October 2011 Cyber Security Awareness Month
It is that time of the year again, Cyber Security Awareness Month. Over the last few years we have participated in the October Cyber Security Awareness month (just search the archive for "cyber security awareness month"). During the month, in addition to our normal diaries, we take a specific topic or theme and publish a diary on the topic.
This year the theme is the "20 Critical Security Controls". I know what you are thinking, 20 controls 31 days. A number of the controls will easily take a few days to cover. For those of you that are unfamiliar with the 20 critical security controls
"These Top 20 Controls were agreed upon by a powerful consortium brought together by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities."
(http://www.sans.org/critical-security-controls/)
There are 20 controls, 15 of these can be automated, the last 5 can not. Each will address a set of risks and the diaries will explore how you may be able to implement the control.
This year the controls were updated and include the Australian Defence Signals Directorate's 35 mitigating controls.
The controls are as follows:
- Critical Control 1: Inventory of Authorized and Unauthorized Devices
- Critical Control 2: Inventory of Authorized and Unauthorized Software
- Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
- Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Critical Control 5: Boundary Defense
- Critical Control 6: Maintenance, Monitoring, and Analysis of Security Audit Logs
- Critical Control 7: Application Software Security
- Critical Control 8: Controlled Use of Administrative Privileges
- Critical Control 9: Controlled Access Based on the Need to Know
- Critical Control 10: Continuous Vulnerability Assessment and Remediation
- Critical Control 11: Account Monitoring and Control
- Critical Control 12: Malware Defenses
- Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 14: Wireless Device Control
- Critical Control 15: Data Loss Prevention
- Critical Control 16: Secure Network Engineering
- Critical Control 17: Penetration Tests and Red Team Exercises
- Critical Control 18: Incident Response Capability
- Critical Control 19: Data Recovery Capability
- Critical Control 20: Security Skills Assessment and Appropriate Training to Fill Gaps
As always we value your contributions, so start putting your thinking caps on and think of how you can implement some or even all of the controls in your organisation. If you have a specific tip, hint, or suggestion fee free to pass it along. It will help if you use the contact form and specify the control. That way we can make sure we include your suggestions where we can.
There are of course things that you can do yourself in your organisation for cyber security awareness month. If you haven't run an awareness campaign for a while, maybe this October.
One of our readers (Nick) will be running a campaign within his organisation. He has developed some awesome posters, linked to a competition to improve awareness within his organisation. Maybe you have other ideas to help raise awareness in your organisation, let us know and maybe schedule some of these during October?
Mark - Shearwater
Emergency patch expected for Flash Player
An out of cycle Flash Player update is expected on September 21, 2011. Abode reports exploitation in the wild in targeted attacks.
See more:
--
Swa Frantzen -- Section 66
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago