Content library
Email and web browser
Email authentication: DKIM

Other tasks from the same security theme

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for avoiding phishing
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
9
requirements

Examples of other requirements this task affects

13.2.1: Information transfer policies and procedures
ISO 27001
13.2.3: Electronic messaging
ISO 27001
PR.AT-1: Awareness
NIST
HAL-12: Ohjeet
Julkri
5.14: Information transfer
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for avoiding phishing
1. Task description

The organization has developed guidelines for staff that define the acceptable use of various communication services and aim to prevent the disclosure of confidential information to, for example, a phisher or other third parties.

Using a selected web browser and checking for updates
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
8
requirements

Examples of other requirements this task affects

12.6.1: Management of technical vulnerabilities
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
PR.AC-3: Remote access management
NIST
TEK-19: Ohjelmistohaavoittuvuuksien hallinta
Julkri
5.14: Information transfer
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Using a selected web browser and checking for updates
1. Task description

The selection and up-to-dateness of web browser greatly affects e.g. experience, operation and browsing security of online services. When the entire organization uses the same web browser, instructing is easier and security is improved.

IT has chosen the browser to be used, monitors the staff in using the correct and up-to-date browser and supports the staff in the use.

Email authentication: DMARC
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
4
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
5.14: Information transfer
ISO 27001
2.8.1: Verify the sender address of incoming emails
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Email authentication: DMARC
1. Task description

SPF, DKIM and DMARC are technologies that prevent the sending of fake emails and phishing.

DMARC works together with SPF and DKIM. It tells the receiving e-mail server how to deal with a message that do not pass SPF or DKIM checks.

Email authentication: DKIM
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
4
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
5.14: Information transfer
ISO 27001
2.8.1: Verify the sender address of incoming emails
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Email authentication: DKIM
1. Task description

SPF, DKIM, and DMARC are technologies that prevent the sending of fake emails and phishing.

DKIM adds a digital signature to the header of outgoing e-mail. The outgoing e-mail header is encrypted with a private key, and the public key is added to the domain's DNS information so that the receiving server can decrypt the information. The key therefore ensures that the messages actually come from your own domain and not from the sender impersonating you.

Email authentication: SPF
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
4
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
5.14: Information transfer
ISO 27001
2.8.1: Verify the sender address of incoming emails
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Email authentication: SPF
1. Task description

SPF, DKIM, and DMARC are technologies that prevent the sending of fake emails and phishing.

Using SPF will help verify the authenticity of emails sent from your domain. The SPF is added as a TXT entry to your domain's DNS information to tell you which email servers are allowed to send email on behalf of your domain. The receiving email server refers to this entry when deciding whether the email is coming from the right party.

Enabling and configuring mailbox audit logs
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
2
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
5.14: Information transfer
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Enabling and configuring mailbox audit logs
1. Task description

With the mailbox audit logs, it is possible to track, for example, logins and other actions within inbox.

Usually, this feature is not turned on by default, and for employee privacy, it is important to choose the actions to be monitored carefully.

Activate STARTTLS
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
1
requirements

Examples of other requirements this task affects

2.8.2: Activate STARTTLS on the organisation’s email server
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Activate STARTTLS
1. Task description

Activate STARTTLS on the organisation’s email server to authenticate and ensure the confidentiality of all emails between the organisation and other organisations that have activated STARTTLS.

STARTTLS is a protocol command used to inform the email server that the email client wants to upgrade from an insecure connection to a secure one using TLS or SSL. This protocol command is used in SMTP and IMAP protocols, whereas the POP3 protocol uses STLS, which is a slightly different encryption command.

Email authentication: DNSSEC
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
1
requirements

Examples of other requirements this task affects

2.8.1: Verify the sender address of incoming emails
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Email authentication: DNSSEC
1. Task description

Use DNSSEC. The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups.

Use of anti-phishing policies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
4
requirements

Examples of other requirements this task affects

13.2.1: Information transfer policies and procedures
ISO 27001
13.2.3: Electronic messaging
ISO 27001
5.14: Information transfer
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Use of anti-phishing policies
1. Task description

Anti-phishing policies can help an organization prevent impersonation-based phishing. Targeted “spear phishing” attacks in particular are often so skillfully executed that even a conscious employee finds it difficult to identify a scam.

For example, the ATP extension for Microsoft 365 can quarantine e-mail messages that impersonate our CEO or that present our own domain as the sender's domain, while forwarding them to the person in charge of security.

Blocking auto-forwarding of mailboxes to external domains
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
1
requirements

Examples of other requirements this task affects

13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Blocking auto-forwarding of mailboxes to external domains
1. Task description

If a scammer gains access to a user's inbox, they can use the auto-forward feature to track communications and steal confidential information. Your own employees can also create unsafe forwarding rules, which can lead to data leakage or loss.

This can be prevented, for example, in a Microsoft 365 environment by creating a "mail flow" rule.

Mailbox audit log monitoring
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
2
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
5.14: Information transfer
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Mailbox audit log monitoring
1. Task description

Once the mailbox audit log is enabled, the events should be saved to a selected location for a desired time. This can be, for example, "Audit log search" in a Microsoft 365 environment or a separate SIEM system. In addition, it is necessary to decide on the control measures to be taken.

Use of a DLP-system
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
8
requirements

Examples of other requirements this task affects

18.1.2: Intellectual property rights
ISO 27001
18.1.3: Protection of records
ISO 27001
8.12: Data leakage prevention
ISO 27001
C1.1: Identification and maintainment of confidental information
SOC 2
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Use of a DLP-system
1. Task description

The DLP system aims to prevent the loss or leakage of sensitive data. The system can be used to prevent unwanted actions by monitoring, detecting and preventing the processing of sensitive data without meeting the desired conditions. Blocking can be done during use (in-use, terminal operations), in motion (in-transit, network traffic) or in storage locations (at-rest).

Email monitoring system
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Email and phishing
Email and web browser
2
requirements

Examples of other requirements this task affects

13.2.3: Electronic messaging
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Email monitoring system
1. Task description

With the help of email monitoring, e.g. identify personal, unstructured but valuable or sensitive personal or other information in e-mail traffic and the system.

Universal cyber compliance language model: Comply with confidence and least effort

In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.

Security frameworks tend to share the common core. All frameworks cover basic topics like risk management, backup, malware, personnel awareness or access management in their respective sections.
Cyberday’s universal cyber security language technology creates you a single security plan and ensures you implement the common parts of frameworks just once. You focus on implementing your plan, we automate the compliance part - for current and upcoming frameworks.
Start your free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.