When to use this
Use this matrix to map web filtering policy decisions to blocked, warned, allowed, monitored, and exception-handled categories.
Related controls
- A.8.23 Web Filtering
- A.5.10 Acceptable Use of Information and Other Associated Assets
- A.8.7 Protection Against Malware
Category matrix
| Category | Decision | Risk reason | User groups | Exception allowed? | Alert required? | Review date |
|---|---|---|---|---|---|---|
| Malware/phishing | Block | Malware/credential theft | All | No/TBD | Yes | TBD |
| Uncategorized | TBD | Unknown risk | TBD | TBD | TBD | TBD |
Minimum checks
- Categories are risk-based.
- Acceptable use alignment checked.
- High-risk categories alert into monitoring.
- Exceptions are defined.
- Review date is set.
- Template
- Iso27001
- Technological controls
- Web filtering
Note Metadata
Aliases: Web Filtering Category Matrix
Source: 90 Templates/Web Filtering Policy and Category Matrix.md
Related Notes
- ISO 27001 A.5.10 - Acceptable Use of Information and Other Associated Assets
- A.8.23 Audit Evidence Pack
- ISO 27001 A.8.23 - Web Filtering
- ISO 27001 A.8.7 - Protection Against Malware
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.23 Audit Checklist
- Web Filtering Exception Register
- Templates MOC