The purpose of Control 8.20, Network security, is to protect information in networks and supporting information processing facilities from compromise through the network. This includes protecting data in transit, network devices, network services, communication paths, routing, management interfaces, and connected systems. Network compromise can lead to unauthorized access, interception, malware propagation, denial of service, lateral movement, data exfiltration, or manipulation of traffic. Option B relates more closely to Control 8.21, Security of network services, which addresses security mechanisms, service levels, and management requirements for network services. Option C relates to Control 8.22, Segregation of networks, which specifically concerns splitting networks into security boundaries or domains. Control 8.20 is broader: it establishes the general objective of securing networks against compromise. ISO/IEC 27002 expects organizations to manage and control networks according to risk, including architecture, monitoring, authentication, encryption where needed, device hardening, and protection of network management functions. The correct answer is therefore option A. References/Chapters: ISO/IEC 27002:2022, Control 8.20 Network security; Control 8.21 Security of network services; Control 8.22 Segregation of networks.
==========
Submit