{"id":25199,"date":"2020-06-27T07:56:59","date_gmt":"2020-06-27T07:56:59","guid":{"rendered":"http:\/\/35.232.100.111\/?page_id=25199"},"modified":"2022-12-28T09:40:51","modified_gmt":"2022-12-28T09:40:51","slug":"iso-27002","status":"publish","type":"page","link":"https:\/\/sectona.com\/iso-27002\/","title":{"rendered":"ISO 27002 Standard – Best Practices for PAM"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Find Out ISO\/IEC 27002 Requirements Specific to Privileged Access<\/h1>\r\n\r\n

Request Demo<\/a> <\/p><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

ISO 27002 standard has been made consistent on privacy, information security and cryptography with the Organization for Economic Co-operation and Development guidelines. ISO 27002 Code of Practice is a framework providing international best practices in information security controls and systems interoperability implemented in a variety of legal and cultural environments. ISO 27002 standard has been designed as a guidance manual for organizations implementing international best practices in information security controls. Among the listed practices, clauses around privileged access as highlighted below.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 9.2.3<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

The allocation and use of privileged access rights should be restricted and controlled<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 9.2.5<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Asset owners should review users\u2019 access rights at regular intervals<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 9.4.1<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Access to information and application system functions should be restricted in accordance with the access control policy<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 9.4.2<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Where required by the access control policy, access to systems and applications should be controlled by a secure log-on procedure.

<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\n\t\t\n\t\t
\n\t\t\t

Requirement 9.4.3<\/h2>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t

Password management systems should be interactive and should ensure quality passwords

<\/p>\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Explore How Sectona Helps You Achieve Compliance with ISO 27002<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Sectona privileged access management, an integrated solution with several components like privileged access, remote session collaboration, threat analytics, and session recording follows best practices in information security controls w.r.t. privileged access as intended by the ISO 27002 framework. Here are few use-cases in line with the ISO 27002:\n<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t Addressing Requirement 9.2.3<\/span> Implement Access Control Policy <\/strong><\/span>

Implement access control policy easily for system administrators accessing multiple assets and accounts. Define policies based on assets or accounts. Segregate access for default and shared accounts while demonstrating compliance.<\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"ISO<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tAddressing Requirement 9.2.5<\/span> Automate Access Reviews <\/strong><\/span>

Go beyond manual excel-sheet based reviews and review & certify access to default accounts, service accounts and other accounts with automated workflow based system. <\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"ISO<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tAddressing Requirement 9.4.1<\/span> Enable need based access to resources <\/strong><\/span>

Configure access policy definitions based on user roles & functions. Define access to critical data and enforce restrictions on a need-to-know, need-to-access basis with strong workflow based access. <\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"ISO<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tAddressing Requirement 9.4.2<\/span> Enforce MFA Authentication for Admins <\/strong><\/span>

Enforce second level of authentication & verification of all users by configuring customizable MFA mechanisms or free to use Sectona MFA.<\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"ISO<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t<\/i><\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\tAddressing Requirement 9.4.3<\/span> Implement Password Management System <\/strong><\/span>

Leverage strong password change capabilities from discovery, onboarding to rotation for all privileged accounts in a secure, encrypted, tamper - proof storage.<\/p><\/a>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t

\"ISO<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t\n\n\n\n