ISO 27001 2022

What is the ISO 27001 2022 ?

ISO 27001 is an internationally recognized standard for information security management systems (ISMS). It stipulates that information stored on, processed by or accessible via user endpoint should be protected. ISO 27001 contains 10 clauses and an annex that is important to mobile security. Annex A contains a set of security controls that cover different aspects of information security. These controls are organized into 14 sections, each addressing specific security domains. Adopting ISO 27001:2022 as a framework establishes and maintains robust security controls and practices.

ISO 27001 clauses and controls applying to mobile data

Clause 4 to 10

These clauses apply to the organization’s strategic choices. In order to be successful with mobile cybersecurity, it is essential that the organization makes the choice to invest in cybersecurity on the level of Organization Context (Clause 4), Leadership (Clause 5), Planning (Clause 6), Support (Clause 7), Operation (Clause 8), Performance Evaluation (Clause 9) and Improvement (Clause 10).

A.8. Asset management

The controls outlined in this section are designed to make sure that valuable information assets (like data, smartphones, computers, and storage devices) are identified and secured.

A.6: Organization of Information Security

Section A.6 focuses on setting up a basic framework for information security. It looks at the internal organization and considers aspects like project management, use of mobile devices, and teleworking.

A.10. Cryptography

This section addresses cryptographic measures to safeguard sensitive information. Cryptography converts plain data into encoded data using encryption algorithms. The main objectives of cryptographic controls include confidentiality, integrity, authentication, and non-repudiation.

A.12. Operations security

The controls in this section aim to ensure that that the systems and software used to handle information are safe from harmful software (like viruses and other malware) and that the data they use is kept secure.

A.13. Communications security

The controls in this section help organisations protect network infrastructure and services, as well as the information that travels on them. They address various aspects of securing communication channels to prevent unauthorized access, data interception, or tampering.

A.16. Information security incident management

This section’s controls offer a plan to manage security incidents properly. The goal is to handle these incidents promptly, communicate effectively about them, and keep evidence intact if needed. Additionally, the controls focus on learning from incidents to prevent them from happening again in the future.

A.18. Compliance

This section’s controls offer a plan to prevent legal, statutory, regulatory, and contractual breaches.

Become compliant with ISO 27001

Pradeo’s solutions can help you be compliant with ISO 27001. The Mobile Threat Defense solution helps you with the controls for asset management and operations security. Smartphones and other mobile devices are protected from malware, data interception and tampering. The security dashboards and automatic reports also help with incident management and organization.

To comply with the controls in communications security and cryptography, companies should also secure their apps. Pradeo’s Mobile Application Security Testing, Shielding and Runtime Application Self Protection solutions are part of the Pradeo App suite that aims to protect applications against malicious activities and data leaks