Abstract

The risk of data theft has increased significantly over the past years. As a consequence, overwhelming damage is caused to institutions and private persons, respectively. Even the widespread ISO standard 27001 was updated recently in October 2022 to integrate data exfiltration aspects. Corresponding new security controls have been introduced. In this paper we review the ISO 27001:2022 with respect to data exfiltration and come up with recommendations on how recently integrated ISO 27001:2022 controls can be used in an operational environment. Based on that, we introduce and demonstrate the effectiveness of a proactive and dynamic concept by integrating a simulation cycle into the Information Security Management System (ISMS) and using cyber threat intelligence to provide us with information about current threats. We provide a prototype for the threat simulation cycle based on a smart combination of established and widely accepted cyber defence tools. Within our evaluation we show the feasibility of our targeted and dynamically configurable simulation of data exfiltration threats and thus support to thwart the actual cyber-attacks in advance. In all we contribute to prevent (or at least make it significantly more difficult) the threat of data exfiltration. Dynamic, threat aware and preventive cyber-defence is our objective, and we provide an updated concept which integrates conclusively into an ISO 27001:2022 compliant ISMS.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.