If you saw the recent Top 10 Malware January 2020 post by the Center for Internet Security (CIS), you may be wondering how to better protect your organization. CIS’s Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls) can help you map your current security protocols against a defined framework. We’ve assembled eight practical steps to help you implement key controls into both your tactical day-to-day practices, as well as your high-level strategic plans and decisions.
Step 1: Take inventory of your assets
This step provides an essential foundation—after all, you can’t implement any controls meant to protect devices and users if you don’t know what you’re protecting. This step maps to Critical Security Controls 1 and 2:
CSC 1: Inventory and Control of Hardware Assets
Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access.
CSC 2: Inventory and Control of Software Assets
Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
While you’re putting together the inventories, think about these key considerations:
Identify target systems. Examples might include your domain controllers, DNS servers, or backup system.
Catalog all systems in your organization. From InsightIDR, Rapid7’s SIEM, you can download a comma-separated file containing a lis ..
Support the originator by clicking the read the rest link below.
