Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
clear tags
36 barriers — page 1 of 1
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| 5.1 – Policies for Information Security | prevention | Organizational | Define, approve, publish, and communicate a set of information security policies. Policies shall ref… | Edit | |
| 5.10 – Acceptable Use of Information and Other Associated Assets | prevention | Organizational | Identify, document, and implement rules for the acceptable use of information and assets associated … | Edit | |
| 5.11 – Return of Assets | prevention | Organizational | All personnel and external party users shall return all organisational assets in their possession up… | Edit | |
| 5.12 – Classification of Information | prevention | Organizational | Classify information according to the organisation's defined classification scheme based on confiden… | Edit | |
| 5.13 – Labelling of Information | prevention | Organizational | Develop and implement a set of procedures for information labelling in accordance with the classific… | Edit | |
| 5.14 – Information Transfer | prevention | Organizational | Implement policies, procedures, and controls to protect the transfer of information through all type… | Edit | |
| 5.15 – Access Control | prevention | Organizational | Establish, document, and review access control rules based on business and information security requ… | Edit | |
| 5.16 – Identity Management | prevention | Organizational | Manage the full lifecycle of digital identities, including allocation, maintenance, and revocation. … | Edit | |
| 5.17 – Authentication Information | prevention | Organizational | Manage authentication information — including passwords, keys, tokens, and certificates — securely t… | Edit | |
| 5.18 – Access Rights | prevention | Organizational | Provision, review, modify, and revoke access rights through a formal process that includes authorisa… | Edit | |
| 5.19 – Information Security in Supplier Relationships | prevention | Organizational | Define and implement processes and procedures to manage the information security risks associated wi… | Edit | |
| 5.2 – Information Security Roles and Responsibilities | prevention | Organizational | Define and allocate information security responsibilities in accordance with the security policy. Re… | Edit | |
| 5.20 – Addressing Information Security Within Supplier Agreements | prevention | Organizational | Establish and agree relevant information security requirements with suppliers based on the type of s… | Edit | |
| 5.21 – Managing Information Security in the ICT Supply Chain | prevention | Organizational | Define and implement processes and procedures to manage information security risks associated with t… | Edit | |
| 5.22 – Monitoring, Review and Change Management of Supplier Services | prevention | Organizational | Regularly monitor, review, and audit supplier service delivery. Changes to supplier agreements or se… | Edit | |
| 5.23 – Information Security for Use of Cloud Services | prevention | Organizational | Establish processes for the acquisition, use, management, and exit from cloud services in accordance… | Edit | |
| 5.24 – Information Security Incident Management Planning and Preparation | mitigation | Organizational | Plan and prepare for information security incident management by defining processes, roles, and resp… | Edit | |
| 5.25 – Assessment and Decision on Information Security Events | mitigation | Organizational | Assess information security events against defined criteria and decide whether they are to be classi… | Edit | |
| 5.26 – Response to Information Security Incidents | mitigation | Organizational | Respond to information security incidents in accordance with documented procedures. Responses shall … | Edit | |
| 5.27 – Learning from Information Security Incidents | mitigation | Organizational | Use knowledge gained from analysing and resolving information security incidents to reduce the likel… | Edit | |
| 5.28 – Collection of Evidence | mitigation | Organizational | Define and apply procedures for the identification, collection, acquisition, and preservation of evi… | Edit | |
| 5.29 – Information Security During Disruption | mitigation | Organizational | Plan how to maintain information security at an appropriate level during disruption. Security contro… | Edit | |
| 5.3 – Segregation of Duties | prevention | Organizational | Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unaut… | Edit | |
| 5.30 – ICT Readiness for Business Continuity | mitigation | Organizational | Plan, implement, maintain, and test ICT readiness to ensure the availability of information systems … | Edit | |
| 5.31 – Legal, Statutory, Regulatory and Contractual Requirements | prevention | Organizational | Identify, document, and keep current all legal, statutory, regulatory, and contractual requirements … | Edit | |
| 5.32 – Intellectual Property Rights | prevention | Organizational | Implement appropriate procedures to ensure compliance with legislative, regulatory, and contractual … | Edit | |
| 5.33 – Protection of Records | prevention | Organizational | Protect records from loss, destruction, falsification, and unauthorised access or release in accorda… | Edit | |
| 5.34 – Privacy and Protection of Personally Identifiable Information | prevention | Organizational | Identify and meet requirements for the preservation of privacy and protection of personally identifi… | Edit | |
| 5.35 – Independent Review of Information Security | prevention | Organizational | Conduct independent reviews of the organisation's approach to managing information security and its … | Edit | |
| 5.36 – Compliance with Policies, Rules and Standards for Information Security | prevention | Organizational | Managers shall regularly review compliance of information processing and procedures within their are… | Edit | |
| 5.37 – Documented Operating Procedures | prevention | Organizational | Maintain and make available to all users who need them documented operating procedures for all activ… | Edit | |
| 5.4 – Management Responsibilities | prevention | Organizational | Management shall require all personnel to apply information security in accordance with established … | Edit | |
| 5.5 – Contact with Authorities | mitigation | Organizational | Maintain appropriate contacts with relevant authorities such as law enforcement, regulatory bodies, … | Edit | |
| 5.6 – Contact with Special Interest Groups | prevention | Organizational | Maintain contacts with special interest groups, specialist security forums, and professional associa… | Edit | |
| 5.7 – Threat Intelligence | prevention | Organizational | Collect, analyse, and produce threat intelligence regarding information security threats to inform r… | Edit | |
| 5.8 – Information Security in Project Management | prevention | Organizational | Integrate information security into project management, regardless of the type of project. Security … | Edit |