Inverifi logo

ISO 27001 Controls: Network Security

Any organisation that works with interconnected computers would be wise to take network security into consideration.

ISO:27001 Controls- Networking Security banner

Nearly all organisations work with interconnected computers in some capacity.  

 

Remember, not every computer has a keyboard and mouse. From your mobile phone, to your TV remote, and even your credit card, nearly everything is a computer these days.

 

Network security is a requirement of ISO 27001:2013 annex control A.13

Interconnected Computers

When I refer to computers an organisation works with, you may think of the computers owned by the organisation itself. However, this doesn’t necessarily cover everything.

 

When you use Inverifi to document your policies, you are storing your policies “in the cloud” – or, to put it more directly, on computers controlled by us.

 

As such, you are trusting us to store your policies, and to make them available to your employees, in a secure manner. In a sense, you are working with our computers.

 

Likewise, you could say that we work with our customers’ computers.

 

If you use Inverifi, we write code that runs on your computers. We facilitate the secure exchange of data between your computers and ours.

Secure Transfer of Information

When you’re transferring data over the internet, various entities are involved in delivering it to its destination.

 

Each entity involved in transferring data from point A to point B is able to intercept it. Without appropriate measures in place, they could steal your information.

 

At minimum, the sender’s and recipient’s internet service providers (ISPs) will have access to the data. Realistically, various intermediary ISPs will also be involved.

 

Furthermore, most countries’ governments monitor internet activity within their borders, to a certain degree – and this isn’t necessarily done in good faith.

 

When transferring data over the internet, you can keep yourself and your customers protected by encrypting it first.

 

With adequate encryption in place, interceptors will only gain access to a scrambled form of the data being sent; this will be completely useless to them.

 

If you want to know more about cryptography, you can read our previous blog entry on the subject.

Final Thoughts

If you are transferring data between computers over the internet, it is probably best to assume that someone will try to intercept this data along the way.

 

The above advice applies to everyone – whether you’re setting up an online banking service, or simply checking WhatsApp.

 

With this in mind, you should take appropriate measures to keep your data protected.

More blogs you might like