Goal: Select and implement necessary cybersecurity controls

Information Security Management & Governance

  1. Information Security Policy
  2. Acceptable Use Policy (AUP)
  3. Access Control (AC) Policy
  4. Password Policy
  5. Remote Working Policy
  6. Bring Your Own Device (BYOD) Policy
  7. Data Classification & Handling Policy
  8. AI Usage Policy
  9. Web Publishing Policy
  10. Privacy Policy
  11. Backup Policy & Strategy
  12. Incident Response (IR) Policy & Plan
  13. Incident Response Team
  14. Incident Response Procedures & Playbooks
  15. Business Continuity Management (BCM) Capabilities
  16. Disaster Recovery Plan (DRP)
  17. Business Continuity Plan (BCP)
  18. Communication Channels
  19. Maintenance Windows & Blackout Periods

Physical Security

  1. Documentation of Physical Access Permissions
  2. Entrance Protection
  3. Visitor Logs
  4. Device Locks
  5. Privacy Filters
  6. Asset Tags
  7. Cabling Security
  8. Server Room & Network Closet Protections
  9. Security Cameras
  10. Redundant Power Sources
  11. Surge Protection
  12. Temperature Control
  13. Fire Detection & Suppression
  14. Removal of Unnecessary Hardware Components

Personnel Security

  1. Screening & Background Checks
  2. Onboarding, Transfer, and Offboarding Procedures
  3. Nondisclosure Agreements (NDAs)
  4. Return of Assets
  5. Separation of Duties
  6. Job Rotation
  7. Mandatory Vacations
  8. Split Knowledge & Dual Authorization
  9. Clear Desks & Screens
  10. Contact With Law Enforcement & Cybercrime Authorities

Identity, Credential, and Access Management

  1. Identity Provider selection & standardization
  2. Domain registration
  3. Multifactor Authentication (MFA)
  4. Passwordless Authentication
  5. Password Managers
  6. Conditional Access
  7. Account Lockout
  8. Privileged Access Workstations (PAWs)

Network Security

  1. Default Credentials on Network Hardware Removed
  2. Remote and Local Management Configuration
  3. Wi-Fi Standards
  4. Wireless Transmission Power
  5. Disabling SSID Broadcast
  6. Configuration Pages Obscured
  7. Wireless Access Schedule
  8. MAC Address Filtering
  9. Port Security
  10. Binding MAC & IP Addresses
  11. Network Address Translation (NAT)
  12. Network Firewalls
  13. Macrosegmentation
  14. Microsegmentation
  15. Three Dumb Routers
  16. Content/DNS filtering
  17. Intrusion Detection & Prevention Systems (IDPS)
  18. Demilitarized Zone (DMZ) for Public-Facing Systems
  19. Backup Internet Service Provider (ISP)

Endpoint Security

  1. Endpoint Management Model (Workgroup vs Domain)
  2. Enterprise Mobility Management Strategies
  3. Mobile Device Management (MDM)
  4. Mobile Application Management (MAM)
  5. Refresh Cycles
  6. Trusted Platform Module (TPM)
  7. Unified Extensible Firmware Interface (UEFI)
  8. UEFI Secure Boot
  9. Secure Operating System Selection & Provisioning
  10. Windows Hardening
  11. Linux Hardening
  12. Host Firewalls
  13. Anti-Malware Software
  14. Application Whitelisting
  15. Web Browser Protections
  16. Full Disk Encryption (FDE)
  17. File Integrity Monitoring (FIM)
  18. Endpoint Detection and Response (EDR) & Extended Detection and Response (XDR)

Data Governance & Safeguards

  1. Data Loss Prevention (DLP)
  2. Data Tokenization
  3. Data Watermarking
  4. File/Folder Encryption
  5. Data Destruction & Disposal
  6. Steganography

Security Operations Management

  1. Security Information & Event Management (SIEM)
  2. Ticketing Systems
  3. Artificial Intelligence (AI) Assistance in Cybersecurity
  4. Configuration Management