Common Security Practices

Written By LD
(Based on NIST, COBIT, HIPAA, ISO, and others)

  • Have someone or some entity that oversees the security posture.

  • Be aware of and address any risks you have

  • Regularly test security controls

  • Maintain CIA for all information transmitted over your network.

  • Have proper security awareness training for everyone accessing any information on your network

  • Create a process to identify and report any issues/concerns

  • Define the expected behaviors of users regarding security

  • Only authorized people should have access to sensitive information

  • Have mechanisms which physically protect assets

  • Identify critical processes that develop a Business Continuity Plan and Disaster Recovery Plan for them

  • Have a proper Software Development Life Cycle by involving security people in the analysis, design, testing, deployment of applications

  • Create a way to hold people accountable when accessing resources on your network

  • Have a process for proper data handling- including labeling, transportation, storage, and destruction

  • Maintain proper oversight of 3rd parties when they use your data or network

LD
Previous

DNS Reconnaissance with NSLOOKUP
Next

Tiny Notes on SDLC Lifecycle