How to Protect your Organization from Cyber Attacks?

cyber attacks 4.76/5 (17)

The article explores a summary view of the key tips, that can assist you to protect your organization from Cyber Attacks.

 

TECHNOLOGY

  1. Backup Solution – Adequate, Offline, and Online.
  2. Firewalling – Network, Application, WAF
  3. Antivirus/ Antimalware with behavioral detection.
  4. Security Hardening & Right Technology Configuration
  5. Security solutions for monitoring and Response
  6. Email & Web Filtering, Data Leakage Prevention (DLP)
  7. Mobile security solution
  8. Restricted download & removable media
  9. Identity and Access Management, including PAM
  10. Technology for threat intelligence collection, correlation
  11. Effective SIEM with right use cases and IOC configuration.
  12. DoS / DDoS protection technology/ service.
  13. File Integrity/Change Monitoring Solution
  14. Right level of logging and alerting with correlation
  15. Encryption & Key Management
  16. Secure Managed File Transferring mechanism
  17. Sandboxing, APT Protection
  18. Logical/ Physical segmentation of networks/ Systems.
  19. Technology for timely and consistent patching
  20. Wireless Access Control

 

PEOPLE

  1. Right Information Security/ Cyber Security Organization Structure.
  2. CISO and Information Security Team with authority, total visibility, and control
  3. Executive management visible support and buy-in.
  4. A focused approach to security monitoring and threat intelligence.
  5. Continuous security awareness among the users, technologists, and management.
  6. Automated controls to support the user to follow policies
  7. Rewarding scheme for vigilant and security conscious user behavior
  8. Simplified and different channel of communication
  9. Business relevant and user relevant messages
  10. Refined, simplified and supportive security process with business enablement.

PROCESS

  1. Information Security/Cyber Security Strategy & Plans
  2. Policy and Procedure Framework covering all domains
  3. Inventory of Services, Processes, and Assets (including Information)
  4. Scheduled and Ongoing Risk Assessment
  5. Security embedded business and technology processes.
  6. Multiple levels of defense.
  7. Secure access provisioning, change, review, and deprovisioning
  8. “Need to have” & “Need to Know” basis access provisioning.
  9. Least privilege principles in providing controlled/ monitored access rights.
  10. Scenario planning
  11. Incident Response & Management process.
  12. Correlated and centralized threat intelligence collection and distribution.
  13. Regular, Timely and Comprehensive patching process.
  14. Effective backup, restoration process
  15. Service, Process, Asset, Data, Identification, and Classification.
  16. Control of data and its handling across the organization.
  17. Business/ IT Service Continuity Plans.
  18. Effective Incident Response, Crisis Management and Communication Plans.
  19. Change/Release Management process
  20. Vulnerability Assessment and Penetration Testing process
Comments

Please rate this content