Data Loss Prevention
for ISO 27001 Compliance

In 2022, the ISO outlined the future of the well-known ISO 27001 framework. Known as ISO 27001:2022, updates include new controls for information security - including Data Leakage Prevention. Compliant organizations have been given a deadline of October 31, 2025, to adopt the new requirements.

Endpoint Protector by CoSoSys can help companies to meet many of the new controls set out in ISO 27001:2022; in particular the need to safeguard data from unauthorized sharing and exfiltration, and the requirement for additive controls on employee endpoints.

ISO 27001:2022 controls addressed by DLP

Is DLP new to ISO 27001:2022?

The need to protect data from loss was always implied by ISO 27001, but the latest revision goes further to make it an explicit requirement with two control types required for certification:

1. Preventative (Protect): Controls to stop a data loss incident from occurring; this may include scanning for sensitive data-at-rest (latent risk), real-time blocking of unauthorized data sharing, or the ability to identify attacks / exfiltration attempts.
2. Detective (Detect): Organizations must be able to identify data loss incidents and have the tools necessary to investigate them.

The controls listed in Annex A are directly derived from ISO 27002:2022. While ISO 27001:2022 outlines the requirements for certification, it is actually ISO 27002 that offers best practices and control objectives related directly to key cybersecurity aspects; including access control, cryptography, human resource security, and incident response. The standard serves as a practical blueprint for organizations aiming to effectively safeguard their information assets.

ISO 27002:2022 | 8.12 Data Leakage Prevention

Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information.

Security frameworks such as ISO 27001:2022 or ISO 27002:2002 rarely define an exact technology type to meet the control requirement. This allows the organization to implement a solution based on their own set of circumstances.

However, it can be assumed that the most likely technology type available for meeting (8.12) Data Leakage Prevention is a DLP solution such as Endpoint Protector by CoSoSys. DLP solutions provide a set of tools to detect and prevent the unauthorized sharing and exfiltration of sensitive data to ensure it remains within organizational control.

DLP solutions can be implemented in a variety of ways, such as network-based, endpoint-based, or cloud-based, and can be used to protect a wide range of data types, including text, numbers, and binary data.

Note that (8.12) Data Leakage Prevention includes provision for “devices” such as employee endpoints. This is due to the fact that regardless where data resides (e.g., a cloud file store), more than 70% of data loss incidents originate from the endpoint. This typically occurs from employees sharing files and data through email or messaging apps such as Slack and Microsoft Teams, uploading through a browser to a personal or third-party cloud resource, printing, or transferring data to removable storage media. To meet this control, it is likely a combination of DLP measures will need to be implemented, but most importantly at the endpoint.

ISO 27002:2022 | 8.1 User Endpoint Devices

Control information stored on, processed, or accessible via user endpoint devices should be protected.

User endpoint devices refers to the equipment or devices that are used by individuals to access and interact with a network or system - most importantly their laptops or desktop stations. Requirements for this control are broad and may span access control, data encryption, device management, and antivirus. However, the control is also closely aligned with 8.12 due to employee endpoints also being a key exfiltration point for data. This means that the deployment of Endpoint Protector will ensure some degree of compliance across both controls.

It is recommended that protection of end user laptops and desktops include a Device Control strategy to restrict what types of hardware can be connected. For example, this may include restricting access to removable USB storage, bluetooth connections, and local printers.

Manage ISO 27001:2022 DLP requirements with Endpoint Protector

Considerations for your organization

Remember, given its breadth, no one solution will fulfill all ISO 27001:2022 requirements. Instead, organizations should look to combine multiple technologies, and processes, to meet their stated goals.

Organizations should also look to understand the sensitivity of the information to be processed, stored, or transmitted, and should conduct a thorough evaluation of Endpoint Protector to ensure it meets their unique compliance needs. Organizations are solely responsible for determining the appropriateness of using Endpoint Protector by CoSoSys to achieve their ISO 27001:2022 certification.