A personal firewall (host-based firewall) runs directly on an endpoint device and controls inbound and outbound network traffic on that device. It complements the network firewall at the perimeter and provides protection even when the device is outside the corporate network (e.g., working from home or on public Wi-Fi). Modern operating systems include built-in personal firewalls (Windows Defender Firewall, macOS Application Firewall). In your ISMS, ensure the personal firewall is enabled and centrally configured on all corporate devices, ideally through MDM or group policies.