7 Key Aspects of Cyber Security for Organisations
This article aims to highlight seven key aspects which can help organisations set up their practices / controls to cope with the increasingly complex cyber security threats.
Aspect 1: Security Policy and Security Management
Security Policy is an important document in an organisation. It dictates security requirements and attitude of senior management with respect to cybersecurity risk management. Senior management should setup a mechanism to maintain and disseminate the requirements of
security policy to staff in a regularly basis.
Checklist for Aspect 1:
✓ Staff should be given a chance to read through the security policy, understand security requirements of the organisation and acknowledge
to conform when they onboard.✓ The policy should be put in somewhere the staff can refer easily.
✓ Policy should be updated and let the staff to re-acknowledge the policy regularly.
Aspect 2: Endpoint Security
Endpoint refers to personal computers or notebook computers used by staff to access business information during work. Email communication, web browsing and other business applications are all run on endpoints. Attackers would like to compromise the endpoint since it can be used as an entry point to access valuable information assets of the organisation.
Checklist for Aspect 2:
✓ Endpoint computers should be protected by security software like anti-virus and anti-malware software.
✓ Signatures and security software should be kept up-to-dated to protect the endpoint from most recent threats.
✓ Security patches for endpoint computer operating system should also be kept up-to-date.
✓ IT staff should monitor the update status of the endpoints as well.
✓ User accounts on endpoint should be non-privileged (not Administrator)
✓ Proxy server used to filter malicious URLs during web browsing.
Aspect 3: Network Security
Most organisations would make use of Internet to facilitate business information exchange. Internet connection inherits network security risks that external attackers may intrude the organisation network from outside. Firewall, Internet facing servers and other network devices should be configured properly to avoid intrusion.
Checklist for Aspect 3:
✓ Firewall should be configured properly that minimise network ports of organisation network exposing to the Internet.
✓ Default rule on firewall should be “DENY”. Only “ALLOW” certain traffic based on business needs.
✓ Do not allow ANY from internal network to have access to Internet. Only allow approved IP addresses to have Internet access instead.
✓ Do not allow remote access (e.g. RDP) from Internet to internal servers.
✓ Firewall rules should be reviewed regularly.
Aspect 4: System Security
Organisations make use of information systems to process business
information. Some systems (e.g. web servers) are open to Internet to provide/collect information to/from the Internet. These systems are target of
attackers since the information the systems contained are valuable. System security guidelines and practices should be developed for mission critical systems.
Checklist for Aspect 4:
✓ Password policy should be configured such that passwords of server should meet minimum length and complexity requirement.
✓ Servers should be configured securely (called hardened) with security policies enabled and unused services disabled.
✓ System patches should be updated timely to protect from recent threats.
✓ Internet facing servers should avoid storing sensitive information. Sensitive
information should be masked or encrypted when stored in servers.✓ Input from Internet users (e.g. web server forms) should be filtered properly in application to avoid SQL Injection type of attack.
✓ For critical systems serving the public and performing critical missions, periodical penetration test should be performed by professional parties.
Aspect 5: Security Monitoring
There is no way to ensure 100% security of endpoints, servers and network. Organisations should setup mechanism to monitor and detect if something suspicious is happening in information systems. The earlier a threat is identified, the earlier actions can be taken. The potential damage of the threat can then be minimised.
Checklist for Aspect 5:
✓ Logging should be enabled in network devices (e.g. firewall) and servers.
✓ Logs should be centralised somewhere within the organisation for periodical review and monitoring.
✓ Review of the logs should be timely such that detected issues are taken care properly.
✓ Network traffic (e.g. Internet traffic) should be monitored to detect if any abrupt change in traffic pattern.
Aspect 6: Incident Handling
System outages due to system issues or security incidents are not 100% avoidable. Organisation should develop incident response plans for different
kinds of scenarios including small incidents like malware infections all the way to big incidents that require system restoration.
Checklist for Aspect 6:
✓ Incident response plans (including different kinds of security incidents) are
developed according to different scenarios.✓ Systems and data are backup regularly, the backups are taken
offline (and even offsite).✓ Restore procedures are drilled to make sure that the backup can be restored properly.
Aspect 7: User Awareness
Users are the weakest links in cyber security. 95% security incidents involved human as a contributing factor. Organisations should ensure that staff understand their roles and responsibility in protecting information assets of the organisation.
Checklist for Aspect 7:
✓ Staff should be reminded their roles and responsibility in protecting information assets of the organisation regularly, e.g. by staff awareness training.
✓ Drills (e.g. simulated phishing attacks) can be performed to test the readiness of staff against common cyber attack.
Feel free to contact me for any further question or consulting services.
Architect Yeung, 26 January 2022