Delivering key privileged access controls for ISO/IEC standards

New whitepaper guides organisations to address ISO/IEC 27002 security controls with the CyberArk solution.

  • 10 years ago Posted in

CyberArk has released a new white paper, “Safeguarding Privileged Access: Implementing ISO/IEC 27002 Security Controls with the CyberArk Solution.” The technical paper provides organisations with a blueprint for implementing the CyberArk Privileged Account Security solution to enforce controls pertaining to privileged access within the ISO/IEC 27002:2013 standard.


Privileged accounts, which consist of IT administrative credentials, default and hardcoded passwords, application backdoors and more, are targeted in nearly every significant cyber attack. In response, organisations are increasingly adopting best practices standards for securing these accounts, including the International Organisation for Standardisation (ISO) and the International Electotechnical Commission (IEC) 27002 standard. The standards highlight the critical nature of privileged account abuse as part of advanced attacks, warning that “the inappropriate use of system administrator privileges...is a major contributory factor to failures or breaches of systems.”


“Privileged accounts represent a serious vulnerability,” said John Worrall, CMO, CyberArk. “Organisations adhering to ISO/IEC guidelines for safeguarding privileged access are taking a huge step forward in mitigating advanced attacks. The new whitepaper outlines how CyberArk helps organisations implement the controls outlined in the ISO/IEC standards.”


The CyberArk Privileged Account Security Solution helps organisations implement the following controls, which are consistent with the ISO/IEC 27002:2013 standard’s focus on privileged access security:
· Establishing and implementing privileged access policy
· Identifying the privileged access rights associated with each system or process
· Restricting the use of privileged access to authorised users based on functional roles
· Authenticating privileged users, ensuring individual accountability for privileged actions
· Changing default vendor passwords
· Restricting access to privileged utility programs
· Controlling privileged access by suppliers

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...