ISO 27002:2022 introduces several new information security controls including A8.16 – Monitoring activities.
This blog takes a brief look at what is required.
Monitoring activities in ISO 27002:2022
The new control id 8.16 Monitoring activities has been added to ISO/IEC 27002:2022 to detect anomalous behaviour and potential information security incidents.
The control is regarding networks, systems and applications which should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.
How to Evidence A8.16 of ISO 27002:2022
The extent to which you carry out monitoring activities should be determined in accordance with the security requirements from your risk assessment, and take into consideration relevant laws and regulations.
Monitoring records should be retained for auditing purposes for a defined retention period.
The following should be considered for inclusion within the monitoring system:
a) outbound and inbound network, system and application traffic,
b) records of access to physical and virtual systems or applications,
c) monitoring of changes to configuration files,
d) logs from security tools such as anti-malware or web filtering systems,
e) event logs relating to system and user activity,
Implement A8.16 – Monitoring activities
Many ISO 27001 certified organisations already have network monitoring tools in place which will meet this control. However the increase in remote working may make this control difficult to implement at a granular level.
If you need assistance with control A8.16, Assent’s ISO 27002 Consultants can help.