web filtering

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology.

One of the new controls added under the technological category, is something called web filtering. But what does this mean exactly?

Steve Mason joins us again today to delve deeper into web filtering to explain what it is, breaks down the different types and gives examples of uses that you could implement to reduce risk.   

You’ll learn

• What is web filtering?
• The purpose of web filtering
• The different types of web filtering
• Different measures of web filtering that can be implemented

 

Resources

• isology Hub
• Blackmores

 

 

In this episode, we talk about:

[01:05] How you can adopt the new controls of ISO 27002 ahead of the latest version of ISO 27001:2022 being published

[02:00] The purpose of web filtering

[02:26] An overview of what web filtering is: It’s a security technology that monitors web activity and prevents users from accessing websites with malicious content or sites that are deemed to be inappropriate for business use

[03:45] Outlook already has web filtering built in

[04:17] The Internet is still the dominant facilitator for cyber crime

[04:40] Types of web filtering, including: Browser based filters, search engine filters, client side filters and network based filters

[06:58] Examples of where web filtering comes into practice – to protect against threats from malicious sites with malware or fishing content, false anti-virus updates, sites with illegal content and sites with out of date SLL certificates.   

[08:15] Are you safe relying on Microsoft Windows?

[08:50] What to look out for on websites to ensure it’s secure: A padlock in the bottom right corner, use of reputable third party payment gateways.  

[09:27] Examples of what to be wary of when using the web i.e. deals that are too good to be true  

[11:40] Consider setting up a small internet café that is separate from the company network – to allow employees access for personal use and to help keep your systems safe.

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on Twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology.

As a reminder, ISO 27002 (Information security, cybersecurity and privacy protection — Information security controls) is a guidance document which provides further best practice advice to strengthen your IT Security.

Today, Steve Mason explains the changes made to the 2022 version of ISO 27002, gives a summary of the 11 new controls and gives some examples of some key considerations and actions you can take to implement them.

You’ll learn

• What changes have been made to ISO 27002:2022
• Why ISO 27002 has been updated in 2022
• An overview of the 11 new controls added to ISO 27002
• Examples of actions you can take to implement the new controls

 

Resources

• ISOlogy Hub
• Blackmores

 

 

In this episode, we talk about:

[01:28] A brief summary of the changes to ISO 27002:2022, including new controls, new structure and attribute types

[05:30] Controls in ISO 27002 now have a defined purpose to avoid misinterpretation     

[06:29] A summary of the 11 new controls by name and category    

[08:10] Threat intelligence – What tools do you have in place to identify threats? How do you monitor your threat intelligence effectiveness?

[11:20] Information Security use of Cloud Services – A reminder that ISO 27017 covers this in more detail! Do you have a cloud policy in place? Does it align with your clients security requirements?

[13:10] ICT readiness for Business Continuity – Focus on recovery of IT services following a disaster. Do you have Business Impact Assessments in place? If you’re certified to ISO 22301 – this area is most likely covered

[14:36] Physical Security monitoring – Are you monitoring physical security? i.e. keycard access, CCTV ect

[16:23] Configuration Management – Are you IT systems working well together? Do you have an established configuration for passwords? (i.e. how many characters, alpha numerical, symbols ect)

[18:13] Information Deletion – If data needs to be deleted, that it’s deleted in a secure manor and can’t be recovered.

[21:48] Data Masking – Make sure that any data that shouldn’t be shared is masked in some way i.e. obfuscated or anonymized.

[23:31] Data Leakage – Put measures in place to stop data being leaked through i.e. USB’s, people sending business information to personal email addresses ect   

[26:55] Monitoring Activities – You could monitor network traffic, software access ect. Be selective in your monitoring, only do so if it will be of benefit to the business.     

[28:04] Web Filtering – Ensure that employees can’t access any nefarious / high risk websites that could cause a security breach      

[30:15] Secure Coding – Make sure that coding is done securely – making sure that any software developed is secure and free of as many vulnerabilities as possible.      

Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan!

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on Twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Host Amy speaks with the Zack Fair on web filtering with SafeDNS.

Zack is the Business Development Manager at SafeDNS and an IT enthusiast

SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence.

Moreover, SafeDNS strives to create the next generation of safer and more affordable web filtering products.

 

Resources and links:

www.safedns.com

https://blog.safedns.com/

 

---

Did you know that the average MSP spends 10 hours manually inputting accounting data each week? 

That time is 120 prospect calls, a month’s worth of the Business of Tech, or building an entire lego death 
star.

Gozynta Mobius can make your life easier through accounting automation.

Automatic sync of 
invoices, expenses and inventory from ConnectWise Manage into QuickBooks Online in just a single click 
of a button. 
 
With onboarding, direct support, and regular feature releases, Gozynta is a family owned company dedicated to making software suck a little less each day.

Visit us at g-o-z-y-n-t-a dot com 

:-)