From c61ab3918a8d90fa9c2e8f5a99c5268872aa3e20 Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Wed, 12 Oct 2022 15:15:05 +1300 Subject: [PATCH] vault backup: 2022-10-12 15:15:05 --- content/notes/ass03-security-flaws-essay.md | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/content/notes/ass03-security-flaws-essay.md b/content/notes/ass03-security-flaws-essay.md index 5f04b0a73..ab5067624 100644 --- a/content/notes/ass03-security-flaws-essay.md +++ b/content/notes/ass03-security-flaws-essay.md @@ -164,19 +164,32 @@ lessons learned - try to prevent information leaks - use security questions -## main threats +## Identify risk and threats - theft of company information - website defacement - phishing attacks - ransomware - data loss due to natural events and accidents +1. incident response plan +4. use strong user authentication +5. awareness training +6. backups +7. perimeter defenses +8. access control and authorisation +9. secure portable media + +### IR Plan +SMEs should assume that they will be inevitably be compromised, and they should be ready to respond. They should have systems in place to detect attacks when they happen, and have a plan for how to respond, and prevent it from occuring again in the future. If they are unable to respond to attacks themselves, they should know who to contact. They should also purchase a cyber security insurance policy, and consider what legal obligations they have to their stakeholders. + +### Strong User Authentication +This one of the most important rules. + + # References - https://www.cisecurity.org/wp-content/uploads/2017/09/CIS-Controls-Guide-for-SMEs.pdf - https://support.google.com/a/answer/7587183?hl=en - https://support.google.com/a/answer/9211704?hl=en - https://gblogs.cisco.com/ca/2019/11/08/baseline-cybersecurity-controls-for-small-and-medium-organizations/ - https://www.cisecurity.org/controls/cis-controls-list - -- Organizational controls -- Baseline controls \ No newline at end of file +- https://cyber.gc.ca/en/guidance/baseline-cyber-security-controls-small-and-medium-organizations \ No newline at end of file