Куда я попал?
Вы попали в сервис, который помогает корпоративным службам безопасности строить свои рабочие процессы:
управление рисками, контроль соответствия требованиям, учет активов,
планирование и сопровождение защитных мер на всем их жизненном цикле, распределение задач и т.д.
Еще SECURITM является платформой для обмена опытом и наработками между участниками сообщества служб безопасности.
Подробнее
Еще SECURITM является платформой для обмена опытом и наработками между участниками сообщества служб безопасности.
Информационная технология. Методы и средства обеспечения безопасности. Системы менеджмента информационной безопасности. Требования - Приложение А
ГОСТ Р № ИСО/МЭК 27001-2021 от 01.01.2022
A.13.1.1
Для проведения оценки соответствия по документу войдите в систему.
Похожие требования
Стандарт Банка России № СТО БР ИББС-1.0-2014 от 01.06.2014 "Обеспечение информационной безопасности организаций банковской системы Российской Федерации - Общие положения":
Р. 7 п. 6 п.п. 4
7.6.4. В организациях БС РФ в связи с повышенными рисками нарушения ИБ при взаимодействии с сетью Интернет должны применяться защитные меры, в том числе межсетевые экраны, антивирусные средства, средства обнаружения вторжений, средства криптографической защиты информации, обеспечивающие, среди прочего, прием и передачу информации только в установленном формате и только для конкретной технологии.
Должны быть разработаны и введены в действие инструкции и рекомендации по использованию сети Интернет, учитывающие особенности банковских технологических процессов.
Должны быть определены и выполняться процедуры протоколирования посещения ресурсов сети Интернет работниками организации БС РФ. Данные о посещенных работниками организации БС РФ ресурсов сети Интернет должны быть доступны работникам службы ИБ.
Должны быть разработаны и введены в действие инструкции и рекомендации по использованию сети Интернет, учитывающие особенности банковских технологических процессов.
Должны быть определены и выполняться процедуры протоколирования посещения ресурсов сети Интернет работниками организации БС РФ. Данные о посещенных работниками организации БС РФ ресурсов сети Интернет должны быть доступны работникам службы ИБ.
Р. 7 п. 6 п.п. 2
7.6.2. Должны быть определены, выполняться, регистрироваться и контролироваться процедуры подключения и использования ресурсов сети Интернет.
Р. 7 п. 11 п.п. 7
7.11.7. В организации БС РФ должны быть реализованы защита периметров сегментов вычислительной сети, в которых расположены ИСПДн, и контроль информационного взаимодействия между сегментами вычислительных сетей.
В организации БС РФ должны быть определены и контролироваться правила информационного взаимодействия ИСПДн с иными АБС.
В организации БС РФ должны быть определены и контролироваться правила информационного взаимодействия ИСПДн с иными АБС.
CIS Critical Security Controls v8 (The 18 CIS CSC):
13.9
13.9 Deploy Port-Level Access Control
Deploy port-level access control. Port-level access control utilizes 802.1x, or similar network access control protocols, such as certificates, and may incorporate user and/or device authentication.
Deploy port-level access control. Port-level access control utilizes 802.1x, or similar network access control protocols, such as certificates, and may incorporate user and/or device authentication.
12.1
12.1 Ensure Network Infrastructure is Up-to-Date
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
4.2
4.2 Establish and Maintain a Secure Configuration Process for Network Infrastructure
Establish and maintain a secure configuration process for network devices. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Establish and maintain a secure configuration process for network devices. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
13.3
13.3 Deploy a Network Intrusion Detection Solution
Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.
Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.
4.1
4.1 Establish and Maintain a Secure Configuration Process
Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard
Establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications). Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard
4.4
4.4 Implement and Manage a Firewall on Servers
Implement and manage a firewall on servers, where supported. Example implementations include a virtual firewall, operating system firewall, or a third-party firewall agent.
Implement and manage a firewall on servers, where supported. Example implementations include a virtual firewall, operating system firewall, or a third-party firewall agent.
1.2
1.2 Address Unauthorized Assets
Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset.
Ensure that a process exists to address unauthorized assets on a weekly basis. The enterprise may choose to remove the asset from the network, deny the asset from connecting remotely to the network, or quarantine the asset.
3.8
3.8 Document Data Flows
Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise’s data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Document data flows. Data flow documentation includes service provider data flows and should be based on the enterprise’s data management process. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
12.3
12.3 Securely Manage Network Infrastructure
Securely manage network infrastructure. Example implementations include version-controlled-infrastructure-ascode, and the use of secure network protocols, such as SSH and HTTPS.
Securely manage network infrastructure. Example implementations include version-controlled-infrastructure-ascode, and the use of secure network protocols, such as SSH and HTTPS.
13.6
13.6 Collect Network Traffic Flow Logs
Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.
Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.
12.2
12.2 Establish and Maintain a Secure Network Architecture
Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
13.8
13.8 Deploy a Network Intrusion Prevention Solution Network
Deploy a network intrusion prevention solution, where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service.
Deploy a network intrusion prevention solution, where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service.
4.8
4.8 Uninstall or Disable Unnecessary Services on Enterprise Assets and Software
Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file sharing service, web application module, or service function.
Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file sharing service, web application module, or service function.
9.3
9.3 Maintain and Enforce Network-Based URL Filters
Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
4.5
4.5 Implement and Manage a Firewall on End-User Devices
Implement and manage a host-based firewall or port-filtering tool on end-user devices, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
Implement and manage a host-based firewall or port-filtering tool on end-user devices, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
3.10
3.10 Encrypt Sensitive Data in Transit
Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).
Encrypt sensitive data in transit. Example implementations can include: Transport Layer Security (TLS) and Open Secure Shell (OpenSSH).
9.6
9.6 Block Unnecessary File Types
Block unnecessary file types attempting to enter the enterprise’s email gateway.
Block unnecessary file types attempting to enter the enterprise’s email gateway.
13.4
13.4 Perform Traffic Filtering Between Network Segments
Perform traffic filtering between network segments, where appropriate.
Perform traffic filtering between network segments, where appropriate.
ГОСТ Р № 57580.1-2017 от 01.01.2018 "Безопасность финансовых (банковских) операций. Защита информации финансовых организаций. Базовый состав организационных и технических мер. Раздел 7. Требования к системе защиты информации":
ВСА.6
ВСА.6 Контроль отсутствия (выявление) аномальной сетевой активности, связанной с возможным несанкционированным логическим доступом к ресурсам доступа, размещенным во внутренних вычислительных сетях финансовой организации
ВСА.4
ВСА.4 Контроль отсутствия (выявление) аномальной сетевой активности, связанной с возможным несанкционированным логическим доступом к ресурсам доступа, размещенным в вычислительных сетях финансовой организации, подключенных к сети Интернет
СМЭ.2
СМЭ.2 Реализация сетевого взаимодействия и сетевой изоляции на уровне не выше третьего (сетевой) по семиуровневой стандартной модели взаимодействия открытых систем, определенной в ГОСТ Р ИСО/МЭК 7498-1, сегментов контуров безопасности и внутренних вычислительных сетей финансовой организации, не предназначенных для размещения информационной инфраструктуры, входящей в контуры безопасности (далее — иные внутренние вычислительные сети финансовой организации)
ЗСВ.4
ЗСВ.4 Разграничение и контроль осуществления одновременного доступа виртуальных машин к системе хранения данных в пределах контура безопасности на уровне не выше третьего (сетевой) по семиуровневой стандартной модели взаимодействия открытых систем, определенной в ГОСТ Р ИСО/МЭК 7498-1
ЗБС.4
ЗБС.4 Реализация сетевого взаимодействия и сетевой изоляции на уровне не выше второго (канальный) по семиуровневой стандартной модели взаимодействия открытых систем, определенной в ГОСТ Р ИСО/МЭК 7498-1, внутренних вычислительных сетей финансовой организации и сегментов вычисленных сетей, выделенных в соответствии с пунктом ЗБС.3 настоящей таблицы
СМЭ.15
СМЭ.15 Реализация сетевого взаимодействия и сетевой изоляции на уровне не выше третьего (сетевой) по семиуровневой стандартной модели взаимодействия открытых систем, определенной в ГОСТ Р ИСО/МЭК 7498-1, внутренних вычислительных сетей финансовой организации и сети Интернет
СМЭ.19
СМЭ.19 Реализация сетевого взаимодействия внутренних вычислительных сетей финансовой организации и сети Интернет через ограниченное количество контролируемых точек доступа
ВСА.2
ВСА.2 Контроль отсутствия (выявление) аномальной сетевой активности, связанной с возможным несанкционированным информационным взаимодействием между вычислительными сетями финансовой организации и сетью Интернет
ВСА.3
ВСА.3 Контроль отсутствия (выявление) аномальной сетевой активности, связанной с возможным несанкционированным информационным взаимодействием между сегментами, предназначенными для размещения общедоступных объектов доступа (в том числе банкоматов, платежных терминалов), и сетью Интернет
ВСА.1
ВСА.1 Контроль отсутствия (выявление) аномальной сетевой активности, связанной с возможным несанкционированным информационным взаимодействием между сегментами контуров безопасности и иными внутренними вычислительными сетями финансовой организации
СМЭ.14
СМЭ.14 Реализация сетевого взаимодействия и сетевой изоляции на уровне не выше второго (канальный) по семиуровневой стандартной модели взаимодействия открытых систем, определенной в ГОСТ Р ИСО/МЭК 7498-1, внутренних вычислительных сетей финансовой организации и сети Интернет
NIST Cybersecurity Framework (RU):
PR.DS-5
PR.DS-5: Реализована защита от утечки данных
PR.DS-2
PR.DS-2: Данные при передаче защищаются
DE.AE-1
DE.AE-1: Для пользователей и систем устанавливается и управляется базовый уровень сетевых операций и ожидаемых потоков данных
PR.PT-4
PR.PT-4: Защищены сети связи и управления
PR.AC-3
PR.AC-3: Управляется процесс предоставления удаленного доступа
PR.AC-5
PR.AC-5: Защищена целостность сети, включая сегрегацию сети при необходимости
CIS Critical Security Controls v7.1 (SANS Top 20):
CSC 12.10
CSC 12.10 Decrypt Network Traffic at Proxy
Decrypt all encrypted network traffic at the boundary proxy prior to analyzing the content. However, the organization may use whitelists of allowed sites that can be accessed through the proxy without decrypting the traffic.
Decrypt all encrypted network traffic at the boundary proxy prior to analyzing the content. However, the organization may use whitelists of allowed sites that can be accessed through the proxy without decrypting the traffic.
CSC 13.3
CSC 13.3 Monitor and Block Unauthorized Network Traffic
Deploy an automated tool on network perimeters that monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting information security professionals.
Deploy an automated tool on network perimeters that monitors for unauthorized transfer of sensitive information and blocks such transfers while alerting information security professionals.
CSC 15.2
CSC 15.2 Detect Wireless Access Points Connected to the Wired Network
Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.
Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.
CSC 12.8
CSC 12.8 Deploy NetFlow Collection on Networking Boundary Devices
Enable the collection of NetFlow and logging data on all network boundary devices.
Enable the collection of NetFlow and logging data on all network boundary devices.
CSC 12.6
CSC 12.6 Deploy Network-Based IDS Sensors
Deploy network-based Intrusion Detection Systems (IDS) sensors to look for unusual attack mechanisms and detect compromise of these systems at each of the organization's network boundaries.
Deploy network-based Intrusion Detection Systems (IDS) sensors to look for unusual attack mechanisms and detect compromise of these systems at each of the organization's network boundaries.
CSC 15.10
CSC 15.10 Create Separate Wireless Network for Personal and Untrusted Devices
Create a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.
Create a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.
CSC 12.1
CSC 12.1 Maintain an Inventory of Network Boundaries
Maintain an up-to-date inventory of all of the organization's network boundaries.
Maintain an up-to-date inventory of all of the organization's network boundaries.
CSC 9.4
CSC 9.4 Apply Host-Based Firewalls or Port-Filtering
Apply host-based firewalls or port-filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
Apply host-based firewalls or port-filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
CSC 11.2
CSC 11.2 Document Traffic Configuration Rules
All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual’s name responsible for that business need, and an expected duration of the need.
All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual’s name responsible for that business need, and an expected duration of the need.
CSC 14.2
CSC 14.2 Enable Firewall Filtering Between VLANs
Enable firewall filtering between VLANs to ensure that only authorized systems are able to communicate with other systems necessary to fulfill their specific responsibilities.
Enable firewall filtering between VLANs to ensure that only authorized systems are able to communicate with other systems necessary to fulfill their specific responsibilities.
CSC 12.5
CSC 12.5 Configure Monitoring Systems to Record Network Packets
Configure monitoring systems to record network packets passing through the boundary at each of the organization's network boundaries.
Configure monitoring systems to record network packets passing through the boundary at each of the organization's network boundaries.
CSC 12.9
CSC 12.9 Deploy Application Layer Filtering Proxy Server
Ensure that all network traffic to or from the Internet passes through an authenticated application layer proxy that is configured to filter unauthorized connections.
Ensure that all network traffic to or from the Internet passes through an authenticated application layer proxy that is configured to filter unauthorized connections.
CSC 9.5
CSC 9.5 Implement Application Firewalls
Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.
Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.
CSC 11.5
CSC 11.5 Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions
Manage all network devices using multi-factor authentication and encrypted sessions.
Manage all network devices using multi-factor authentication and encrypted sessions.
CSC 15.7
CSC 15.7 Leverage the Advanced Encryption Standard (AES) to Encrypt Wireless Data
Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.
Leverage the Advanced Encryption Standard (AES) to encrypt wireless data in transit.
CSC 16.5
CSC 16.5 Encrypt Transmittal of Username and Authentication Credentials
Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.
Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.
CSC 15.8
CSC 15.8 Use Wireless Authentication Protocols That Require Mutual, Multi-Factor Authentication
Ensure that wireless networks use authentication protocols such as Extensible Authentication Protocol-Transport Layer Security (EAP/TLS), which requires mutual, multi-factor authentication.
Ensure that wireless networks use authentication protocols such as Extensible Authentication Protocol-Transport Layer Security (EAP/TLS), which requires mutual, multi-factor authentication.
CSC 1.7
CSC 1.7 Deploy Port Level Access Control
Utilize port level access control, following 802.1x standards, to control which devices can authenticate to the network. The authentication system shall be tied into the hardware asset inventory data to ensure only authorized devices can connect to the network.
Utilize port level access control, following 802.1x standards, to control which devices can authenticate to the network. The authentication system shall be tied into the hardware asset inventory data to ensure only authorized devices can connect to the network.
CSC 12.7
CSC 12.7 Deploy Network-Based Intrusion Prevention Systems
Deploy network-based Intrusion Prevention Systems (IPS) to block malicious network traffic at each of the organization's network boundaries.
Deploy network-based Intrusion Prevention Systems (IPS) to block malicious network traffic at each of the organization's network boundaries.
CSC 14.3
CSC 14.3 Disable Workstation to Workstation Communication
Disable all workstation-to-workstation communication to limit an attacker's ability to move laterally and compromise neighboring systems, through technologies such as Private VLANs or micro segmentation.
Disable all workstation-to-workstation communication to limit an attacker's ability to move laterally and compromise neighboring systems, through technologies such as Private VLANs or micro segmentation.
CSC 12.4
CSC 12.4 Deny Communication Over Unauthorized Ports
Deny communication over unauthorized TCP or UDP ports or application traffic to ensure that only authorized protocols are allowed to cross the network boundary in or out of the network at each of the organization's network boundaries.
Deny communication over unauthorized TCP or UDP ports or application traffic to ensure that only authorized protocols are allowed to cross the network boundary in or out of the network at each of the organization's network boundaries.
CSC 12.3
CSC 12.3 Deny Communications With Known Malicious IP Addresses
Deny communications with known malicious or unused Internet IP addresses and limit access only to trusted and necessary IP address ranges at each of the organization's network boundaries,.
Deny communications with known malicious or unused Internet IP addresses and limit access only to trusted and necessary IP address ranges at each of the organization's network boundaries,.
CSC 9.2
CSC 9.2 Ensure Only Approved Ports, Protocols, and Services Are Running
Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.
Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.
CSC 11.4
CSC 11.4 Install the Latest Stable Version of Any Security-Related Updates on All Network Devices
Install the latest stable version of any security-related updates on all network devices.
Install the latest stable version of any security-related updates on all network devices.
CSC 12.2
CSC 12.2 Scan for Unauthorized Connections Across Trusted Network Boundaries
Perform regular scans from outside each trusted network boundary to detect any unauthorized connections which are accessible across the boundary.
Perform regular scans from outside each trusted network boundary to detect any unauthorized connections which are accessible across the boundary.
CSC 15.3
CSC 15.3 Use a Wireless Intrusion Detection System
Use a wireless intrusion detection system (WIDS) to detect and alert on unauthorized wireless access points connected to the network.
Use a wireless intrusion detection system (WIDS) to detect and alert on unauthorized wireless access points connected to the network.
CSC 11.1
CSC 11.1 Maintain Standard Security Configurations for Network Devices
Maintain documented security configuration standards for all authorized network devices.
Maintain documented security configuration standards for all authorized network devices.
CSC 1.6
CSC 1.6 Address Unauthorized Assets
Ensure that unauthorized assets are either removed from the network, quarantined, or the inventory is updated in a timely manner.
Ensure that unauthorized assets are either removed from the network, quarantined, or the inventory is updated in a timely manner.
CSC 7.4
CSC 7.4 Maintain and Enforce Network-Based URL Filters
Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.
Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.
CSC 9.3
CSC 9.3 Perform Regular Automated Port Scans
Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.
Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.
CSC 13.5
CSC 13.5 Monitor and Detect Any Unauthorized Use of Encryption
Monitor all traffic leaving the organization and detect any unauthorized use of encryption.
Monitor all traffic leaving the organization and detect any unauthorized use of encryption.
CSC 14.4
CSC 14.4 Encrypt All Sensitive Information in Transit
Encrypt all sensitive information in transit.
Encrypt all sensitive information in transit.
CSC 7.9
CSC 7.9 Block Unnecessary File Types
Block all email attachments entering the organization's email gateway if the file types are unnecessary for the organization's business.
Block all email attachments entering the organization's email gateway if the file types are unnecessary for the organization's business.
SWIFT Customer Security Controls Framework v2022:
6 - 6.5A Intrusion Detection
6.5A Intrusion Detection
NIST Cybersecurity Framework (EN):
DE.AE-1
DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
PR.DS-5
PR.DS-5: Protections against data leaks are implemented
PR.DS-2
PR.DS-2: Data-in-transit is protected
PR.PT-4
PR.PT-4: Communications and control networks are protected
PR.AC-3
PR.AC-3: Remote access is managed
PR.AC-5
PR.AC-5: Network integrity is protected (e.g., network segregation, network segmentation)
Связанные защитные меры
Название | Дата | Влияние | ||
---|---|---|---|---|
Community
1
5
/ 30
|
Нанесение грифа конфиденциальности на файлы (маркировка)
По событию
Вручную
Организационная
Техническая
Удерживающая
24.05.2022
|
24.05.2022 | 1 5 / 30 | |
Community
1
13
/ 25
|
Централизованная установка обновлений для ОС Windows через WSUS сервер
Ежедневно
Автоматически
Техническая
Превентивная
Компенсирующая
04.05.2022
|
04.05.2022 | 1 13 / 25 | |
Community
9
25
/ 34
|
Выделение ключевых систем в отдельную сеть (сегментация сети)
Разово
Вручную
Техническая
Превентивная
03.05.2022
|
03.05.2022 | 9 25 / 34 | |
Community
1
21
/ 58
|
Антивирусная защита рабочих станций
Постоянно
Автоматически
Техническая
Превентивная
11.02.2022
|
11.02.2022 | 1 21 / 58 | |
Community
1
9
/ 40
|
Блокировка доступа к несанкционированным сетевым папкам в локальной сети
Постоянно
Автоматически
Техническая
Превентивная
12.11.2021
|
12.11.2021 | 1 9 / 40 | |
Community
1
3
/ 20
|
Ограничение (блокировка) доступа к некорпоративным облачным сервисам
Постоянно
Автоматически
Техническая
Превентивная
09.11.2021
|
09.11.2021 | 1 3 / 20 | |
Community
1
3
/ 20
|
Обнаружение записи рабочей информации в некорпоративные облачные сервисы
По событию
Автоматически
Техническая
09.11.2021
|
09.11.2021 | 1 3 / 20 | |
Community
3
11
/ 43
|
Выделение периферийного оборудования и IP телефонов в отдельную сеть (сегментация сети)
Разово
Вручную
Техническая
29.07.2021
|
29.07.2021 | 3 11 / 43 | |
Community
9
/ 32
|
Проведение тестирования на проникновение
Ежеквартально
Вручную
Техническая
Детективная
02.06.2021
|
02.06.2021 | 9 / 32 |