Communication coming from outside the organisation needs to be clearly distinguishable from internal communication with warnings that the originating party is from outside the organisation. This includes electronic messages received in email programs.
Specification
Implement warnings in the email regarding communications from outside the organisation, to alert people of:
- Communications originating from outside the own orginasation
- Communication from people that individuals do not usually correspond with
- Emails with indicators of potential attacks, such as originating from look-a-like domains
ISO 27001 & 27002:2022
A5.10,
A5.14,
A5.33,
A5.34,
A7.7,
A7.10,
A8.1,
A8.7,
A8.12,
A8.19,
A8.26,
A8.33
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
DM.03 Beveiligingseisen voor Datamanagement
SM.12 Manage malware attacks