Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
189 barriers — page 3 of 4
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| 6.2 – Terms and Conditions of Employment | prevention | People | Employment contracts shall state the employee's and the organisation's responsibilities for informat… | Edit | |
| 6.3 – Information Security Awareness, Education and Training | prevention | People | All personnel and, where relevant, contractors shall receive appropriate information security awaren… | Edit | |
| 6.4 – Disciplinary Process | mitigation | People | Implement a formal and communicated disciplinary process to take action against personnel who commit… | Edit | |
| 6.5 – Responsibilities After Termination or Change of Employment | prevention | People | Define, communicate, and enforce information security responsibilities and duties that remain valid … | Edit | |
| 6.6 – Confidentiality or Non-Disclosure Agreements | prevention | People | Identify, regularly review, and document requirements for confidentiality or non-disclosure agreemen… | Edit | |
| 6.7 – Remote Working | prevention | People | Implement security measures to protect information accessed, processed, or stored at remote working … | Edit | |
| 6.8 – Information Security Event Reporting | mitigation | People | Provide personnel with a mechanism to report observed or suspected information security events throu… | Edit | |
| 7.1 – Physical Security Perimeters | prevention | Physical | Define and implement security perimeters to protect areas containing sensitive information and infor… | Edit | |
| 7.10 – Storage Media | prevention | Physical | Manage the lifecycle of storage media in accordance with its classification and handling requirement… | Edit | |
| 7.11 – Supporting Utilities | mitigation | Physical | Protect equipment from power failures and other disruptions caused by failures in supporting utiliti… | Edit | |
| 7.12 – Cabling Security | prevention | Physical | Protect power and telecommunications cabling carrying data or supporting information services from i… | Edit | |
| 7.13 – Equipment Maintenance | prevention | Physical | Maintain equipment correctly to ensure its continued availability and integrity. Maintenance shall f… | Edit | |
| 7.14 – Secure Disposal or Re-use of Equipment | prevention | Physical | Verify that sensitive data and licensed software have been removed or securely overwritten before di… | Edit | |
| 7.2 – Physical Entry | prevention | Physical | Secure and control access to areas containing sensitive information and information processing facil… | Edit | |
| 7.3 – Securing Offices, Rooms and Facilities | prevention | Physical | Design and apply physical security for offices, rooms, and facilities. Sensitive areas shall not be … | Edit | |
| 7.4 – Physical Security Monitoring | prevention | Physical | Continuously monitor premises for unauthorised physical access using surveillance systems, intrusion… | Edit | |
| 7.5 – Protecting Against Physical and Environmental Threats | prevention | Physical | Design and implement protection against physical and environmental threats such as natural disasters… | Edit | |
| 7.6 – Working in Secure Areas | prevention | Physical | Design and apply procedures for working in secure areas. Unsupervised working in secure areas shall … | Edit | |
| 7.7 – Clear Desk and Clear Screen | prevention | Physical | Define and enforce clear desk rules for papers and removable storage media, and clear screen rules f… | Edit | |
| 7.8 – Equipment Siting and Protection | prevention | Physical | Site and protect equipment to reduce the risks from environmental threats and hazards, and the oppor… | Edit | |
| 7.9 – Security of Assets Off-Premises | prevention | Physical | Apply security to off-premises assets, taking into account the different risks of working outside th… | Edit | |
| Immutable Offline ERP Backups | mitigation | Recovery | Daily encrypted ERP backups written to offline or air-gapped storage; restoration tested quarterly | Edit | |
| Asset Inventory | prevention | Resource Availability | Maintain an accurate, up-to-date inventory of all information assets and associated systems, includi… | Edit | |
| Information and System Backup | mitigation | Resource Availability | Take regular backups of data, software, and system images in accordance with an agreed backup policy… | Edit | |
| SR 7.1 – Denial of Service Protection | prevention | Resource Availability | The system shall protect against denial of service (DoS) attacks that could degrade or interrupt the… | Edit | |
| SR 7.2 – Resource Management | prevention | Resource Availability | The system shall manage the use of resources including processor capacity, memory, storage, and netw… | Edit | |
| SR 7.4 – Control System Recovery and Reconstitution | mitigation | Resource Availability | The system shall provide the capability to recover and reconstitute the control system to a known se… | Edit | |
| SR 7.5 – Emergency Power | mitigation | Resource Availability | The system shall provide an emergency power supply to ensure continued operation of critical control… | Edit | |
| SR 7.6 – Network and Security Configuration Settings | prevention | Resource Availability | The system shall manage network and security configuration settings to maintain a known, secure base… | Edit | |
| SR 7.7 – Least Functionality | prevention | Resource Availability | The system shall be configured to provide only the functions, ports, protocols, and services require… | Edit | |
| Ransomware Incident Response Plan | mitigation | Response | Documented playbook for ERP ransomware: isolation steps, stakeholder communication, and phased recov… | Edit | |
| Network Segmentation | prevention | Restricted Data Flow | Partition networks into security zones according to information classification, function, and trust … | Edit | |
| SR 5.2 – Zone Boundary Protection | prevention | Restricted Data Flow | The system shall monitor and control communications at the boundaries between security zones. All tr… | Edit | |
| SR 5.3 – General Purpose Person-to-Person Communication Restrictions | prevention | Restricted Data Flow | The system shall restrict use of general purpose communication services such as email, instant messa… | Edit | |
| SR 5.4 – Application Partitioning | prevention | Restricted Data Flow | The system shall separate user and control functionality and partition applications in accordance wi… | Edit | |
| Malware / Malicious Code Protection | prevention | System Integrity | Employ protection mechanisms against malware at all relevant entry and exit points, including endpoi… | Edit | |
| SR 3.1 – Communication Integrity | prevention | System Integrity | The system shall protect the integrity of transmitted information to prevent unauthorized modificati… | Edit | |
| SR 3.3 – Security Functionality Verification | prevention | System Integrity | The system shall provide the capability to verify the correct operation of security functions on dem… | Edit | |
| SR 3.4 – Software and Information Integrity | prevention | System Integrity | The system shall employ integrity verification mechanisms to detect unauthorized changes to software… | Edit | |
| SR 3.5 – Input Validation | prevention | System Integrity | The system shall validate the syntax and semantics of inputs to prevent injection attacks and proces… | Edit | |
| SR 3.6 – Deterministic Output | prevention | System Integrity | The system shall produce deterministic output in response to inputs and provide appropriate handling… | Edit | |
| SR 3.7 – Error Handling | prevention | System Integrity | The system shall handle error conditions in a manner that does not generate information useful to an… | Edit | |
| SR 3.8 – Session Integrity | prevention | System Integrity | The system shall protect the integrity of sessions against hijacking and eavesdropping. Session toke… | Edit | |
| SR 3.9 – Protection of Audit Information | prevention | System Integrity | The system shall protect audit information and tools from unauthorized access, modification, and del… | Edit | |
| 8.1 – User Endpoint Devices | prevention | Technological | Protect information stored on, processed by, or accessible via user endpoint devices. Policies shall… | Edit | |
| 8.10 – Information Deletion | prevention | Technological | Delete information stored in information systems, devices, and other storage media when no longer re… | Edit | |
| 8.11 – Data Masking | prevention | Technological | Use data masking in accordance with the organisation's topic-specific policy on access control and o… | Edit | |
| 8.12 – Data Leakage Prevention | prevention | Technological | Apply data leakage prevention measures to systems and networks that process, store, or transmit sens… | Edit | |
| 8.14 – Redundancy of Information Processing Facilities | mitigation | Technological | Implement redundancy sufficient to meet availability requirements for information processing facilit… | Edit | |
| 8.15 – Logging | prevention | Technological | Produce, store, protect, and analyse logs that record user activities, exceptions, faults, and infor… | Edit |