I came across an article by Roger Grimes over at Infoworld on how security policies and controls are the real power when it comes to IT security. Roger mentions the SANS 20 Critical Security Controls for Effective Cyber Defence , which are a great read for anyone looking at updating or auditing your policies for completeness. The SANS top 20 controls are a must for any organization: Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Boundary Defense Maintenance, Monitoring, and Analysis of Security Audit Logs Application Software Security Controlled Use of Administrative Privileges Controlled Access Based on the Need to Know Continuous Vulnerability Assessment and Remediation Account Monitoring and Control Malware Defenses Limitation and Control
39... and I lost about 30 seconds to an incoming phone call ;-) Still, by the end, I was pretty much stumped and I spent the last 15 seconds staring at the screen. Amazing how you can draw a blank on so many obvious simple words.
ReplyDelete46. It's interesting to just look all over the screen for common terms while you're filling it out.
ReplyDeleteIt's also wild that "no" is in the list but "yes" is not. :-)
39... and I lost about 30 seconds to an incoming phone call ;-) Still, by the end, I was pretty much stumped and I spent the last 15 seconds staring at the screen. Amazing how you can draw a blank on so many obvious simple words.
ReplyDelete