10 Steps to Cyber Security
Jaipal Reddy Aenugu CISSP
Founder & CEO at TechForce Cyber, Defending your digital presence. #WeHaveYourBack
- Removable Media Controls
Produce a policy to control all access o removable media. Limit media types and use. Scan all media for malware before importing into the corporate system.
- Home and Mobile Working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline build to all devices. Protect data both in transit and at rest.
- Monitoring
Establish a monitoring strategy and develop supporting policies. Continuously monitor all ICT systems and networks. Analyse logs for unusual activity that could indicate an attack.
- Network Security
Protect your networks against external and internal attack. Manage the network perimeter. Filter out unauthorised access and malicious content. Monitor and test security controls.
- Managing User Privileges
Establish account management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
- Incident Management
Establish an incident response and disaster recovery capability. Produce and test incident management plans. Provide specialist training to the incident management team. Report criminal incidents to law enforcement.
- Malware Prevention
Produce relevant policy and establish anti-malware defences that are applicable and relevant to all business areas. Scan for malware across the organisation.
- Data Breach Notifiers
Protect your network against internal and external data breach attempts. Install the devices that would alert immediately if someone is sniffing around your important data.
- User Education & Awareness
Produce user security policies covering the acceptable and secure use of organisation's systems. Establish a staff training programme. Maintain user awareness of the cyber risks.
- Secure Configuration
Apply security patches and ensure that the secure configuration of all ICT systems is maintained. Create a system inventory and define a baseline build for all ICT devices.
Thanks for reading. For more articles, visit our blog at https://www.thetechforce.co.uk/blog/
Disclaimer: The content of this article is inspired from Gov.uk
Sr. Network Engineer | FORTINET | CISCO | SonicWall | AZURE | GCP | SOLARWINDS | ServiceNOW
6 年Definitely user education is the one when I would to start with . Along with building the threat landscape and associated business oriented requirements , ofcourse !!