Skip to content

Understanding ISO 27001: Evolution & Alignment with Network Access Control (NAC)

ISO 27001 stands as a cornerstone in the realm of information security, providing a structured and comprehensive approach to managing sensitive company information. Today, we delve into what ISO 27001 is, its evolution over time, and how Network Access Control (NAC) aligns with its principles to fortify organizational security.

What is ISO 27001?

ISO 27001 is an international standard for Information Security Management Systems (ISMS). It is part of the ISO/IEC 27000 family of standards, which are designed to help organizations keep their information assets secure. The standard provides a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process.

Core Elements:

  1. Risk Management: Identifying potential threats to information security and implementing measures to mitigate these risks.
  2. Leadership Commitment: Ensuring that top management is committed to information security and provides the necessary resources.
  3. Continuous Improvement: Regularly reviewing and updating security measures to address new threats and vulnerabilities.
  4. Context of the Organization: Understanding the internal and external issues that can affect the information security objectives.
  5. Support and Operations: Ensuring that sufficient resources are provided and that operations are managed effectively to support security measures.

Evolution of ISO 27001

The journey of ISO 27001 began in the 1990s, originating from the British Standard BS 7799, which was developed by the British Standards Institution (BSI). It was intended to provide a framework for managing information security and was published in two parts: BS 7799-1, which provided the implementation guidelines, and BS 7799-2, which specified the requirements for an ISMS.

Key Milestones:

  1. 1995: BS 7799 was first published.
  2. 2000: BS 7799-2 was introduced, focusing on the requirements for implementing an ISMS.
  3. 2005: The International Organization for Standardization (ISO) adopted BS 7799-2, leading to the publication of ISO/IEC 27001:2005.
  4. 2013: The standard was revised, resulting in ISO/IEC 27001:2013, which brought it in line with other management system standards and made it more flexible to align with organizational needs.
  5. 2017: Minor updates were introduced to clarify certain points in the standard.
  6. 2022: The latest revision, ISO/IEC 27001:2022, further refines the standard, incorporating new technologies and methodologies to enhance information security practices.

Each iteration of the standard has aimed to improve its applicability, making it more robust against emerging threats and more adaptable to the diverse needs of organizations across different industries.

Network Access Control (NAC) and ISO 27001

Network Access Control (NAC) is a security solution that manages and controls the access of devices to a network. It ensures that only compliant and trusted devices are allowed to connect, thereby maintaining the integrity and security of the network.

How NAC Aligns:

  1. Risk Assessment and Treatment:
    • ISO 27001 Requirement: Organizations must identify risks and implement measures to mitigate them.
    • NAC Alignment: NAC identifies devices attempting to access the network, assesses their security posture, and either grants or denies access based on compliance with security policies. This aligns with the risk assessment and treatment process by preventing potentially risky devices from compromising the network.
  2. Access Control:
    • ISO 27001 Requirement: Organizations need to implement controls to ensure that only authorized individuals have access to information.
    • NAC Alignment: NAC enforces access control by ensuring that only authenticated and authorized devices can access the network. This prevents unauthorized access and helps protect sensitive information.
  3. Asset Management:
    • ISO 27001 Requirement: Organizations should identify and manage their assets to protect information.
    • NAC Alignment: NAC provides visibility into all devices connected to the network, helping organizations maintain an accurate inventory of assets. This supports the asset management requirements of ISO 27001 by ensuring that all networked devices are accounted for and managed.
  4. Monitoring and Review:
    • ISO 27001 Requirement: Organizations must monitor and review their information security management system to ensure its effectiveness.
    • NAC Alignment: NAC continuously monitors network traffic and device compliance, providing real-time data and insights. This ongoing monitoring aligns with ISO 27001’s requirement for continuous review and improvement of security measures.
  5. Incident Management:
    • ISO 27001 Requirement: Organizations need to establish a process for managing information security incidents.
    • NAC Alignment: NAC helps detect and respond to security incidents by identifying anomalous behavior and unauthorized access attempts. This supports the incident management process by enabling quick identification and remediation of security breaches.
  6. Compliance:
    • ISO 27001 Requirement: Organizations must comply with applicable legal, regulatory, and contractual requirements.
    • NAC Alignment: NAC ensures that devices comply with organizational security policies and external regulations before granting access. This helps organizations maintain compliance with various standards and regulations, including ISO 27001.

Conclusion

ISO 27001 has evolved significantly since its inception, adapting to the changing landscape of information security. Its structured framework for managing information security risks is essential for organizations aiming to protect their sensitive data. Network Access Control (NAC) complements ISO 27001 by ensuring that only compliant and authorized devices can access the network, thus reinforcing the standard’s principles.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Making sense of popular methods of authentication

They: Authenticate yourself! — You: But how?

Every time you log in to an account, you must first prove that you are who you say you are. It’s like entering a military base: no pass, no entry. But that’s what authentication is essentially about — verifying a user’s identity so that no unauthorized parties can get on the inside.

Depending on the platform, the methods used for authentication vary in complexity. Sometimes, a single password is enough to gain access. Other times, you must provide additional codes, click a link sent to you via email, or stare at your device’s camera so it can scan your face.

With so many methods of authentication available, we aim to help you navigate this landscape and understand why it’s important to authenticate and how to do so safely and conveniently. Let’s start with the “why.”

Why is user authentication important?

While we’ve already touched on the importance of authentication in the previous section, let’s delve deeper into why it’s so crucial.

Authentication serves as the gatekeeper to your online accounts and services. Its primary role is to ensure that only you — and authorized individuals — can access your financial records, personal messages, and other sensitive information.

Moreover, authentication helps prevent attempts to misuse your accounts for fraudulent transactions or nefarious activities under false identities. In other words, it ensures that you have control of your accounts and that no deceitful actions can be made in your name.

Needless to say, as a user, you are also more likely to engage with online services, share personal information, and conduct transactions when user authentication methods are in place. So, in a way, it is also a way to form and nurture trust between you, the user, and the service provider.

Types of authentication methods

Among the array of user authentication methods available today, six stand out as the most popular and crucial for cybersecurity. These include:

Token authentication

This form of authentication involves the use of a physical device, such as a USB token or smart card, to generate a one-time password or cryptographic key for accessing systems or services. The token authentication method provides an additional layer of security as the token must be in your possession.

Password authentication

Passwords are the most widely used method for user authentication, requiring individuals to provide unique combinations of characters to access their accounts or systems. Strong passwords should be complex and unique, incorporating a mix of letters, symbols, and numbers arranged randomly to thwart cybercriminals’ attempts at guessing them.

Biometric authentication

Biometric authentication utilizes unique physical or behavioral characteristics of individuals to verify their identity. This can include fingerprint recognition, facial recognition, iris scanning, or voice recognition. Biometric authentication offers a high level of security as it is difficult to replicate or fake these biological traits.

Multi-factor authentication

Multi-factor authentication (MFA) combines two or more authentication factors, such as something you know (password), something you have (token), or something you are (biometric), to verify a user’s identity. By requiring users to provide multiple identity proofs, MFA adds an extra layer of security, reducing the risk of unauthorized access — even if one factor is compromised.

A common implementation of MFA is two-factor authentication (2FA), which requires users to provide two different types of authentication factors before accessing their accounts

Certificate-based authentication

This method involves the use of digital certificates issued by a trusted authority to verify the identity of users or devices. The certificates are used in combination with public-key cryptography to authenticate users and encrypt data during transmission, ensuring secure communication between parties.

Passkey authentication

Passkeys are a new form of authentication where users are granted access without providing their password. Passkey technology combines biometric verification with cryptographic keys for a safer and easier way to log in. Each user has a unique pair of keys: a public one stored on the server and a private one on their device. When logging in, the server asks for the private key, which the device provides. If they match, you’re granted access.

Which authentication method is the safest one?

Naming just one of the secure authentication methods described above as the safest is not easy, especially since each method has its own strengths and weaknesses depending on the situation. For instance, while biometric authentication methods are highly effective, they are not immune to theft. So, if a cybercriminal gains access to someone’s fingerprint, that authentication method becomes compromised. After all, unlike a password, you cannot change your fingerprint.

So, if we were pushed to choose just one, we would say that passkeys are the safest authentication method because they help eliminate the risk of phishing, cannot be easily stolen or guessed (unlike weak passwords), and utilize strong cryptographic techniques to ensure the integrity and confidentiality of user credentials. Passkeys also avoid the pitfalls of traditional methods as they do not rely on something you need to remember, like a password, or something that can be physically stolen, like a security token.

In reality, however, the best approach is to use a combination of different methods tailored to the specific situation and required level of security. The best part is that you only need one tool to make this possible.

You don’t have to settle for just one authentication method

If you use NordPass, an advanced yet intuitive password manager designed by the team behind NordVPN, you gain immediate access to many of the best authentication methods available, allowing you to mix and match them for optimal security. How so?

First, NordPass can generate strong passwords on the spot and allows you to store your credentials safely in an encrypted vault that only you can access. It also enables you to implement multi-factor authentication for your online accounts, using the NordPass app as your authenticator to provide TOTP codes. Additionally, NordPass supports passkey technology, empowering you to effectively protect your accounts without passwords and access them instantly through methods such as biometric authentication.

With NordPass, authentication management becomes seamless and secure — get the 14-day free trial and see for yourself.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How to disable Google Password Manager

Ready to make the next step in your password management journey and move on past the Google Password Manager? Well, you’re in the right place.

As much as Google’s password manager is convenient, some of you might be looking for higher levels of protection and flexibility. Be it more advanced encryption, in-depth insights on password strength, or the ability to handle your passwords seamlessly across any device, NordPass can serve as an excellent alternative. Let’s see why you may want to make the change and how you can disable Google’s password manager.

Important: Before you disable Google’s password manager

Before you disable the Google Password Manager, we highly recommend exporting all of your saved passwords. This step is critical in case something goes wrong during the transition to the new password manager. It also simplifies the process of importing all the login data into your next password manager such as NordPass, ensuring a seamless transition without the loss of any critical information. On top of that, having a copy of your stored passwords provides peace of mind; if you encounter any issues during the transition, you will still have a copy of your login credentials for your most important online accounts and services.

How to export your passwords from the Google Password Manager

Here’s a quick step-by-step guide for exporting your passwords from the Google Password Manager in Chrome:

  1. Open Google Chrome and go to Settings.

  2. Select the Autofill and Passwords tab and click Google Password Manager.

  3. Open Settings and select Download File.

  4. Enter your device’s password to export the passwords.

  5. Save the CSV file to your device.

That’s it! You’ve successfully exported your password from the Google Password Manager.

How to turn off Google Password Manager in Chrome on desktop

The Google Password Manager is turned on by default in all Chrome browsers. Switching it off is quick and easy though. Here’s how you can do it:

  1. Open Google Chrome and select your profile in the upper-right corner.

  2. Select the key icon under the profile image.

  3. Open Settings.

  4. Now switch off the toggle next to Offer to save passwords and Sign in automatically.

That’s it! The Google Password Manager on Chrome is now disabled.

How to turn off Google Password Manager on Android

Here’s a quick rundown of how you can turn off the Google Password Manager on your Android device:

  1. Open the Chrome app on your Android device.

  2. Tap the three dots in the top-right corner.

  3. Open Settings.

  4. Tap Password Manager.

  5. Select the gear icon next to Password Manager.

  6. Turn off the toggle next to Offer to save passwords and Auto sign-in.

You’re all done, the Google Password Manager is now turned off on your Android device.

How to turn off Google Password Manager on iOS

Here’s how you can turn off the Google Password Manager on your iOS device:

  1. Open the Chrome app on your iOS device.

  2. Tap the three dots in the bottom-right corner.

  3. Select Password Manager.

  4. Turn off the toggle next to Offer to save passwords.

How to set up a third-party password management solution

Transitioning from the Google Password Manager to a dedicated password manager such as NordPass is a significant step towards enhancing your online security and simplifying your online interactions.

NordPass is designed with user convenience and security in mind and offers a more tailored and robust password management experience. By setting up NordPass as your dedicated password manager, you’ll get a more secure and efficient way of managing your login credentials, credit card data, personal information, and more. The switch to NordPass is seamless and can be done in just a few simple steps. Here’s how you can set up NordPass as your primary password manager:

Download and install NordPass

  • Visit the NordPass website to download the extension or go to the App Store (iOS) or Google Play Store (Android) to get the mobile app.

  • Follow the setup instructions provided on the website or app store.

  • Sign up for a new account.

Import your passwords on desktop

Once you have NordPass installed, the next step is importing your passwords. This process ensures that all your login credentials from Google Password Manager are transferred to NordPass without any data loss. Here’s a rundown of how to do it:

  1. Open the NordPass extension on your browser.

  2. Open Settings.

  3. Navigate to the Import section.

  4. Select Google Password Manager or Google Chrome from the list of options.

  5. Click Import. (Alternatively, you can choose the Other option in the Import menu.)

  6. Now, upload the CSV file you previously exported from Google Password Manager.

That’s it! Your passwords from Google Password Manager will now appear in your NordPass Vault.

Import your passwords on mobile devices

  1. Open the NordPass application on your mobile device.

  2. Open Profile.

  3. Select the browser you want to import your login information from.

  4. Follow the steps on exporting your passwords from the specific browser.

Once you complete these steps, all saved passwords will appear in your NordPass vault.

Set up NordPass as your default password manager

To make the most out of NordPass, setting it as your default password manager will ensure all your new passwords and changes are automatically saved. Here’s how you can do that:

For Desktop:

  1. Download the NordPass browser extension from the Chrome Web Store or your preferred browser’s extension store.

  2. Install the extension and log in with your NordPass account.

For Android:

  1. Open the NordPass on your Android device.

  2. Select Profile and open Settings.

  3. Switch the toggle next to Turn on autofill.

  4. Select Open Autofill Service.

  5. Now select NordPass as the preferred autofill service in device settings.

That’s it! Now NordPass will allow you to autosave and autofill your credentials, which will essentially make NordPass your default password manager on your Android device.

For iOS:

  1. Open your device’s Settings.

  2. Go to Passwords.

  3. Tap Autofill Passwords.

  4. Select NordPass and disable any other services for the best autofill experience.

By following these steps, you will effortlessly transition to NordPass as your default password manager, enjoying a more secure, efficient, and comprehensive password management experience.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×