Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
clear tags
93 barriers — page 2 of 2
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| 7.14 – Secure Disposal or Re-use of Equipment | prevention | Physical | Verify that sensitive data and licensed software have been removed or securely overwritten before di… | Edit | |
| 7.2 – Physical Entry | prevention | Physical | Secure and control access to areas containing sensitive information and information processing facil… | Edit | |
| 7.3 – Securing Offices, Rooms and Facilities | prevention | Physical | Design and apply physical security for offices, rooms, and facilities. Sensitive areas shall not be … | Edit | |
| 7.4 – Physical Security Monitoring | prevention | Physical | Continuously monitor premises for unauthorised physical access using surveillance systems, intrusion… | Edit | |
| 7.5 – Protecting Against Physical and Environmental Threats | prevention | Physical | Design and implement protection against physical and environmental threats such as natural disasters… | Edit | |
| 7.6 – Working in Secure Areas | prevention | Physical | Design and apply procedures for working in secure areas. Unsupervised working in secure areas shall … | Edit | |
| 7.7 – Clear Desk and Clear Screen | prevention | Physical | Define and enforce clear desk rules for papers and removable storage media, and clear screen rules f… | Edit | |
| 7.8 – Equipment Siting and Protection | prevention | Physical | Site and protect equipment to reduce the risks from environmental threats and hazards, and the oppor… | Edit | |
| 7.9 – Security of Assets Off-Premises | prevention | Physical | Apply security to off-premises assets, taking into account the different risks of working outside th… | Edit | |
| Asset Inventory | prevention | Resource Availability | Maintain an accurate, up-to-date inventory of all information assets and associated systems, includi… | Edit | |
| Information and System Backup | mitigation | Resource Availability | Take regular backups of data, software, and system images in accordance with an agreed backup policy… | Edit | |
| Network Segmentation | prevention | Restricted Data Flow | Partition networks into security zones according to information classification, function, and trust … | Edit | |
| Malware / Malicious Code Protection | prevention | System Integrity | Employ protection mechanisms against malware at all relevant entry and exit points, including endpoi… | Edit | |
| 8.1 – User Endpoint Devices | prevention | Technological | Protect information stored on, processed by, or accessible via user endpoint devices. Policies shall… | Edit | |
| 8.10 – Information Deletion | prevention | Technological | Delete information stored in information systems, devices, and other storage media when no longer re… | Edit | |
| 8.11 – Data Masking | prevention | Technological | Use data masking in accordance with the organisation's topic-specific policy on access control and o… | Edit | |
| 8.12 – Data Leakage Prevention | prevention | Technological | Apply data leakage prevention measures to systems and networks that process, store, or transmit sens… | Edit | |
| 8.14 – Redundancy of Information Processing Facilities | mitigation | Technological | Implement redundancy sufficient to meet availability requirements for information processing facilit… | Edit | |
| 8.15 – Logging | prevention | Technological | Produce, store, protect, and analyse logs that record user activities, exceptions, faults, and infor… | Edit | |
| 8.16 – Monitoring Activities | mitigation | Technological | Monitor networks, systems, and applications for anomalous behaviour and potential information securi… | Edit | |
| 8.17 – Clock Synchronisation | prevention | Technological | Synchronise the clocks of all relevant information processing systems within the organisation to an … | Edit | |
| 8.18 – Use of Privileged Utility Programs | prevention | Technological | Restrict and tightly control the use of utility programs that might be capable of overriding system … | Edit | |
| 8.19 – Installation of Software on Operational Systems | prevention | Technological | Implement procedures and measures to securely manage software installation on operational systems. O… | Edit | |
| 8.2 – Privileged Access Rights | prevention | Technological | Restrict and control the allocation and use of privileged access rights. Privileged accounts shall b… | Edit | |
| 8.20 – Networks Security | prevention | Technological | Secure, manage, and control networks and network devices to protect information in systems and appli… | Edit | |
| 8.21 – Security of Network Services | prevention | Technological | Identify, implement, and monitor security mechanisms, service levels, and management requirements fo… | Edit | |
| 8.23 – Web Filtering | prevention | Technological | Manage access to external websites to reduce exposure to malicious content. Web filtering shall bloc… | Edit | |
| 8.25 – Secure Development Lifecycle | prevention | Technological | Establish and apply rules for the secure development of software and systems. A secure SDLC shall in… | Edit | |
| 8.26 – Application Security Requirements | prevention | Technological | Identify, specify, and approve information security requirements when developing or acquiring applic… | Edit | |
| 8.27 – Secure System Architecture and Engineering Principles | prevention | Technological | Establish, document, maintain, and apply principles for engineering secure systems. Security enginee… | Edit | |
| 8.28 – Secure Coding | prevention | Technological | Apply secure coding principles to software development to reduce the number and severity of vulnerab… | Edit | |
| 8.29 – Security Testing in Development and Acceptance | prevention | Technological | Define and implement security testing processes throughout the development lifecycle, including unit… | Edit | |
| 8.3 – Information Access Restriction | prevention | Technological | Restrict access to information and application system functions in accordance with the access contro… | Edit | |
| 8.30 – Outsourced Development | prevention | Technological | Direct, monitor, and review the activities related to outsourced system development. Contractual req… | Edit | |
| 8.31 – Separation of Development, Test and Production Environments | prevention | Technological | Separate development, testing, and operational environments to reduce the risks of unauthorised acce… | Edit | |
| 8.32 – Change Management | prevention | Technological | Subject changes to information processing facilities and information systems to formal change manage… | Edit | |
| 8.33 – Test Information | prevention | Technological | Ensure that test data is appropriately selected, protected, and managed. Sensitive operational data … | Edit | |
| 8.34 – Protection of Information Systems During Audit Testing | prevention | Technological | Plan and agree audit tests and other assurance activities involving operational systems to minimise … | Edit | |
| 8.4 – Access to Source Code | prevention | Technological | Manage access to source code, development tools, and software libraries appropriately to prevent the… | Edit | |
| 8.5 – Secure Authentication | prevention | Technological | Implement secure authentication technologies and procedures based on information access restrictions… | Edit | |
| 8.6 – Capacity Management | prevention | Technological | Monitor and adjust the use of resources to meet current and projected capacity requirements. Capacit… | Edit | |
| 8.8 – Management of Technical Vulnerabilities | prevention | Technological | Obtain timely information about technical vulnerabilities in information systems; assess the organis… | Edit | |
| 8.9 – Configuration Management | prevention | Technological | Establish, document, implement, monitor, and review configurations including security configurations… | Edit |