ISO/IEC 27001 Control 5.29: Information security during disruption

The organization should plan how to maintain information security at an appropriate level during disruption.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint maintains all policies and rules during incident response. Pre-configure emergency access control can be used during incident response. Synchronization can be used to restore security after disruption.

Policy-driven RBAC mechanism can be used to activate pre-configure emergency access control during disruption, providing controlled and panic-free elevation of privileges for incident responders. Segregation of duties, information classification and other policy rules are still applied during disruption (e.g. incident), hindering attempts to create major access control breach by the attacker or the responders. Synchronization capability can be explicitly invoked during of after the disruption to make sure access control rules are still properly applied. Synchronization can discover illegal accounts and privileges that were either created by attacker, or that are leftovers from incident response. Any illegal access can be automatically de-provisioned (deactivated) using synchronization reactions. Provisioning consistency capability of midPoint automatically corrects all inconsistencies it discovers, including policy violations. Object marks can be used to mark suspicious accounts and roles during disruption for closer investigation at later date. Should there be a need to create a replacement system during disruption, midPoint RBAC mechanisms together with efficient provisioning engine can be used to quickly and automatically grant access to the replacement system, maintaining appropriate access levels for individual users. MidPoint audit trail records all changes that were made during disruption using midPoint, or that were discovered by midPoint. This information can be used to restore the appropriate level of security after disruption.