{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Framework - ISO 27001 (Cyber)","title":"Episode 65 — A.8.23–8.24 — Web filtering; Use of cryptography","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/c84079fd\"></iframe>","width":"100%","height":180,"duration":927,"description":"A.8.23 establishes web filtering to manage risk from browsing and outbound HTTP/S traffic, acknowledging that the browser is a primary threat vector. For the exam, emphasize policy-aligned controls that block known malicious domains, enforce safe browsing categories, and apply content inspection where lawful and appropriate to detect malware and data exfiltration. Modern approaches pair DNS-layer protection with secure web gateways or cloud access brokers, integrating identity to apply differentiated policies for roles and devices. Evidence includes block/allow lists governance, certificate management for inspection, exception processes, and metrics such as blocked threat counts, false positive rates, and user impact indicators. Pitfalls involve overbroad blocking that breaks business workflows, privacy concerns around inspection, and blind spots for unmanaged devices. Effective implementations coordinate with awareness programs so users understand why blocks occur and how to request legitimate access, turning filtering into a guardrail rather than a roadblock.A.8.24 governs the use of cryptography to protect confidentiality, integrity, and authenticity of information at rest and in transit. Candidates should demonstrate understanding of policy-driven key management, algorithm and parameter standards, certificate lifecycle (issuance, rotation, revocation), hardware-backed key protection where feasible, and separation of duties so no single actor can compromise a root of trust. Design choices must consider performance, interoperability, and regulatory constraints (e.g., export controls, data residency) while avoiding deprecated algorithms and weak modes. Pitfalls include unmanaged private keys embedded in code, inconsistent TLS configurations, and shadow PKI that spawns operational failures and security gaps. Strong programs centralize secrets, enforce automated rotation, inventory cryptographic assets, and validate configurations continuously with scanners and...","thumbnail_url":"https://img.transistorcdn.com/QyFhFvukwf4vQ5PJ2PWS6N0cGlZo_HHhOwGBe1ETB4E/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS82ZTEw/YzQ0MTcxYzBiYmVi/NjgyOWYzMTRiZjk5/NDhjNS5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}