ISO 27001 Technological Controls
Technical security controls for systems, networks, and applications. Covers 34 controls from access management to secure development.
Showing 34 controls in Technological Controls
User endpoint devices
To ensure security of information accessed through user endpoint devices.
Privileged access rights
To prevent unauthorized access and compromise of systems through misuse of privileged access rights.
Information access restriction
To ensure authorized access and prevent unauthorized access to information.
Access to source code
To prevent unauthorized access to source code and maintain integrity of code.
Secure authentication
To ensure the authenticity of users and protect against unauthorized access.
Capacity management
To ensure systems perform adequately and ensure required system availability.
Protection against malware
To ensure that information and information processing facilities are protected against malware.
Management of technical vulnerabilities
To prevent exploitation of technical vulnerabilities.
Configuration management
To establish and maintain secure configurations of systems.
Information deletion
To prevent unnecessary retention of information and reduce exposure to unauthorized disclosure.
Data masking
To limit exposure of sensitive data while maintaining usability for testing and development.
Data leakage prevention
To detect and prevent unauthorized transmission of sensitive information.
Information backup
To protect against loss of data and ensure business continuity.
Redundancy of information processing facilities
To ensure availability of critical systems through redundancy.
Logging
To record events and generate evidence for investigation and monitoring.
Monitoring activities
To detect anomalous behavior and potential security incidents.
Clock synchronization
To ensure accuracy of logs and support forensic investigation and audit.
Use of privileged utility programs
To prevent misuse of privileged utilities that could bypass security controls.
Installation of software on operational systems
To prevent unauthorized software installation and maintain system integrity.
Networks security
To ensure the protection of information in networks and supporting information processing facilities.
Security of network services
To ensure the security of network services and the information they carry.
Segregation of networks
To separate networks into security zones based on risk and trust levels.
Web filtering
To manage access to external websites and reduce security risks.
Use of cryptography
To ensure proper and effective use of cryptography to protect confidentiality, authenticity and integrity of information.
Secure development life cycle
To ensure that information security is designed and implemented within the development lifecycle of systems.
Application security requirements
To ensure security is built into applications from requirements through implementation.
Secure system architecture and engineering principles
To ensure systems are designed with security in mind using established security principles.
Secure coding
To prevent security vulnerabilities in application code.
Security testing in development and acceptance
To identify and address security vulnerabilities before production deployment.
Outsourced development
To ensure outsourced development meets security requirements and follows secure practices.
Separation of development, test and production environments
To reduce the risks of unauthorized access or changes to the production environment.
Change management
To ensure changes are made in a controlled manner with minimal disruption and risk.
Test information
To ensure test data does not contain production data that could be exposed.
Protection of information systems during audit testing
To minimize disruption to business processes from audit activities.