CYBERSECURITY RISK LOWERING CHECKLIST

Similar documents
Cyber security tips and self-assessment for business

Education Network Security

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Cybersecurity Auditing in an Unsecure World

Payment Card Industry (PCI) Data Security Standard

A practical guide to IT security

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

IPM Secure Hardening Guidelines

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

CIS Controls Measures and Metrics for Version 7

Keys to a more secure data environment

Ransomware A case study of the impact, recovery and remediation events

Information Security Controls Policy

Ransomware A case study of the impact, recovery and remediation events

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

CIS Controls Measures and Metrics for Version 7

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Juniper Vendor Security Requirements

Security Audit What Why

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Total Security Management PCI DSS Compliance Guide

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Carbon Black PCI Compliance Mapping Checklist

AUTHORITY FOR ELECTRICITY REGULATION

Web Cash Fraud Prevention Best Practices

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

NEN The Education Network

Understanding IT Audit and Risk Management

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Information Security in Corporation

A company built on security

Changing face of endpoint security

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

the SWIFT Customer Security

SECURITY PRACTICES OVERVIEW

AT&T Endpoint Security

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Personal Physical Security

Cybersecurity The Evolving Landscape

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Monthly Cyber Threat Briefing

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

2017 Annual Meeting of Members and Board of Directors Meeting

Getting Started with Cybersecurity

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Take Risks in Life, Not with Your Security

Built-in functionality of CYBERQUEST

How Breaches Really Happen

Tripwire State of Cyber Hygiene Report

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

The Common Controls Framework BY ADOBE

Cybersecurity: Achieving Prevailing Practices. Session 229, March 8 Mark W. Dill, Partner and Principal Consultant,

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

What It Takes to be a CISO in 2017

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

ForeScout ControlFabric TM Architecture

WHITE PAPERS. INSURANCE INDUSTRY (White Paper)

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

10 FOCUS AREAS FOR BREACH PREVENTION

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Sage Data Security Services Directory

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Insurance Industry - PCI DSS

Pass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores

InterCall Virtual Environments and Webcasting

SECURITY & PRIVACY DOCUMENTATION

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

RAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Service Provider View of Cyber Security. July 2017

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Aligning with the Critical Security Controls to Achieve Quick Security Wins

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

EXHIBIT A. - HIPAA Security Assessment Template -

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:

SIEM: Five Requirements that Solve the Bigger Business Issues

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Transforming Security from Defense in Depth to Comprehensive Security Assurance

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Symantec Endpoint Protection Family Feature Comparison

Transcription:

CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they are willing to accept on behalf of the organization. This risk decision cannot be outsourced to IT people, it must be made by the executive level leaders responsible for organizational policies and controls. This document lists relatively simple tactics for lowering cybersecurity risks. It is meant to be a checklist leaders can use to assure they are proactive with being involved in the level of risk they are taking with cybersecurity. We ve included multiple levels of tactics and provided general indications of associated costs. Not all of these items will apply to your organization. We want to provide you with a wellrounded set of tactics. Go through this list and find the ones your organization is not currently performing. Then, use the list to facilitate a conversation with your technologists and vendors about options. Denotes services provided by TriCorps Cybersecurity. Effort / Cost LOW EFFORT + COST Employee Training Employee Testing Employee Testing Education around types of common cyberattacks as well as protection tactics. Most organizations need a blend of periodic instructor led sessions and elearning modules for new team members who have not had the instructor led training. Following cybersecurity training, scenarios covered in cybersecurity training are acted out (e.g., social engineering attempts, emails with suspicious links, dropping storage devices around your building, etc.) to make sure all employees are following protection advice. Enforce a password policy setting requirements for the amount and types of characters used as well as the frequency with which new passwords are created.

LOW EFFORT + COST Policies & Procedures Technology Technology Technology Physical Security Enforce a screen saver policy detailing the situations in which a screen saver must be in use and that a password is required to unlock. Antivirus/Antimalware scanner on network ingress / egress points and hosts. (Low to moderate cost.) Implement content filtering for outbound web traffic through the use of firewalls, web caches, or dedicated servers/applications that track and log web usage as well as alert you to people visiting unauthorized sites or downloading unauthorized content. (Low to moderate cost.) Enforce host-based firewalls on internal systems. Physical access strengthening (e.g., locking doors to server rooms, cameras, enforcing access controls at the front door and in various parts of the office, etc.) (Low to moderate cost.) 2

Effort / Cost Tighter Security Policies / Governance Plans (we can assist you with creating or strengthening your governance policies and procedures if needed). - Setting access requirements for third-party vendors or contractors you work with who would need access to your network or data. Governance - Activity logging across your network and data sources to flag suspicious activity or perform forensics after a breach. LOW EFFORT + COST Policies & Procedures - Enforcing version and patching requirements on all software to avoid unnecessary vulnerabilities and utilize all of the latest protections. - Standardize access requirements and identify sources of harmful activity through monitoring devices that access your network. Develop and constantly improve infection and incident response plans. In the case of a major breach it is a best practice to have a third party do the forensics to understand what led to the incident (we can help you create incident response plan and can do the post breach forensics if needed). Technology Restrict email attachments known to spread viruses by reconfiguring your email server to block certain attachments and ensuring all security updates are current. Technology Monitoring Email security gateway to protect corporate users from spammers and malware. (Low to moderate cost.) 3 rd party scan for vulnerabilities on publiclyexposed systems. Whether this is a one-time service or continuous monitoring, have a thirdparty check all of your public-facing ports to determine if any are open or at risk due to known vulnerabilities. (Low to moderate cost.) 3

Effort / Cost End of Life Procedures Ensure all drives are properly disposed of or are wiped when decommissioned or after failure (servers, workstations, and copiers). LOW EFFORT + COST Connection Permissions Removing Default Credentials Vendor Login Protections Only permit secure connections (e.g. SSH or HTTPS) for device management. Ensure default credentials are changed on all hardware and software added to your system. Some of these tools are built with a known, default set of system credentials (i.e., username and password), and they are an access point to anyone outside of your organization until those credentials are changed. Have a policy for changing login credentials on all network hardware and software whenever any IT employee or contractor who has worked with these systems leaves your organization. Effort / Cost MODERATE EFFORT + COST Internal Cybersecurity Audits / Assessments External Cybersecurity Audits / Assessments Performed by third-party security firms. This includes a thorough hands-on review and report on aspects within your digital domain such as Access controls, Malware, Physical Security, Wireless and Mobile, Change Management, Patch/Update Management, Remote Access, Backups and Disaster Recovery. Performed by third-party security firms. This consists of Penetration Testing, Firewall and Security Device operation and configuration review, System Change Management appraisal, Public Facing Access evaluation, and more. The most common, Penetration Testing, is an examination of your network perimeter that will look for security weaknesses that an attacker could potentially exploit to gain access to internal systems and data. 4

Effort / Cost Cybersecurity Insurance Obtain 1 st party and 3 rd party liability insurance for cybersecurity risk and ensure policies cover needs. TriCorps Cybersecurity can review your policy and offer advice if you need help with this. Utilize application-aware firewalls to protect publicly exposed systems. MODERATE EFFORT + COST Network configuration strengthening for wired and wireless connections. Consistent system updating and patching Utilize DMZ interface of firewall for publicly exposed systems as much as possible and restrict/prevent access initiated from DMZ hosts to internal hosts. (Low to moderate cost.) Use WPA2 enterprise or personal for Wi-Fi security; don t share PSK if used only permit IT staff to configure devices. Create separate wireless networks for corporate and personal devices; may filter access from corporate wireless devices to internal network; should filter access for personal devices to internal network. (Low to moderate cost.) As updates and patches are released for the pieces of hardware and software you own, it s important to perform those updates and patches quickly to close off the vulnerabilities that they are designed to eliminate. (Low cost.) Backups Ensure regular system and data backups are available; both on-site (system images) and offsite (critical data); ensure adequate retention policy. Drills Run practice drills to test your incident response plans. We can help you develop your incident response plans if you are starting from zero. (Low to moderate cost.) 5

Effort / Cost Access Controls Test, set proper access restrictions, change default credentials and make sure all updates/patches are current to all systems before they are deployed, especially those to be opened to Internet access. (Low cost.) Configuring Configure domain, fileserver, and SQL database auditing to ensure company knows what changes were made, when, and by whom. MODERATE EFFORT + COST Encryption Device Governance Incident Response Plans Device Updates Network Access Implement full drive encryption on laptops so data is safe if they are stolen. (Low to moderate cost.) Implement BYOD and mobile security so that company information can be wiped if device is compromised or stolen. (Low to moderate cost.) Implement policy to prevent ransomware/cryptolockers from launching. (Low cost.) Ensure firewall and critical network device firmware are updated regularly. (Low cost.) Ensure unused network jacks are, at a minimum, manually disabled, especially in conference rooms and other places that may receive visitors; if Network Access Control (NAC) is used to control access, this becomes a significant rather than moderate effort. (Low to high cost.) Firewall Configuration Regularly review firewall configuration and ensure access control lists are documented. (Low cost.) Egress Filtering Implement egress filtering by configuring your firewall to control web traffic leaving your network and require certain rules are followed before access to content is granted. (Low cost.) 6

Effort / Cost MODERATE EFFORT + COST Disabling Unnecessary Devices OS Malware Protection Limiting Internet- Facing Systems Removing Default Domain Admin Account Ensure unneeded services on network devices are disabled. These can be unnecessary programs that come with your/hardware or software that run when the system is started up and include ports that are open by default. Disabling these services will lower your cybersecurity risk. (Low cost.) Always reinstall operating systems upon receipt from vendor; default system installations have been known to include malware. (Low cost.) Open as few systems as possible to the Internet and restrict access by IP if possible; require use of VPN if possible. (Low to moderate cost.) Rename default domain administrator account; create bogus account called administrator with no permissions and disable this account. (Low cost.) Secure Network Management Properly secure network management (e.g. only permit management server to access various hosts with SNMP) (Low to moderate cost.) 7

Effort / Cost Security/Threat Leadership Assign person to oversee security/threat information and take action as needed. This person should lead efforts to track and rank risks as well as execute plans when necessary. SIGNIFICANT EFFORT + COST Disaster Recovery Out-Of-Band Device Management Disaster Recovery planning and bi-annual testing to make sure that you re prepared for potential disasters and you know exactly how long it will take you to get operations back online following an outage. Testing ensures everyone knows their roles and backup responsibilities in any potential scenario. The most critical element of this is having absolutely dependable back-up schemas in place in case data is corrupted by a cyberattack and must be regenerated from a backup. (Moderate to high cost.) Configure out-of-band (OOB) management for network devices. (Low to moderate cost.) Intrusion Detection and Prevention Implement network and host-based Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) solutions. An IDS is a visibility tool to monitor traffic across many points in your network to alert you suspicious access requests. An IPS is a control device, similar to a firewall, regulating network traffic access through rules set by the administrator. (Moderate cost.) 8

Effort / Cost Security Information and Event Management Security Information and Event Management (SIEM) solution: aggregate, analyze, and prioritize real-time analysis of security alerts from firewalls, network devices, server and device logs, net flow, SNMP events, and IPS/IDS alerts to ensure attacks can be detected. (Moderate to high cost.) SIGNIFICANT EFFORT + COST Network Access Control File Integrity Monitoring Sandboxing Data-Driven Threat Analysis Implement Network Access Control (NAC) for implementing policies, including peradmission endpoint security policy checks and post-admission controls, that describe how to secure network nodes as they initially gain access to the network as well as where users and devices can go on the network and what they can do. Implement File Integrity Monitoring (FIM) and Whitelisting to ensure changes made to critical system and application files follow known good actions or content access by approved users. Implement malware sandboxing, a.k.a. detonation platforms, to analyze the behavior of malicious code as it tries to execute in an isolated and contained environment. To become more effective at detecting security breaches, companies need to better accommodate larger, more disparate internal datasets, comb through that data looking for known and unknown patterns and creating correlations using more advanced techniques, and provide guidance on anomalies and potential threats that are discovered. Companies need to incorporate big data for persistent threat analysis. 9

WHAT NOW? If you find that this checklist results in high levels of effort which you need assistance with contact info@tricorpscyber.com We would be happy to help you prioritize next steps and take steps towards improved cyber health. 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback