | Conduct independent reviews of the organisation's approach to managing information security and its … | Edit | |
| 5.36 – Compliance with Policies, Rules and Standards for Information Security | prevention | Organizational | Managers shall regularly review compliance of information processing and procedures within their are… | Edit | |
| 5.37 – Documented Operating Procedures | prevention | Organizational | Maintain and make available to all users who need them documented operating procedures for all activ… | Edit | |
| 5.4 – Management Responsibilities | prevention | Organizational | Management shall require all personnel to apply information security in accordance with established … | Edit | |
| 5.5 – Contact with Authorities | mitigation | Organizational | Maintain appropriate contacts with relevant authorities such as law enforcement, regulatory bodies, … | Edit | |
| 5.6 – Contact with Special Interest Groups | prevention | Organizational | Maintain contacts with special interest groups, specialist security forums, and professional associa… | Edit | |
| 5.7 – Threat Intelligence | prevention | Organizational | Collect, analyse, and produce threat intelligence regarding information security threats to inform r… | Edit | |
| 5.8 – Information Security in Project Management | prevention | Organizational | Integrate information security into project management, regardless of the type of project. Security … | Edit | |
| 6.1 – Screening | prevention | People | Carry out background verification checks on all candidates for employment in accordance with applica… | Edit | |
| 6.2 – Terms and Conditions of Employment | prevention | People | Employment contracts shall state the employee's and the organisation's responsibilities for informat… | Edit | |
| 6.3 – Information Security Awareness, Education and Training | prevention | People | All personnel and, where relevant, contractors shall receive appropriate information security awaren… | Edit | |
| 6.4 – Disciplinary Process | mitigation | People | Implement a formal and communicated disciplinary process to take action against personnel who commit… | Edit | |
| 6.5 – Responsibilities After Termination or Change of Employment | prevention | People | Define, communicate, and enforce information security responsibilities and duties that remain valid … | Edit | |
| 6.6 – Confidentiality or Non-Disclosure Agreements | prevention | People | Identify, regularly review, and document requirements for confidentiality or non-disclosure agreemen… | Edit | |
| 6.7 – Remote Working | prevention | People | Implement security measures to protect information accessed, processed, or stored at remote working … | Edit | |
| 6.8 – Information Security Event Reporting | mitigation | People | Provide personnel with a mechanism to report observed or suspected information security events throu… | Edit | |
| 7.1 – Physical Security Perimeters | prevention | Physical | Define and implement security perimeters to protect areas containing sensitive information and infor… | Edit | |
| 7.10 – Storage Media | prevention | Physical | Manage the lifecycle of storage media in accordance with its classification and handling requirement… | Edit | |
| 7.11 – Supporting Utilities | mitigation | Physical | Protect equipment from power failures and other disruptions caused by failures in supporting utiliti… | Edit | |
| 7.12 – Cabling Security | prevention | Physical | Protect power and telecommunications cabling carrying data or supporting information services from i… | Edit | |
| 7.13 – Equipment Maintenance | prevention | Physical | Maintain equipment correctly to ensure its continued availability and integrity. Maintenance shall f… | Edit |