Tips to better securityRich Casselberry
www.casselberryconsulting.com
Users
User training - both formal and regular informal reminders.
Identity (SSO or at least single database) more critical as things go cloud since it all comes down to identity. Single directory first then integrated with HR. Removes IT from accounts
management. must have cloud applications point to this IE okta, ping etc.
Two factor plus long passphrases. Not all 2FA is created equal PCI requires changes every 90 days but should it still?
Infrastructure
Inventory – Authentication, ideally on ALL ports. wired, wireless, datacenter
Assessment - Scanning ensures that only machines that meet the security posture defined (by role possibly) are allowed access to the network.
Enforcement – low hanging fruit first, once clean though, keep it clean
Secure end user computing - tools on the client (though less tools is often better) to detect malware, viruses, etc. Kaspersky, Trend, Symantec, Tanium, Defender etc..
Automatically react - integrate all the security tools to automatically react and quarantine based on known fingerprints or zero day anomaly detection or honeypot networks.
Policies and (often overlooked) procedures Acceptable use, password policies, backup policies etc.
Are they written? Are they enforced? Regular third party reviews to detect what you missed. Privileged identity management to limit and audit administrator level
access Secure coding - ensure any applications are protected by what we
know about and compartmentalized where possible Automatic documentation of changes. Every change compared
against the CMDB in (near) real time. Business continuity and Disaster Recovery plan documented AND
tested.