~/Cedric

ISO/IEC 27002 [fr] Security referentials

Contrôles ISO/IEC 27002

ISO/IEC 27002 [nl] Security referentials

ISO/IEC 27002 controls

Use of a standard operating system on which logical attacks have already been carried out Vulnerabilities

The principle of least privilege is not applied Vulnerabilities

Who has access rights? Do rights correspond to users' roles?

Incorrect sizing (e.g. too much data for the maximum passband) Vulnerabilities

Presence of protocol that has no authentication function Vulnerabilities

No screen locker/locking functionality is active Vulnerabilities

No filtering and logging on communication relays between networks Vulnerabilities

The relays identify neither the sources nor the destinations (example of impact: system vulnerable to spoofing attacks) Vulnerabilities

The protocol does not allow acknowledgement of receipt to be sent Vulnerabilities