Delivering key privileged access controls for ISO/IEC standards

New whitepaper guides organisations to address ISO/IEC 27002 security controls with the CyberArk solution.

  • Thursday, 4th December 2014 Posted 10 years ago in by Phil Alsop

CyberArk has released a new white paper, “Safeguarding Privileged Access: Implementing ISO/IEC 27002 Security Controls with the CyberArk Solution.” The technical paper provides organisations with a blueprint for implementing the CyberArk Privileged Account Security solution to enforce controls pertaining to privileged access within the ISO/IEC 27002:2013 standard.


Privileged accounts, which consist of IT administrative credentials, default and hardcoded passwords, application backdoors and more, are targeted in nearly every significant cyber attack. In response, organisations are increasingly adopting best practices standards for securing these accounts, including the International Organisation for Standardisation (ISO) and the International Electotechnical Commission (IEC) 27002 standard. The standards highlight the critical nature of privileged account abuse as part of advanced attacks, warning that “the inappropriate use of system administrator privileges...is a major contributory factor to failures or breaches of systems.”


“Privileged accounts represent a serious vulnerability,” said John Worrall, CMO, CyberArk. “Organisations adhering to ISO/IEC guidelines for safeguarding privileged access are taking a huge step forward in mitigating advanced attacks. The new whitepaper outlines how CyberArk helps organisations implement the controls outlined in the ISO/IEC standards.”


The CyberArk Privileged Account Security Solution helps organisations implement the following controls, which are consistent with the ISO/IEC 27002:2013 standard’s focus on privileged access security:
· Establishing and implementing privileged access policy
· Identifying the privileged access rights associated with each system or process
· Restricting the use of privileged access to authorised users based on functional roles
· Authenticating privileged users, ensuring individual accountability for privileged actions
· Changing default vendor passwords
· Restricting access to privileged utility programs
· Controlling privileged access by suppliers