linux ubuntu windows-8 iso27001: Updated Fri, 20 May 2022 09:15:17 GMT

ISO27001 and Linux/Ubuntu

My company has an ISO 27001 certification. They provided me a new laptop with Windows 8 OS in it. I asked if I can have a Linux/Ubuntu OS installed, they said that it is not possible due to the ISO 27001 standards.

Is it true or do the technical people of the company not know how to install Linux/Ubuntu?

Solution

One of ISO 27001 requirements is management of access control to company's IT resources.

If you just install Ubuntu on your laptop, all the access control will be managed by you directly, instead of your company. So when, for example, your manager will want to fire you, then your IT department won't be able to block your local laptop account in a convenient moment.

Of course Linux can be connected to central authentication systems (AD, IPA, CAS etc.), but first your IT department needs to build required competences (a single employee knowing how to do that is not enough since all ISO standards require written, repeatable and verifiable processes).

On the other hand, knowledge on how to connect Windows to AD, and deploy a central authentication, is more or less common in IT, so probably your company already has ISO processes for it. Therefore, they allow you to use only Windows.

Comments (2)

+1 – What's the precise requirement you're referring to here? I'm curious because I work for an ISO 27001 company that allows self installs, and we pass the audit each year. — Jul 04, 2015 at 20:20
+0 – It's defined exactly in ISO/IEC 27002, which is a kind of technical extension to 27001. However both of them are paid, and I currently don't have access to full texts. As for self installs, I didn't claim they aren't possible - company just have to have built required processes. — Jul 04, 2015 at 20:30

External Links

External links referenced by this document:

https://en.wikipedia.org/wiki/ISO/IEC_27001:2013

References

https://security.stackexchange.com/questions/93014