5
oneneck.com
Data breaches exposed 36 BILLION
RECORDS in the first half of 2020.
RiskBased Security
like multi-factor authentication (MFA) and continuous
security awareness training.
▪ Process: Consistent and documented processes are
imperative in effective cyber hygiene. This includes software
and hardware inventory, regular patching, frequent analysis
of network/software control and admin privileges, secure
configurations, monitoring and analysis.
▪ Technology: While people and process are critical in cyber
hygiene, the underlying technology and tools must be
correctly implemented and integrated. And while there
are thousands to choose from, there are basic tools (at a
minimum) that every security team requires. These include
anti-virus, firewalls, endpoint protection, email security, web
security, DDoS security, network access control (NAC), etc.
Risk Management Program: Risk management has to permeate
throughout an organization's culture and processes for it to
effectively address known risks. This is an on-going cycle that
entails identifying, prioritizing, and mitigating risks, all while
monitoring for new risks and continuously assessing the risk
management program's effectiveness. There is no set it and
forget it in security - it's an always-on approach that wins.
Corrective Action Planning: The goal of most security
programs is to reduce risk. This goal is achieved by stopping
the adversary before they attack, blocking bad actors through
always-on security, or reducing the consequences if an
attack should occur with rapid incident response. All of these
components require extensive planning to prioritize and plan
to address security risks as they arise - before the adversary is
inside the perimeter.