Monday, 24 October 2016

Cyber Security Management

1. Manage the IT assets
·         Identify the assets in an environment and its life
·         disable/restrict the vendor defaults
·         define the patch cycle for firmware
·         review the assets list regularly
2. Manage the software’s in an environment
·         define a list of authorized software
·         assess the environment for un-authorized software’s and remove it
·         define the patch cycle for authorized software
·         review the authorized software list regularly
3. Secure the access to an environment
·         identify the access points to an environment
·         restrict the access points with appropriate controls (physical, logical)
·         review the access point controls regularly
4. Secure the endpoint
·         document the endpoint configurations
·         restrict the admin privileges at endpoint
·         update/upgrade the endpoint regularly
·         review the endpoint configurations regularly
5. Identify and address critical vulnerabilities
·         assess the environment for vulnerabilities regularly
·         patch the vulnerabilities as per patch cycle
6. Control the use of administrative privileges
·         identify & document the admin access rights
·         limit the admin access rights to the job tasks
·         log the admin activities in detail
·         review the admin activities regularly
7. Conduct the awareness trainings
·         define the relevant awareness material
·         provide the awareness trainings regularly
·         assess the users for awareness