Information Overview of Cybersecurity Basics

Information Cybersecurity Basics

 

The following list should be reviewed at least twice annually.

​

1. Apply security patches to known systems and applications - patch everything!

   • This includes operating systems, devices, and application software.

2. Develop an Asset Register - Know what you have and what you are protecting

   • Communicate with colleagues and identify the systems and services used by the organization.

   • Identify asset owners.

     • Note: It may not be as easy as it first seems. Beware of Shadow IT

3. Develop regular intervals for applying patches and updates using the Asset Register

4. Identify all systems accounts, including users, administrators, service, and specialty accounts

5. Control and restrict administrator accounts from email or Internet access

6. Enable advanced MFA, Passkey, for all applications

7. Move to Single Sign-on (SAML and SCIM) where possible

8. Manage the OS features, applications, security, and services on endpoint devices

9. Enable Logging on all capable devices

10. Enable EDR and XDR on all endpoints

11. Adopt a Cybersecurity framework – ISO 27001/2, NIST 800-CSF, CIS, SOC, etc.

12. Assess Cyber Security Risk

    • Develop Risk Analysis based on the Asset Register – Start with the most relevant assets.

13. Assess security standards of vendor solutions (on-premise or cloud)

14. Deploy Security Awareness Training and Reporting program – The Human Firewall

15. Build an Incident Response Plan

    • Include the following elements: preparation, identification, containment, eradication, recovery, and lessons learned

16. Backup Data and System Configurations – Encrypt backups

17. Enable Encryption – in-transit and at-rest

18. Secure Configurations (standardization and hardening) – avoid the tyranny of default settings.

19. Control Information exposure through communication applications such as Teams, Zoom, AI Services, etc.

20. Have CyberSecurity insurance