author photo
By Cam Sivesind
Wed | Sep 28, 2022 | 3:24 PM PDT

This comes from our friends across the pond at the U.K. National Cyber Security Centre (NCSC). It's a little over a year old but a great list of 10 steps organizations can take to build their security posture. Here's a quick breakdown.

1. Risk-based Management
Taking risks is part of businesses, and it's good to have a "don't be afraid to fail" attitude. If doing so, it's important to apply a risk management structure, particularly in the cybersecurity domain.

2. Engagement and Training
Focus on the people doing the work, how they work, and implement systems that don't inhibit them but keep the organization safe. While people are vulnerable access points, they are also an organization's biggest advocates and can be frontline detectors of threats.

3. Asset Management
Knowing what you have for resources, where they are, and who is managing them and how is vital to making sure systems are up to date and assets are properly protected.

4. Architecture and Configuration
Cybersecurity needs to be strategized and planned for before any technology is deployed. This helps alleviate emerging threats and risks early on.

5. Vulnerability Management
Keep systems updated and maintained. Period. Install security updates as soon as they come up. If hackers know about a vulnerability, they will try to jump on it before the patch is deployed.

6. Identity and Access Management
Seems like a no-brainer, but knowing who has access to data, systems, services, and processes should not be overlooked. You want to make it tough on attackers and easy on legitimate users.

7. Data Security
No matter where data is located, it needs to be protected, even if the vulnerabilities may vary. Data that is in transit or data being discarded on old hard drives is more at risk, so security measures should be elevated.

[RELATED: Morgan Stanley Fined $35M for Failing to Safeguard Customer Data]

8. Logging and Monitoring
Reporting and tracking are vital, starting with keeping accurate logs of how systems are accessed and used. Someone needs to do the logging; someone else needs to audit that logging.

9. Incident Management
Incidents will happen. The faster an enterprise reacts to it the better; and there should be a remediation plan in place. Learn from those incidents so you are better prepared for the next time.

10. Supply Chain Security
Your enterprise can be as secure as can be, but if your suppliers, vendors, and key partners are not, you are at risk. Put a proper lens on supply chains, which can be complex, keep communications with key stakeholders open, and don't be afraid to speak up if vulnerabilities are detected.

We like this approach of breaking down cybersecurity into 10 sensible compartments. Divide and conquer… or divide and protect, more like it.

You can download an infographic version of the list. And here is a video version, as well.

Tags: Cybersecurity,
Comments