Business IT: It’s all in the Fundamentals
Here are some basics in Business IT Security. It is almost like football :
- Block and Tackle- your safety depends on it.
- Have an Executable Plan and Stick to it.
- Don’t get Juked
Like they say, “Everything else is commentary, go learn it!”.
Security: Blocking and Tackling
While there’s no such thing as an IT environment that is 100 percent secure, taking fundamental steps to assess and harden IT systems is the basic “blocking and tackling” of IT security that removes the root cause of the vast majority of breaches. These steps include:
» Assess and inventory configurations on all servers and devices, and compare the results to some under-stood, recognized security standard (like CIS, NIST, or ISO 27001)
» Gain immediate, real-time insight into any changes to the files, configurations items and states that define this security standard
Blocking and tackling for security professionals means going back to basics and eliminating the “easy ins” preyed on by attackers, like open ports and unused services, the use of default or easily guessed administrator passwords, or improperly configured firewalls.
Blocking and tackling for IT security teams also means keeping continuous watch on these systems, to detect the clues that indicate attacks in progress, like security controls disabled by anti-forensic activities, oddly elevated permissions or unexpected changes to critical files.
Security configuration management solutions are built to make these issues visible to IT security professionals, and to give them the information and tools they need to manage them in the most automated way possible.