Defending a business from attack is multi-faceted and hard work. Whereas an attacker only needs to find one weakness to breach an organisation. Having a pragmatic and structured approach to security can have a real impact on your security posture.
For all of the grand words I have used to describe each set of controls, there are simple concepts behind each one. In this post I will present each control and provide an overview. Subsequent posts will then focus on a specific control.
- Inventory
- Know what you have so you can better risk manage it and simply turn things off which are no longer required
- Policy
- In its simplest form, write down some basic rules that your organisation can abide by. E.g. Protect client data as though it was our own, deploy security patches in a timely manner etc.
- Vulnerability Management
- Find out where vulnerabilities or weaknesses are and start to manage their remediation
- Penetration testing
- Go one step further than vulnerability management and simulate a real attack
- Logging
- Find out when there is an attempt to harm your business or there is a deviation from the norm
- Backup and recovery
- Have a plan and be able to recover your business if things do go wrong
- Risk Management
- Make sure you have the right balance of all the above controls against the focus of running your business
- Plan-Do-Check-Act
- Rinse, repeat and improve
As you can see each control is applicable to businesses of all sizes. By implementing any of the controls on their own will have a noticeable impact, so feel free to pick a topic of interest or follow the posts in order.