Are you working aggressively to protect your information systems and data, yet you’re still unsure of the effectiveness of your security controls?These seven areas can shed light on how well you’re protecting the confidentiality, availability, and integrity of your information and IT assets, as well as compliance with various security and privacy regulations.
To perform their day-to-day functions, users are provided with access to your systems and data. These users can present a high risk to your organization, mostly from negligent practices such as weak passwords, indiscriminate downloading, phishing attacks, etc. It’s important you properly on-board, train, and hold your users accountable for their actions on information systems. This includes regular review of your on-boarding and termination processes, system access rights, and user awareness training.
Your network is an interconnected group of systems that communicate and operate together on a technology infrastructure, including software, hardware, services, and other resources. Your network should be hardened through proper configuration and separation from public networks. It should also be periodically tested and continuously monitored to help detect and defend against potential cyber incidents.
Access refers to your user’s permissions and how they are restricted based on roles and responsibilities. Permissions should be annually reviewed and access levels granted, revoked, or changed per duties.
Third-party service providers support your organization’s operations with IT services. Your organization should have vendor oversight to ensure services are performed securely and any data shared with vendors is duly protected. This includes a process for vetting vendors and their roles and responsibilities, and reviewing vendor contracts for cybersecurity disclosure notification language and confidentiality clauses.
- Incident response
Your organization should have a tested process and plan in place to respond to a cybersecurity incident. Without a formal plan, your customers, employees, IT systems, and even brand can be negatively impacted. Your incident response team should include representatives from all major departments and internal or external legal counsel.
- Emerging technology
The technology landscape is constantly changing as businesses become increasingly more advanced and connected through various devices. Your organization should plan for the security risks these new technologies bring. This includes reviewing mobility, remote connections, cloud computing, and other connectivity points.
- Common threats
Cybersecurity incidents are constantly evolving and the impacts are becoming more severe. Common threats include phishing, malware, account hijacking, removable media, denial of service, and Intellectual Property (IP) theft. You should proactively evaluate your organization’s safeguards to ensure you have protection from these common threats.