ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology.
One of the new controls added under the technological category, is something called web filtering. But what does this mean exactly?
Steve Mason joins us again today to delve deeper into web filtering to explain what it is, break down the different types and gives examples of uses that you could implement to reduce risk.
[01:05] How you can adopt the new controls of ISO 27002 ahead of the latest version of ISO 27001:2022 being published
[02:00] The purpose of web filtering
[02:26] An overview of what web filtering is: It’s a security technology that monitors web activity and prevents users from accessing websites with malicious content or sites that are deemed to be inappropriate for business use
[03:45] Outlook already has web filtering built in
[04:17] The Internet is still the dominant facilitator for cyber crime
[04:40] Types of web filtering, including: Browser based filters, search engine filters, client side filters and network based filters
[06:58] Examples of where web filtering comes into practice – to protect against threats from malicious sites with malware or fishing content, false anti-virus updates, sites with illegal content and sites with out of date SLL certificates.
[08:15] Are you safe relying on Microsoft Windows?
[08:50] What to look out for on websites to ensure it’s secure: A padlock in the bottom right corner, use of reputable third party payment gateways.
[09:27] Examples of what to be wary of when using the web i.e. deals that are too good to be true
[11:40] Consider setting up a small internet café that is separate from the company network – to allow employees access for personal use and to help keep your systems safe.
Download our ISO 27002 changes Quick Guide here:
We’d love to hear your views and comments about the ISO Show, here’s how:
Subscribe to keep up-to-date with our latest episodes: