Network Segmentation · Cenedril Wiki

Network segmentation divides a network into isolated areas (segments or zones). Each segment contains only the systems that need to communicate for a specific purpose. Firewalls or access control lists (ACLs) govern traffic between segments. This ensures that an attacker who compromises one segment does not automatically gain access to the entire network (lateral movement). Micro-segmentation refines this principle down to the application level. In an ISMS, network segmentation is a key control per ISO 27001 Annex A 8.22.