Talk With an Expert

Threat Analysis of Allowing Employee Internet Access

Threat Analysis of Allowing Employee Internet Access (PDF, 3.11MB)Published: 28 Mar, 2008
Created by
Mason Pokladnik

The ISO 17799/27001 standard provides a good minimum description of what organizations should be doing to protect themselves, but it should not be the sole focus of your security and audit control design. A better approach is to allow your information-security management-system subcommittees or technical specialists to analyze the threats your organization is likely to face. Then, design your controls around those threats, balancing the cost to mitigate a threat versus the cost of a threat occurring in your environment. Finally, after you have analyzed the threats, you can double check your policies and procedures against a regulatory or management framework, such as ISO17799, SOX, GLBA, HIPPA or PCI.