Roger mentions the SANS 20 Critical Security Controls for Effective Cyber Defence, which are a great read for anyone looking at updating or auditing your policies for completeness.
The SANS top 20 controls are a must for any organization:
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
- Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Boundary Defense
- Maintenance, Monitoring, and Analysis of Security Audit Logs
- Application Software Security
- Controlled Use of Administrative Privileges
- Controlled Access Based on the Need to Know
- Continuous Vulnerability Assessment and Remediation
- Account Monitoring and Control
- Malware Defenses
- Limitation and Control of Network Ports, Protocols, and Services
- Wireless Device Control
- Data Loss Prevention
- Secure Network Engineering
- Penetration Tests and Red Team Exercises
- Incident Response Capability
- Data Recovery Capability
- Security Skills Assessment and Appropriate Training to Fill Gaps
If you are missing policies dealing with any of these, this would be a great time to look at implementing them, especially with such a great resource now available.
No comments:
Post a Comment