To protect your business, an end-to-end security strategy that encompasses these many considerations is a must. Defining and communication your board’s information Risk Regime is central to your organization’s overall cyber security strategy.
1. Network Security
Protect your networks from attack. Defend the network perimeter, filter out unauthorized access and malicious content. Monitor and test security controls. A firewall(Hardware and Software) is a network security system that manages and regulates the network traffic based on some protocols. A firewall establishes a barrier between a trusted internal network and the internet.
Read More(PDF): Network Security Tutorial from TutorialsPoint
2. Malware Prevention
Produce relevant policies and establish anti-malware defenses across your organization.
Read More(PDF): Malware Prevention Tips from Sonicwall
3. Secure Configuration
Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
Read More(PDF): Secure Configuration Management Demystified from SANS
4. Incident Management
Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.
Read More(PDF): Principles of Incident Response and Disaster Recovery
5. Home and Mobile Working
Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.
6. User Education and Awareness
Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks.
Read More: http://infosecawareness.in/
7. Removable media controls
Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.
8. Managing user privileges
Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyze logs for unusual activity that could indicate an attack.