SANS Control 5—”Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers” The Core Principle Let’s sum it up in three words: Secure by default. The more systems that are secure by default, the less twiddling your IT team has to do for each deployment. Less twiddling means fewer chances to make […] The post Core Control #5: Secure by Default appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SANS Control 2—”Inventory and Control of Software Assets” The Core Principle The same Golden Rule that applies to hardware applies to software: know what you have. No user on your systems should be able to install an executable onto a company device without the approval of security. This may seem like a draconian policy (and […] The post Core Principle #2: Know Your Software appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SAN Control 1—”Inventory and Control of Hardware Assets“ The Core Principle There are only six controls in the Top 20 list that are designated “Basic,” and an inventory of your hardware is number one. I actually would like to rephrase this control slightly, so it better fits the core principle I wanted to highlighted: if […] The post Core Principle #1: Know Your Hardware appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
CISOs have an impossible job. When it comes to developing a roadmap for my company’s security program, where is the best place to start? That what this series is about.| Ken Kantzer's Blog