Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Guidance
- E-mail filters should detect malicious e-mails, and filtering should be configured based on the type of
message attachments so that files of the specified types are automatically processed (e.g. deleted).
- Web-filters should notify the user if a website may contain malware and potentially preventing users
from accessing that website.
The organization shall control the information flows/data flows within its critical systems
and between interconnected systems.
Guidance
Consider the following:
- Information flow may be supported, for example, by labelling or colouring physical connectors as an
aid to manual hook-up.
- Inspection of message content may enforce information flow policy. For example, a message
containing a command to an actuator may not be permitted to flow between the control network
and any other network.
- Physical addresses (e.g., a serial port) may be implicitly or explicitly associated with labels or
attributes (e.g., hardware I/O address). Manual methods are typically static. Label or attribute policy
mechanisms may be implemented in hardware, firmware, and software that controls or has device access, such as
device drivers and communications controllers.
The organization shall manage the interface for external communication services by
establishing a traffic flow policy, protecting the confidentiality and integrity of the
information being transmitted; This includes the review and documenting of each exception
to the traffic flow policy.
Guidance
- E-mail filters should detect malicious e-mails, and filtering should be configured based on the type of
message attachments so that files of the specified types are automatically processed (e.g. deleted).
- Web-filters should notify the user if a website may contain malware and potentially preventing users
from accessing that website.
The organization shall control the information flows/data flows within its critical systems
and between interconnected systems.
Guidance
Consider the following:
- Information flow may be supported, for example, by labelling or colouring physical connectors as an
aid to manual hook-up.
- Inspection of message content may enforce information flow policy. For example, a message
containing a command to an actuator may not be permitted to flow between the control network
and any other network.
- Physical addresses (e.g., a serial port) may be implicitly or explicitly associated with labels or
attributes (e.g., hardware I/O address). Manual methods are typically static. Label or attribute policy
mechanisms may be implemented in hardware, firmware, and software that controls or has device access, such as
device drivers and communications controllers.
The organization shall manage the interface for external communication services by
establishing a traffic flow policy, protecting the confidentiality and integrity of the
information being transmitted; This includes the review and documenting of each exception
to the traffic flow policy.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
