Barriers Library
Reusable barriers — prevention barriers sit on threat paths, mitigation barriers on consequence paths.
Add Barrier
Tags:
clear tags
30 barriers — page 1 of 1
| Name | Type | Category | Tags | Description | |
|---|---|---|---|---|---|
| 8.1 – User Endpoint Devices | prevention | Technological | Protect information stored on, processed by, or accessible via user endpoint devices. Policies shall… | Edit | |
| 8.10 – Information Deletion | prevention | Technological | Delete information stored in information systems, devices, and other storage media when no longer re… | Edit | |
| 8.11 – Data Masking | prevention | Technological | Use data masking in accordance with the organisation's topic-specific policy on access control and o… | Edit | |
| 8.12 – Data Leakage Prevention | prevention | Technological | Apply data leakage prevention measures to systems and networks that process, store, or transmit sens… | Edit | |
| 8.14 – Redundancy of Information Processing Facilities | mitigation | Technological | Implement redundancy sufficient to meet availability requirements for information processing facilit… | Edit | |
| 8.15 – Logging | prevention | Technological | Produce, store, protect, and analyse logs that record user activities, exceptions, faults, and infor… | Edit | |
| 8.16 – Monitoring Activities | mitigation | Technological | Monitor networks, systems, and applications for anomalous behaviour and potential information securi… | Edit | |
| 8.17 – Clock Synchronisation | prevention | Technological | Synchronise the clocks of all relevant information processing systems within the organisation to an … | Edit | |
| 8.18 – Use of Privileged Utility Programs | prevention | Technological | Restrict and tightly control the use of utility programs that might be capable of overriding system … | Edit | |
| 8.19 – Installation of Software on Operational Systems | prevention | Technological | Implement procedures and measures to securely manage software installation on operational systems. O… | Edit | |
| 8.2 – Privileged Access Rights | prevention | Technological | Restrict and control the allocation and use of privileged access rights. Privileged accounts shall b… | Edit | |
| 8.20 – Networks Security | prevention | Technological | Secure, manage, and control networks and network devices to protect information in systems and appli… | Edit | |
| 8.21 – Security of Network Services | prevention | Technological | Identify, implement, and monitor security mechanisms, service levels, and management requirements fo… | Edit | |
| 8.23 – Web Filtering | prevention | Technological | Manage access to external websites to reduce exposure to malicious content. Web filtering shall bloc… | Edit | |
| 8.25 – Secure Development Lifecycle | prevention | Technological | Establish and apply rules for the secure development of software and systems. A secure SDLC shall in… | Edit | |
| 8.26 – Application Security Requirements | prevention | Technological | Identify, specify, and approve information security requirements when developing or acquiring applic… | Edit | |
| 8.27 – Secure System Architecture and Engineering Principles | prevention | Technological | Establish, document, maintain, and apply principles for engineering secure systems. Security enginee… | Edit | |
| 8.28 – Secure Coding | prevention | Technological | Apply secure coding principles to software development to reduce the number and severity of vulnerab… | Edit | |
| 8.29 – Security Testing in Development and Acceptance | prevention | Technological | Define and implement security testing processes throughout the development lifecycle, including unit… | Edit | |
| 8.3 – Information Access Restriction | prevention | Technological | Restrict access to information and application system functions in accordance with the access contro… | Edit | |
| 8.30 – Outsourced Development | prevention | Technological | Direct, monitor, and review the activities related to outsourced system development. Contractual req… | Edit | |
| 8.31 – Separation of Development, Test and Production Environments | prevention | Technological | Separate development, testing, and operational environments to reduce the risks of unauthorised acce… | Edit | |
| 8.32 – Change Management | prevention | Technological | Subject changes to information processing facilities and information systems to formal change manage… | Edit | |
| 8.33 – Test Information | prevention | Technological | Ensure that test data is appropriately selected, protected, and managed. Sensitive operational data … | Edit | |
| 8.34 – Protection of Information Systems During Audit Testing | prevention | Technological | Plan and agree audit tests and other assurance activities involving operational systems to minimise … | Edit | |
| 8.4 – Access to Source Code | prevention | Technological | Manage access to source code, development tools, and software libraries appropriately to prevent the… | Edit | |
| 8.5 – Secure Authentication | prevention | Technological | Implement secure authentication technologies and procedures based on information access restrictions… | Edit | |
| 8.6 – Capacity Management | prevention | Technological | Monitor and adjust the use of resources to meet current and projected capacity requirements. Capacit… | Edit | |
| 8.8 – Management of Technical Vulnerabilities | prevention | Technological | Obtain timely information about technical vulnerabilities in information systems; assess the organis… | Edit | |
| 8.9 – Configuration Management | prevention | Technological | Establish, document, implement, monitor, and review configurations including security configurations… | Edit |