Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
189 barriers — page 4 of 4
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| 8.16 – Monitoring Activities | mitigation | Technological | Monitor networks, systems, and applications for anomalous behaviour and potential information securi… | Edit | |
| 8.17 – Clock Synchronisation | prevention | Technological | Synchronise the clocks of all relevant information processing systems within the organisation to an … | Edit | |
| 8.18 – Use of Privileged Utility Programs | prevention | Technological | Restrict and tightly control the use of utility programs that might be capable of overriding system … | Edit | |
| 8.19 – Installation of Software on Operational Systems | prevention | Technological | Implement procedures and measures to securely manage software installation on operational systems. O… | Edit | |
| 8.2 – Privileged Access Rights | prevention | Technological | Restrict and control the allocation and use of privileged access rights. Privileged accounts shall b… | Edit | |
| 8.20 – Networks Security | prevention | Technological | Secure, manage, and control networks and network devices to protect information in systems and appli… | Edit | |
| 8.21 – Security of Network Services | prevention | Technological | Identify, implement, and monitor security mechanisms, service levels, and management requirements fo… | Edit | |
| 8.23 – Web Filtering | prevention | Technological | Manage access to external websites to reduce exposure to malicious content. Web filtering shall bloc… | Edit | |
| 8.25 – Secure Development Lifecycle | prevention | Technological | Establish and apply rules for the secure development of software and systems. A secure SDLC shall in… | Edit | |
| 8.26 – Application Security Requirements | prevention | Technological | Identify, specify, and approve information security requirements when developing or acquiring applic… | Edit | |
| 8.27 – Secure System Architecture and Engineering Principles | prevention | Technological | Establish, document, maintain, and apply principles for engineering secure systems. Security enginee… | Edit | |
| 8.28 – Secure Coding | prevention | Technological | Apply secure coding principles to software development to reduce the number and severity of vulnerab… | Edit | |
| 8.29 – Security Testing in Development and Acceptance | prevention | Technological | Define and implement security testing processes throughout the development lifecycle, including unit… | Edit | |
| 8.3 – Information Access Restriction | prevention | Technological | Restrict access to information and application system functions in accordance with the access contro… | Edit | |
| 8.30 – Outsourced Development | prevention | Technological | Direct, monitor, and review the activities related to outsourced system development. Contractual req… | Edit | |
| 8.31 – Separation of Development, Test and Production Environments | prevention | Technological | Separate development, testing, and operational environments to reduce the risks of unauthorised acce… | Edit | |
| 8.32 – Change Management | prevention | Technological | Subject changes to information processing facilities and information systems to formal change manage… | Edit | |
| 8.33 – Test Information | prevention | Technological | Ensure that test data is appropriately selected, protected, and managed. Sensitive operational data … | Edit | |
| 8.34 – Protection of Information Systems During Audit Testing | prevention | Technological | Plan and agree audit tests and other assurance activities involving operational systems to minimise … | Edit | |
| 8.4 – Access to Source Code | prevention | Technological | Manage access to source code, development tools, and software libraries appropriately to prevent the… | Edit | |
| 8.5 – Secure Authentication | prevention | Technological | Implement secure authentication technologies and procedures based on information access restrictions… | Edit | |
| 8.6 – Capacity Management | prevention | Technological | Monitor and adjust the use of resources to meet current and projected capacity requirements. Capacit… | Edit | |
| 8.8 – Management of Technical Vulnerabilities | prevention | Technological | Obtain timely information about technical vulnerabilities in information systems; assess the organis… | Edit | |
| 8.9 – Configuration Management | prevention | Technological | Establish, document, implement, monitor, and review configurations including security configurations… | Edit | |
| SR 6.1 – Audit Log Accessibility | mitigation | Timely Response to Events | The system shall ensure that audit logs are available to authorized personnel in a timely manner. Ac… | Edit | |
| SR 6.2 – Continuous Monitoring | mitigation | Timely Response to Events | The system shall implement continuous monitoring of security events across the control system enviro… | Edit | |
| SR 2.1 – Authorization Enforcement | prevention | Use Control | The system shall enforce assigned authorizations for all users and processes, controlling access to … | Edit | |
| SR 2.10 – Response to Audit Processing Failures | mitigation | Use Control | The system shall alert relevant personnel and take defined actions in the event that audit processin… | Edit | |
| SR 2.11 – Timestamps | prevention | Use Control | The system shall provide reliable, consistent timestamps for audit record generation. Timestamps sha… | Edit | |
| SR 2.12 – Non-Repudiation | prevention | Use Control | The system shall provide the capability to ensure that actions taken by users or processes cannot be… | Edit | |
| SR 2.2 – Wireless Use Control | prevention | Use Control | The system shall authorize, monitor, and control the use of wireless technologies including Wi-Fi, B… | Edit | |
| SR 2.3 – Use Control for Portable and Mobile Devices | prevention | Use Control | The system shall authorize, monitor, and control the use of portable and mobile devices such as USB … | Edit | |
| SR 2.4 – Mobile Code | prevention | Use Control | The system shall authorize, monitor, and control the use of mobile code (e.g., scripts, macros, appl… | Edit | |
| SR 2.5 – Session Lock | prevention | Use Control | The system shall implement a session lock after a configurable period of inactivity, requiring re-au… | Edit | |
| SR 2.6 – Remote Session Termination | prevention | Use Control | The system shall provide the capability to terminate remote sessions after a defined period of inact… | Edit | |
| SR 2.7 – Concurrent Session Control | prevention | Use Control | The system shall enforce a limit on the number of concurrent sessions for each user account or devic… | Edit | |
| SR 2.8 – Auditable Events | prevention | Use Control | The system shall generate audit records for defined auditable events including login attempts, acces… | Edit | |
| SR 2.9 – Audit Storage Capacity | prevention | Use Control | The system shall allocate sufficient audit record storage capacity and generate alerts when storage … | Edit | |
| ERP Patch Management | prevention | Vulnerability Management | Monthly vulnerability scanning and patch cycle for the ERP application, OS, and middleware component… | Edit |