1. Manage the IT assets
·
Identify the assets in an environment and its life
·
disable/restrict the vendor defaults
·
define the patch cycle for firmware
·
review the assets list regularly
2. Manage the software’s in an environment
·
define a list of authorized software
·
assess the environment for un-authorized software’s
and remove it
·
define the patch cycle for authorized
software
·
review the authorized software list
regularly
3. Secure the access to an environment
·
identify the access points to an
environment
·
restrict the access points with appropriate
controls (physical, logical)
·
review the access point controls regularly
4. Secure the endpoint
·
document the endpoint configurations
·
restrict the admin privileges at endpoint
·
update/upgrade the endpoint regularly
·
review the endpoint configurations
regularly
5. Identify and address critical
vulnerabilities
·
assess the environment for vulnerabilities
regularly
·
patch the vulnerabilities as per patch
cycle
6. Control the use of administrative
privileges
·
identify & document the admin access
rights
·
limit the admin access rights to the job
tasks
·
log the admin activities in detail
·
review the admin activities regularly
7. Conduct the awareness trainings
·
define the relevant awareness material
·
provide the awareness trainings regularly
·
assess the users for awareness