Tips to better securityRich Casselberry

www.casselberryconsulting.com

Users

User training - both formal and regular informal reminders.

Identity (SSO or at least single database) more critical as things go cloud since it all comes down to identity. Single directory first then integrated with HR. Removes IT from accounts

management. must have cloud applications point to this IE okta, ping etc.

Two factor plus long passphrases. Not all 2FA is created equal PCI requires changes every 90 days but should it still?

Infrastructure

Inventory – Authentication, ideally on ALL ports. wired, wireless, datacenter

Assessment - Scanning ensures that only machines that meet the security posture defined (by role possibly) are allowed access to the network.

Enforcement – low hanging fruit first, once clean though, keep it clean

Secure end user computing - tools on the client (though less tools is often better) to detect malware, viruses, etc. Kaspersky, Trend, Symantec, Tanium, Defender etc..

Automatically react - integrate all the security tools to automatically react and quarantine based on known fingerprints or zero day anomaly detection or honeypot networks.

Policies and (often overlooked) procedures Acceptable use, password policies, backup policies etc.

Are they written? Are they enforced? Regular third party reviews to detect what you missed. Privileged identity management to limit and audit administrator level

access Secure coding - ensure any applications are protected by what we

know about and compartmentalized where possible Automatic documentation of changes. Every change compared

against the CMDB in (near) real time. Business continuity and Disaster Recovery plan documented AND

tested.