Security Best Practices

Many national and professional organizations have published lists of security best practices. The following is a list of some security best practices:

Perform Risk Assessment – Knowing the value of what you are protecting will help in justifying security expenditures.

Create a Security Policy – Create a policy that clearly outlines company rules, job duties, and expectations.

Physical Security Measures – Restrict access to networking closets, server locations, as well as fire suppression.

Human Resource Security Measures – Employees should be properly researched with background checks.

Perform and Test Backups – Perform regular backups and test data recovery from backups.

Maintain Security Patches and Updates – Regularly update server, client, and network device operating systems and programs.

Employ Access Controls – Configure user roles and privilege levels as well as strong user authentication.

Regularly Test Incident Response – Employ an incident response team and test emergency response scenarios.
Implement a Network Monitoring, Analytics and Management Tool - Choose a security monitoring solution that integrates with other technologies.

Implement Network Security Devices – Use next generation routers, firewalls, and other security appliances.

Implement a Comprehensive Endpoint Security Solution – Use enterprise level antimalware and antivirus software.

Educate Users – Educate users and employees in secure procedures.

Encrypt data – Encrypt all sensitive company data including email.

Some of the most helpful guidelines are found in organizational repositories such as the National Institute of Standards and Technology (NIST) Computer Security Resource Center, as shown in the figure.

One of the most widely known and respected organizations for cybersecurity training is the SANS Institute. Go here to learn more about SANS and the types of training and certifications they offer.