Advanced Security: Difference between revisions
From GCA ACT
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 5: | Line 5: | ||
Network Segmentation | Network Segmentation | ||
<br><br> | <br><br> | ||
[[File: | [[File:ACT_Network_Segmentation_Icon.svg|frameless|40px|center|link=Network Segmentation]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Divide networks into smaller, isolated segments to limit the impact of a potential breach.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Divide networks into smaller, isolated segments to limit the impact of a potential breach.</div> | ||
Line 11: | Line 11: | ||
Intrusion Detection & Prevention Systems | Intrusion Detection & Prevention Systems | ||
<br> | <br> | ||
[[File: | [[File:ACT_Intrusion_Protection_Icon.svg|frameless|40px|center|link=Intrusion Detection & Prevention Systems]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Deploy advanced systems to detect and prevent network intrusions.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Deploy advanced systems to detect and prevent network intrusions.</div> | ||
Line 18: | Line 18: | ||
<br> | <br> | ||
<br> | <br> | ||
[[File: | [[File:ACT_Endpoint_Protection_Icon.svg|frameless|40px|center|link=Endpoint Protection]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Implement robust antivirus and endpoint security solutions to safeguard individual devices.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Implement robust antivirus and endpoint security solutions to safeguard individual devices.</div> | ||
Line 24: | Line 24: | ||
Security Information & Event Management | Security Information & Event Management | ||
<br> | <br> | ||
[[File: | [[File:ACT_Security_Information_Event_Management_Icon.svg|frameless|40px|center|link=Security Information & Event Management]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Utilize SIEM tools to monitor and analyze security events across the network.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Utilize SIEM tools to monitor and analyze security events across the network.</div> | ||
Line 31: | Line 31: | ||
Vulnerability Management | Vulnerability Management | ||
<br> | <br> | ||
[[File: | [[File:ACT_Vulnerability_Management_Icon.svg|frameless|40px|center|link=Vulnerability Management]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Conduct regular assessments to identify and address system vulnerabilities.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Conduct regular assessments to identify and address system vulnerabilities.</div> | ||
Line 38: | Line 38: | ||
<br> | <br> | ||
<br> | <br> | ||
[[File: | [[File:ACT_Penetration_Testing_Icon.svg|frameless|40px|center|link=Penetration Testing]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Simulate real-world attacks to evaluate the security of a system or network.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Simulate real-world attacks to evaluate the security of a system or network.</div> | ||
Line 44: | Line 44: | ||
Incident Response Planning & Testing | Incident Response Planning & Testing | ||
<br> | <br> | ||
[[File: | [[File:ACT_Incident_Response_Icon.svg|frameless|40px|center|link=Incident Response Planning & Testing]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Develop and test an incident response plan to efficiently handle cybersecurity incidents.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Develop and test an incident response plan to efficiently handle cybersecurity incidents.</div> | ||
Line 50: | Line 50: | ||
Secure Configuration Management | Secure Configuration Management | ||
<br> | <br> | ||
[[File: | [[File:ACT_Configuration_Management_Icon.svg|frameless|40px|center|link=Secure Configuration Management]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Establish and maintain secure configuration settings for all systems and devices.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Establish and maintain secure configuration settings for all systems and devices.</div> | ||
Line 58: | Line 58: | ||
<br> | <br> | ||
<br> | <br> | ||
[[File: | [[File:ACT_Change_Management_Icon.svg|frameless|40px|center|link=Change Management]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Implement structured processes to manage changes in a controlled and efficient manner.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Implement structured processes to manage changes in a controlled and efficient manner.</div> | ||
Line 64: | Line 64: | ||
Identity & Access Management | Identity & Access Management | ||
<br> | <br> | ||
[[File: | [[File:ACT_Identity_Access_Management_Icon.svg|frameless|40px|center|link=Identity & Access Management]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Implement proper user access controls, management processes, and regularly review user privileges.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Implement proper user access controls, management processes, and regularly review user privileges.</div> | ||
Line 71: | Line 71: | ||
<br> | <br> | ||
<br> | <br> | ||
[[File: | [[File:ACT_Patch_Management_Icon.svg|frameless|40px|center|link=Patch Management]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Establish processes to apply patches and updates to systems and applications in a timely manner.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Establish processes to apply patches and updates to systems and applications in a timely manner.</div> | ||
Line 77: | Line 77: | ||
Security Awareness Training & Testing | Security Awareness Training & Testing | ||
<br> | <br> | ||
[[File: | [[File:ACT_Security_Awareness_Icon.svg|frameless|40px|center|link=Security Awareness Training & Testing]] | ||
<br> | <br> | ||
<div style="text-align: left; font-weight: normal; font-size: 75%;">Provide regular training and education on cybersecurity best practices to all personnel; and periodically test that knowledge.</div> | <div style="text-align: left; font-weight: normal; font-size: 75%;">Provide regular training and education on cybersecurity best practices to all personnel; and periodically test that knowledge.</div> | ||
|} | |} |
Revision as of 23:27, 15 August 2023
Network Segmentation
Divide networks into smaller, isolated segments to limit the impact of a potential breach.
|
Intrusion Detection & Prevention Systems
Deploy advanced systems to detect and prevent network intrusions.
|
Endpoint Protection
Implement robust antivirus and endpoint security solutions to safeguard individual devices.
|
Security Information & Event Management
Utilize SIEM tools to monitor and analyze security events across the network.
| |
Vulnerability Management
Conduct regular assessments to identify and address system vulnerabilities.
|
Penetration Testing
Simulate real-world attacks to evaluate the security of a system or network.
|
Incident Response Planning & Testing
Develop and test an incident response plan to efficiently handle cybersecurity incidents.
|
Secure Configuration Management
Establish and maintain secure configuration settings for all systems and devices.
| |
Change Management
Implement structured processes to manage changes in a controlled and efficient manner.
|
Identity & Access Management
Implement proper user access controls, management processes, and regularly review user privileges.
|
Patch Management
Establish processes to apply patches and updates to systems and applications in a timely manner.
|
Security Awareness Training & Testing
Provide regular training and education on cybersecurity best practices to all personnel; and periodically test that knowledge.
|