On Point

Security – If Nothing Else, Do the Basics

Posted by Don Cornish on Feb 22, 2018 4:20:43 PM

Protecting your organization can be as complex or as simple as you feel is right for your organization. Research has shown that organizations that consistently do the functions listed in the Center for Internet Security (CIS) Top 10 can reduce your risk posture by up to 80% The Top 10 activities are as follows:

  1. Inventory of Devices - Know what hardware and devices should be in your environment and on the network
  2. Inventory of applications and software - Know what applications are approved to be running in your business
  3. Harden devices - Configure devices so only the required services are running
  4. Vulnerability scanning and assessing risk posture - Assess your environment regularly and consistently and act on the results
  5. Administration account management - Grant access to systems with accounts that have sufficient privileges to perform their role and no more.
  6. Log management and analysis - Enable logging on systems that are key to your business and analyze these logs for anomalous behavior.
  7. Email and Browser protection - Use the tools that are available to secure email and web browsers
  8. Malware management - Have a functioning and up to date Anti-Virus or Anti-Malware system in place across the business
  9. Restrict network flow by locking down ports and protocols – Only permit network traffic needed to enable the business to operate
  10. Data recovery - Implement a backup regime for all critical business applications and test it regularly

Addressing these areas in a consistent manner will go a long way to protecting your organization and helping to keep your business IT systems operational.

 

Don Cornish is the Chief Information Security Officer for Dewpoint. He has an extensive background in IT security architecture and consulting based on his experience for a leading national and global organization. Don has security and compliance consulting experience addressing multinational business entities as well as the small to medium business segments. In addition, he is a Certified Information Systems Security Professional (CISSP).

Topics: Data Security