Risk Assessment and Business Impact Analysis determine truly important resources and data. Output determines budget and guidelines for Disaster Recovery, Business Continuity, Incident Response, and other Contingency Planning. Data and battery backups are discussed here.
Institute Change, Incident, and Configuration Management to ensure no condition is unexpected. Preventing unauthorized or untimely changes also manages faults and ensures patch management. This step includes Disaster Response.
No company data on mobile devices. Data can be viewed on mobile devices only after identity has been verified and workflow is encrypted, but not downloaded. Prevents data breaches through theft.
Ensure all users are properly trained on corporate policy and sign the Acceptable Use Policy (AUP). Don’t forget the remote users.
Ensure vendors, partners, and anyone with access to company data has been properly trained and accepts corporate policy in writing.
IT staff should have industry and vendor training on technologies they support. Regular training informs of the latest threats. Give employees time to fully learn new technologies before they are deployed into production. Celebrate those who maintain certifications
Train IT staff to perform tasks outside their normal duties to ensure proper coverage during extenuating circumstances.
Take time to investigate even minor errors and alerts. They typically are precursors to major outages and misconfigurations.
Hold table readings to ensure involved parties know their role and expected actions in the event of an outage or disaster. Require IT to restore backup data to determine usability and required time.
Scrub public-facing sources of open source intelligence (OSINT) data. Engage a security professional to demonstrate how this data is used against your company.
Train all users to avoid social engineering scams on the phone and by using phishing campaigns. Train EVERYONE how to stay safe when traveling.
Incentivize employees for to follow security protocols, like wearing their badge.
Have a security expert demonstrate to security, IT, and users how easy it is to clone a badge, steal a password, or convince them to give out personal/confidential information.
Cloud services require firewalled, encrypted access, preferably through a software-defined wide area network (SD-WAN) to implement a zero trust secure access service edge (SASE). Prevents unauthorized and unsolicited access. Encryption prevents man-in-the-middle attacks and outside infiltration.
Endpoints and users provide the most numerous and common entry point for threat actors and malicious programs. Stop unwanted applications and social engineering attempts in their tracks.
Software Development Lifecycle (SDLC) protections ensure code is free from defects and impervious to outside threats. Adding protections for Docker, Kubernetes, and other Cloud-based containers ensures Secure Application Development (SecAppDev).
Everything is monitored and logged, starting with a complete baseline of the network to establish “normal” traffic. Abnormal and excessive traffic then stands out to AI and Human watchers.
Multifactor Authentication (MFA) requires more than a password to ensure user identity. MFA is always required for remote and escalated logins.
All network connectivity is certificate-based and controlled by an Identity Service. Regularly audit all devices, users, policies – Aligning devices and users with the correct policies ensures only required access. Forcing all devices to authenticate with hardened certificates minimizes spoofing and privilege elevation, both inside and outside.