As technology continues to advance, electronic messaging has become an integral part of modern communication.
This is why organizations must have proper policies and controls in place to ensure the security of electronic messaging systems.
A.13.2.3 of the ISO/IEC 27001 standard deals with the policies and control requirements around electronic messaging.
This article will provide a checklist for organizations to use when reviewing their policies and procedures for electronic messaging.
- Policy review: Check whether the organization has a policy in place for electronic messaging. Ensure that it covers all aspects of electronic messaging, including email, FTP/SFTP, dial-up links, and bulletin boards.
- Access controls: Check whether the organization has appropriate access controls in place for electronic messaging systems. This should include authentication measures such as passwords and multi-factor authentication.
- Encryption: Check whether the organization has appropriate encryption measures in place for electronic messaging systems. This should include email and link encryption, especially for messages classified as sensitive or confidential.
- Non-repudiation: Check whether the organization has measures in place to prevent non-repudiation. This should include ensuring that messages are signed and authenticated, and that there is a clear record of message exchanges.
- Security arrangements for internet and intranet systems: Review security arrangements for Internet, Intranet, and related systems such as bulletin boards. Ensure that these systems are properly secured with firewalls, antivirus software, and intrusion detection/prevention systems.
- Training and awareness: Check whether the organization provides adequate training and awareness for employees on the policies and procedures for electronic messaging. This should include how to handle sensitive information and how to recognize phishing and other email-based attacks.
Electronic messaging has become an essential part of modern communication, and organizations must have proper policies and controls in place to ensure its security.
By using the checklist provided above, organizations can review their policies and procedures for electronic messaging and identify areas where improvements can be made.
This will help ensure the confidentiality, integrity, and availability of information exchanged through electronic messaging systems.