We all talk about enhancement in cyber security and various new tools and technologies to protect the environment. All tools and technologies provide us the features however there are some basics which are applicable to them as well. However, how frequently we work on the basics of security and hygiene in environment. Let’s discuss few simple but important aspect to secure the environment.
*Updated Inventory* – Until you know what you have, how you will manage and secure it. So, always update your inventory (*CMDB*) on regular basis.
*Managing Configuration* – You have purchased modern tools for your environment but those are not configured per the requirement by the staff. It is same as to have high end TV which is not functional. As a thumb rule, configure your devices/systems as per NIST guidance or contact your product vendor to understand more.
*Access Management* – In today’s world, it is not always outsider who can harm your environment, but sometime insider also does that. This can be due to multiple reason but to prevent that, implementing robust access management program is important. Remember – *least privilege* and *need to know basis* whenever you grant access to anyone. Similarly, review of access at regular internal and removal of accesses upon role change or termination are key to success.
*Monitoring* – You have implemented everything, and your tools are also sending notifications however if those notifications are not being monitored and analyzed to prevent harm to environment, all your investment is worthless. Similarly, if you have monitoring in place but the indicators are not defined to take actions, there is no benefit. Hence monitoring with *defined indicators* and *action plan* would result in effective monitoring program.
*Backup* – Even after all this, no one can provide assurance on full protection. What to do then? *Backup is the Key. *Ensure your data is being backed up basis the requirement on regular basis. This will ensure less disruption or ability to overcome the disruption.
*BCP/DR *– You have backup, but the backup files are not accessible or not usable. No need to worry – simply test your backup on regular basis as part of your BCP/DR.
Remember, governing your environment keeping these points in mind will help you in securing your environment from common cyber threats!
