ISO 27001 – Management of technical vulnerabilities

The newly published ISO 27001:2022 in October 2022 brings a restructured catalogue of measures. Among other things, the new measure A.8.8 – Management of technical vulnerabilities – was introduced. This requires the operator of an ISMS to obtain information about technical vulnerabilities of the information systems used, to assess the exposure of the organisation to such vulnerabilities and to take appropriate measures.

Here, too, automation is the key to success. Implementing such measures manually is not only time-consuming, but also enormously expensive and risky – after all, day-to-day business too often takes precedence and there is simply no time for careful implementation. There is an acute danger of overlooking important matters and exposing information and systems to considerable risk.

Early warning system Watchdog by TEN IM

The good news: with Watchdog by TEN IM, these and numerous other measures can be carried out in a highly elegant, cost-efficient and time-saving automated way. Watchdog by TEN IM is your early warning system for your IT environment – whether traditionally on premise or in the cloud – and continuously analyses the threat situation based on the logs of your monitored systems. Recommendations for measures to be implemented are delivered “free of charge”. And the experts from TEN Information Management are available as sparring partners when it comes to deriving concrete actions from the findings.

Would you also like to know how you can implement measures of your ISO 27001 ISMS in an automated, cost-efficient and time-saving way with Watchdog by TEN IM? We would be happy to show you the solution in a free demo.


Share post

More articles

“The cloud is another name for “someone else’s computer,” and you need to understand how much or how little you trust that computer.” (Bruce Schneier). The quote comes from the context of the LastPass breach...
Conversion to the latest version of the standard Companies that are certified according to the international standard ISO 27001 will have to think about converting their ISMS to the latest version of the standard in...
In discussions with customers and interested parties, we are repeatedly confronted with the statement that security investigations (penetration tests and vulnerability scans) are not necessary in cloud scenarios because the cloud provider (e.g. Amazon Web...