The ultimate security validation checklist for CISOs
The ultimate security validation checklist for CISO's
If you're going on a well-deserved summer holiday soon, are you confident that the security solutions you have in place will let you go on holiday?
Whether you're leaving the office or returning, our security validation checklist can help you make sure your security arrangements are in good working order.
1. Review the logs and security events of your key critical systems
Keep up to date with recent activity. Check for changes - and attempted changes - as well as potential signs of compromise. Planning to be away for more than a week? Designate a team member to perform a weekly review in your absence to reduce the likelihood of a critical event going undetected.
2. Look for new vulnerabilities discovered during your holiday
Use your favourite scanning tool or check one of the regularly updated databases, such as CVE Details.
3. Investigate failures of critical components and the reasons for them
If remedial action is required, create an action plan to address the immediate issues and prevent recurring failures in the future.
4. Check if there have been any major changes to your products and corresponding security controls.
While now is not the time to make any major changes to your EDR, SIEM system or other corresponding solutions, you should be aware of any updates that were made while you were away. Once you're back - and can monitor the impact on your overall security posture - you can make major changes to your controls.
5. Check with HR for any relevant changes
Have new employees joined the organisation and therefore need access to certain systems? Conversely, have employees perhaps left the company and no longer need their access data? Have there been any other incidents or anomalies that require your attention?
6. Pay attention to new business directions
Has the company introduced new services or products that have increased the potential attack surface? For example, has a new website or mobile application gone live, or has a new version of a software product been launched? Make sure your team is up to date with the latest changes.
7. Review your password policies
Password policies shouldn't depend on your holiday status, but as you go through this security checklist, take the opportunity to make sure the policies are adequately protecting the organisation. Review length, complexity and special character requirements, as well as expiration and reuse policies.
8. Check the firewall configurations
Since many security experts recommend checking the firewall configurations every three to six months, now is the right time for an audit. Among other things, check the network traffic filtering rules, configuration parameters and authorised administrators to ensure you are using the correct configurations.
There are many tools that can help you work through this checklist - but do you have the resources to make sure everything is accounted for?
If you need help automating and standardising your processes or want to ensure that critical vulnerabilities don't fall through the cracks, Automated Security Validation can help. With real-time visibility, complete attack surface management and actual vulnerability exploitation measures - not just simulations - it gives you everything you need to sleep soundly while you're away. And when you get back? Risk-based remediation plans help you create a roadmap for protecting your organisation.
We prefer to work with the Pentera platform in this segment. We are happy to provide information on the details of the solution.
