Summary: Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers and email systems. Obviously, web browsers and email clients are…
Category: security
Summary: Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack. This control is important because a lack of logging not only…
Summary: Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in…
Summary: The processes and tools used to track/control/prevent/correct the use, assignment, and configuration of administrative priveleges on computers, networks, and applications. This control is important as an administrative user or…
Summary: Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers I’m not going to go into…
Summary: Actively manage (inventory, track and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found…
Summary: Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented…
Over the next couple weeks, I’m going to do a series on implementing the CIS Top 20 critical security controls with little or no budget, just time. I mean this…