- 888.728.6030
- Customer Login
TOP Cyber-Defense Measures for Improving Your Cyber-Risk profile ASAP!
Last week we discussed “Internal/External Vulnerability scans and Continuous Improvement” This week we discuss Document “Best Practices” Policies to support your Security Strengths for improving your cyber-risk profile the BEST you can as FAST as you can.
- Email Security and Employee Cybersecurity Awareness Training Read More>
- Data Backup, Firewalls, Incident Response and Business Continuity Read More>
- Multi-factor Authentication (MFA) and Access Management Read More>
- Internal/External Vulnerability scans and Continuous Improvement Read More>
- Document “Best Practices” Policies to support your security strengths
- Maintaining Your Networks Software and Hardware Security
“Best Practices” Policies describe specific Cybersecurity expectations, roles, and responsibilities to align Executive Governance with Technical and Administrative activities across your organization.
K-12 Districts, ESA’s and Insurance companies share with ResoluteGuard their concern about the lack of Cybersecurity Policies in place and the need to document these important guidelines.
Documenting “Best Practices” Policies should follow the National Institute of Standards and Technology Cybersecurity Framework. NIST-CSF is considered the “Gold Standard” of Cybersecurity Controls and will keep you in alignment with regulatory initiatives.
As Best Practice, it’s important to document each policy as you identify, install and implement solutions. It is equally important to maintain the processes and practices required to fortify the solutions you put in place. Also, print hardcopies of each policy and maintain in a physical binder. If a breach occurs, you may not have access to digitized copies.
Important Policies we recommend you prioritize:
Incident Response Plan – The purpose of the incident response plan is to prevent data and monetary loss and to resume normal operations as quickly as possible. Effective Incident Response planning should include the organization as a whole and include all third-party resources necessary.
Business Continuity Plan – BCP goes hand-in-hand with your Incident Response Plan and defines any and all risks that can affect operations, making it an important part of the organization’s risk management strategy. Risks may include natural disasters-fire, flood, or weather-related events and Cyber-attacks. Once the risks are identified, your plan should include:
- Determining how those risks will affect operations
- Implementing safeguards and procedures to mitigate the risks
- Testing procedures to ensure they work
- Reviewing the process to make sure that it is up to date
Acceptable Use Policy – stipulates constraints and practices that an employee/user must agree to before being granted access to your network. Organizations must protect their assets by establishing and enforcing clear rules governing computer and network usage. AUP’s should include sections on acceptable use, unacceptable use, the security of software and hardware, confidentiality, and privacy monitoring expectations.
Configuration Management Plan – A Configuration Management Plan is a process of identifying and documenting hardware components and software and the associated settings with each. A CMP is essential to disaster recovery because it’s impossible to recover your system to a stable configuration if you don’t know what that configuration was before the attack. Your plan should include documentation of new system components and software and patch management procedures.
Remote Access Policy – Organizations can implement a Remote Access Policy that outlines and defines procedures to remotely access your organization’s internal networks. Organizations require this policy when there are employees accessing your network from unsecured network locations, such as home networks or coffee shops.
Templated documents provide a great head start for organizations to build a binder of critical “Best Practices Policies.” Being sure to support testing and maintenance processes prescribed in these policies goes a long way toward preventing a potential disruption of critical community services
Next week, we’ll discuss “Maintaining Your Networks Software and Hardware Security”
ResoluteGuard uses industry best internal and external scanning tools to identify your Cyber-risk strengths and weaknesses and populate easy to use, easy-to-understand smart workflow reports that align the governance, administration, and technical activities to the common objective: avoiding a disruption of critical services
Click here to learn how we partner with ESA’s to support your members or email David Ludwig at dludwig@resoluteguard.com
