Adding value does not always come with a price tag...
Mark Roy CISSP, CCSP
Results-Driven Cybersecurity Leader Specializing in IAM Strategy, Operations, Risk Management, Audit Remediation, and Compliance
Solid IT hygiene can go a long way in helping to keep your firm secure.
In my role, I have the privilege of engaging with numerous IT professionals responsible for cybersecurity across various organizations. Some of these professionals’ work in large enterprises with dedicated cybersecurity teams, while others are in smaller firms where operational team members wear multiple hats, including that of a security officer.
A recurring theme in these conversations is the search for the next tool that promises to solve all security challenges. While tools are undeniably important, I always emphasize that they are not a panacea. A robust security program is built on more than just technology; it requires strategic processes and foundational practices that often don't demand additional budget but can significantly reduce vulnerabilities.
Here are five practices that we frequently recommend to clients, prospects, and anyone seeking guidance on where to start. It's surprising how often these basic measures are overlooked, regardless of the organization's size. Equally surprising is that most IT professionals I speak with are well aware of these issues existing within their environments.
Maintain an up-to-date inventory of all assets. This is crucial not only for supporting other security measures but also for responding effectively when incidents occur. Knowing what you have and where it’s located can be invaluable in a crisis.
Integrate the retirement of outdated technology into your roadmap
If you do not have a roadmap, develop one!? - “If you aim at nothing, you will hit it every time!” -?Work with business area leadership to proactively plan for and manage the retirement of outdated and unsupported applications and technologies BEFORE they reach their end of life. These systems not only add technical debt but also present easy targets for attackers.
Patching:
Keep up to date: Ensure you have a solid patch management process and that it is operationalized and executed.
Critical Patching: Establish a process for out-of-band critical patches to address vulnerabilities swiftly.
领英推荐
Configuration Management:
Ensure that you deploy new applications and technology in alignment with best practices.
Regularly assess and update your configurations: Keep your environment in alignment with best practices, as these evolve frequently.
Lifecycle Processes: Implement and operationalize solid identity lifecycle management processes. These should address credential management, adds, moves, deletes, and re- certifications.
Authorization: Utilize the Principle of Least Privilege as much as possible. Ensure that access to resources and data is granted only as needed and review this access regularly.
Secure Authentication: Employ secure authentication methods to protect access and credentials to your applications and systems.
Develop a corporate culture that is “Security Aware”: ?Create partners out of your employees.?
Provide education: Help your employees learn to secure and manage their credentials and recognize and not response to Phishing emails.
There are many different perspectives on security, and various paths to achieving a secure environment. However, the key is to get started on the journey and make meaningful changes that enhance your organization's protection. I'd love to hear your thoughts—let's work together to make our community a safer place.
?
?