The more systems that are secure by default, the less twiddling your IT team has to do for each deployment. Less twiddling means fewer chances to make errors that lead to security breaches.
Continue readingTag: Core Controls
The same Golden Rule that applies to hardware applies to software: know what you have. No user on your systems should be able to install an executable onto a company device without the approval of security. This may seem like a draconian policy (and a short-circuit process does have to be in place for certain technology-heavy teams like R&D or the dev team), but it’s necessary.
Continue readingThere are only six controls in the Top 20 list that are designated “Basic,” and an inventory of your hardware is number one. I actually would like to rephrase this control slightly, so it better fits the core principle I wanted to highlight: if there was ever a Golden Rule in enterprise security, it’s this: know what you have.
Continue readingCISOs have an impossible job. When it comes to developing a roadmap for my company’s security program, where is the best place to start? That what this series is about.
Continue reading