Control 2: Inventory and control of software assetsĮnterprises should actively inventory, track, and correct all operating systems and applications on the network to spot and block unauthorized and unmanaged software so that only authorized software is installed and can execute.ĭata processes and technical controls should be put in place to identify, classify, securely handle, retain, and dispose of data. The inventory will help identify devices to remove or remediate.
SANS 20 CRITICAL SECURITY CONTROLS PDF PORTABLE
This calls for actively manage inventories, tracking, and correcting all end-user devices, including portable and mobile network devices non-computing/Internet of Things (IoT) devices and servers that connect to the infrastructure physically, virtually, remotely, and those within cloud environments. Control 1: Inventory and control of enterprise assets Here is a brief description of the 18 controls. The controls each come with detailed procedures for implementing them along with links to related resource. That put the focus on the tasks without tying them to specific teams within the enterprise. Backup lessons from a cloud-storage disasterĬIS changed the format of the controls a bit, describing actions that should be taken to address threats and weaknesses without saying who should perform those tasks.
“Movement to cloud-based computing, virtualization, mobility, outsourcing, work-from-home, and changing attacker tactics have been central in every discussion,” the new controls document says. In part the new version was needed to address changes to how businesses operate since V7 was issued three years ago, and those changes guided the work. These range from making an inventory of enterprise assets to account management to auditing logs.
In issuing its CIS Controls V8 this month, the organization sought to present practical and specific actions businesses can take to protect their networks and data. The Center for Internet Security has updated its set of safeguards for warding off the five most common types of attacks facing enterprise networks-web-application hacking, insider and privilege misuse, malware, ransomware, and targeted intrusions.
0 kommentar(er)
