Control Environment - Part 2 - Overview

1 minute read

Defending a business from attack is multi-faceted and hard work. Whereas an attacker only needs to find one weakness to breach an organisation. Having a pragmatic and structured approach to security can have a real impact on your security posture.

For all of the grand words I have used to describe each set of controls, there are simple concepts behind each one. In this post I will present each control and provide an overview. Subsequent posts will then focus on a specific control.

Security Control Environment Poster

  • Inventory
    • Know what you have so you can better risk manage it and simply turn things off which are no longer required
  • Policy
    • In its simplest form, write down some basic rules that your organisation can abide by. E.g. Protect client data as though it was our own, deploy security patches in a timely manner etc.
  • Vulnerability Management
    • Find out where vulnerabilities or weaknesses are and start to manage their remediation
  • Penetration testing
    • Go one step further than vulnerability management and simulate a real attack
  • Logging
    • Find out when there is an attempt to harm your business or there is a deviation from the norm
  • Backup and recovery
    • Have a plan and be able to recover your business if things do go wrong
  • Risk Management
    • Make sure you have the right balance of all the above controls against the focus of running your business
  • Plan-Do-Check-Act
    • Rinse, repeat and improve

As you can see each control is applicable to businesses of all sizes. By implementing any of the controls on their own will have a noticeable impact, so feel free to pick a topic of interest or follow the posts in order.

Subscribe

To keep up to date on all our posts in the series and others go to www.rminfosec.co.uk/subscribe today.