Malware should certainly be considered unauthorized software and addressed using the techniques listed in Control 2. Maintain a listing of approved software and its business need can be readily compared to all software that has been detected. Malware protection is often packaged within traditional anti virus software. Configure this tool to send its events to […]

Is it possible to have a vulnerability assessment program that truly can be considered continuous? I believe the answer is a resounding yes you can. Configure a network scanner to perform daily discovery scans on the internal and external networks. Review the output for new hosts and unexpected services. Make certain that these scans are […]

Simply being an employee should not serve as adequate justification to obtain access to company data. Segregation of logical access must be in place to help deter casual browsing and potential unauthorized data disclosure. Start with broad concepts such as departments and teams as a way to isolate systems and data from those that do […]

Gaining access to administrative accounts is often the goal of an attacker. What can you do to ensure that only the appropriately trained and fully accountable people have and maintain administrative access on your systems? This effort must start with an accurate inventory of every account with elevated access and must be strictly maintained. The […]

Logs are the single most important place to look when it is time to answer the question “what just happened”. The more systems you have, the more impractical it is to review at system logs individually. To facilitate this, configure each system to send its logs to a centralized log review and retention solution. This […]