Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Learn more about the connected frameworks

13.2.1
ISO27 Full

Information transfer policies and procedures

Other tasks from the same security theme

Personnel guidelines for avoiding phishing

Critical
High
Normal
Low

The organization has developed guidelines for staff that define the acceptable use of various communication services and aim to prevent the disclosure of confidential information to, for example, a phisher or other third parties.

13.2.1: Information transfer policies and procedures
ISO27 Full
13.2.3: Electronic messaging
ISO27 Full
PR.AT-1: Awareness
NIST
HAL-12: Ohjeet
Julkri
5.14: Information transfer
ISO27k1 Full

Using a selected web browser and checking for updates

Critical
High
Normal
Low

The selection and up-to-dateness of web browser greatly affects e.g. experience, operation and browsing security of online services. When the entire organization uses the same web browser, instructing is easier and security is improved.

IT has chosen the browser to be used, monitors the staff in using the correct and up-to-date browser and supports the staff in the use.

12.6.1: Management of technical vulnerabilities
ISO27 Full
13.2.1: Information transfer policies and procedures
ISO27 Full
PR.AC-3: Remote access management
NIST
TEK-19: Ohjelmistohaavoittuvuuksien hallinta
Julkri
5.14: Information transfer
ISO27k1 Full

Email authentication: DMARC

Critical
High
Normal
Low

SPF, DKIM and DMARC are technologies that prevent the sending of fake emails and phishing.

DMARC works together with SPF and DKIM. It tells the receiving e-mail server how to deal with a message that do not pass SPF or DKIM checks.

13.2.3: Electronic messaging
ISO27 Full
5.14: Information transfer
ISO27k1 Full
2.8.1: Verify the sender address of incoming emails
NSM ICT-SP

Email authentication: DKIM

Critical
High
Normal
Low

SPF, DKIM, and DMARC are technologies that prevent the sending of fake emails and phishing.

DKIM adds a digital signature to the header of outgoing e-mail. The outgoing e-mail header is encrypted with a private key, and the public key is added to the domain's DNS information so that the receiving server can decrypt the information. The key therefore ensures that the messages actually come from your own domain and not from the sender impersonating you.

13.2.3: Electronic messaging
ISO27 Full
5.14: Information transfer
ISO27k1 Full
2.8.1: Verify the sender address of incoming emails
NSM ICT-SP

Email authentication: SPF

Critical
High
Normal
Low

SPF, DKIM, and DMARC are technologies that prevent the sending of fake emails and phishing.

Using SPF will help verify the authenticity of emails sent from your domain. The SPF is added as a TXT entry to your domain's DNS information to tell you which email servers are allowed to send email on behalf of your domain. The receiving email server refers to this entry when deciding whether the email is coming from the right party.

13.2.3: Electronic messaging
ISO27 Full
5.14: Information transfer
ISO27k1 Full
2.8.1: Verify the sender address of incoming emails
NSM ICT-SP

Enabling and configuring mailbox audit logs

Critical
High
Normal
Low

With the mailbox audit logs, it is possible to track, for example, logins and other actions within inbox.

Usually, this feature is not turned on by default, and for employee privacy, it is important to choose the actions to be monitored carefully.

13.2.3: Electronic messaging
ISO27 Full
5.14: Information transfer
ISO27k1 Full

Activate STARTTLS

Critical
High
Normal
Low

Activate STARTTLS on the organisation’s email server to authenticate and ensure the confidentiality of all emails between the organisation and other organisations that have activated STARTTLS.

STARTTLS is a protocol command used to inform the email server that the email client wants to upgrade from an insecure connection to a secure one using TLS or SSL. This protocol command is used in SMTP and IMAP protocols, whereas the POP3 protocol uses STLS, which is a slightly different encryption command.

2.8.2: Activate STARTTLS on the organisation’s email server
NSM ICT-SP

Email authentication: DNSSEC

Critical
High
Normal
Low

Use DNSSEC. The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups.

2.8.1: Verify the sender address of incoming emails
NSM ICT-SP

Use of anti-phishing policies

Critical
High
Normal
Low

Anti-phishing policies can help an organization prevent impersonation-based phishing. Targeted “spear phishing” attacks in particular are often so skillfully executed that even a conscious employee finds it difficult to identify a scam.

For example, the ATP extension for Microsoft 365 can quarantine e-mail messages that impersonate our CEO or that present our own domain as the sender's domain, while forwarding them to the person in charge of security.

13.2.1: Information transfer policies and procedures
ISO27 Full
13.2.3: Electronic messaging
ISO27 Full
5.14: Information transfer
ISO27k1 Full

Blocking auto-forwarding of mailboxes to external domains

Critical
High
Normal
Low

If a scammer gains access to a user's inbox, they can use the auto-forward feature to track communications and steal confidential information. Your own employees can also create unsafe forwarding rules, which can lead to data leakage or loss.

This can be prevented, for example, in a Microsoft 365 environment by creating a "mail flow" rule.

13.2.1: Information transfer policies and procedures
ISO27 Full

Mailbox audit log monitoring

Critical
High
Normal
Low

Once the mailbox audit log is enabled, the events should be saved to a selected location for a desired time. This can be, for example, "Audit log search" in a Microsoft 365 environment or a separate SIEM system. In addition, it is necessary to decide on the control measures to be taken.

13.2.3: Electronic messaging
ISO27 Full
5.14: Information transfer
ISO27k1 Full

Use of a DLP-system

Critical
High
Normal
Low

The DLP system aims to prevent the loss or leakage of sensitive data. The system can be used to prevent unwanted actions by monitoring, detecting and preventing the processing of sensitive data without meeting the desired conditions. Blocking can be done during use (in-use, terminal operations), in motion (in-transit, network traffic) or in storage locations (at-rest).

18.1.2: Intellectual property rights
ISO27 Full
18.1.3: Protection of records
ISO27 Full
8.12: Data leakage prevention
ISO27k1 Full
C1.1: Identification and maintainment of confidental information
SOC 2
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.
CyFun

Email monitoring system

Critical
High
Normal
Low

With the help of email monitoring, e.g. identify personal, unstructured but valuable or sensitive personal or other information in e-mail traffic and the system.

13.2.3: Electronic messaging
ISO27 Full