A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a test designed to distinguish automated bots from human users. Variants range from distorted text to image selection to invisible behavioral analysis (reCAPTCHA v3).
In an ISMS context, CAPTCHA supports implementation of ISO 27001 Annex A controls A.8.5 (Secure Authentication) and A.8.20 (Network Security). It protects login forms against brute-force attacks, registration pages against automated mass signups, and contact forms against spam. When selecting a solution, consider data protection: reCAPTCHA sends user data to Google, raising GDPR questions. Privacy-friendly alternatives include hCaptcha, Friendly Captcha, and server-side rate limiting approaches.