5 Basic Security Principles
Maintain strong permission and user access controls
By periodically checking networks and default permissions/credentials, organizations can reduce the likelihood
of a hacker gaining easy access to a network.
Provide employee security awareness
Inform employees of the latest security threats and social engineering techniques, how they can protect
themselves, and what the organization is doing to mitigate these risks.
Implement a patch management program
Organizations should use automated tools to both identify and apply patches within network devices, operating
systems and applications. For systems that cannot be upgraded or patched, compensating controls (e.g., VLAN’s
or firewalls) should be implemented to protect the rest of the network.
Ensure strong system configuration management
Be sure to look into areas such as password and audit policies, services, and file permissions, as these should be
controlled through the configuration management process.
Conduct periodic penetration testing
Penetration testing and ongoing vulnerability management across various pieces of IT infrastructure can help
organizations identify security vulnerabilities and stay up-to-date with the latest tricks and techniques attackers