top of page

ISO27001:2022-Web filtering

Many companies use firewalls and VPNs for network management when implementing the A.13 communication security of the old version of ISO27001:2013. The focus will be on restricting network access from outside to inside. Installation restrictions also require internal employees not to arbitrarily install applications on work devices. However, according to the current situation in the industry, except for public agencies and some companies that prohibit employees from using social networking sites such as Facebook and Twitter, most companies will not impose restrictions on going out through inline.

A.8.23 Web filtering of the new version of ISO27001:2022 corrects this and requires organizations to manage access to external websites. The main purpose is to prevent internal employees from clicking on websites that should not be clicked and downloading should not be downloaded. The application even accidentally leaks internal data. In other words, the new version of ISO 27001:2022 hopes to protect internal employees from being directly exposed to the ever-changing cybersecurity threats through this new control.

For example, in the previous discussion of social engineering, phishing pages to deceive private information, and pop-up advertisements, these social engineering methods that we have observed are most likely to cause information security incidents are also the focus of this new requirement. ISO27002 also recommends that organizations combine the collection of threat intelligence (Threat Intelligence) to master and block these malicious websites.


bottom of page