SANS Control 6—”Maintenance, Monitoring and Analysis of Audit Logs” The Core Principle The core principle is this: fish nets over fishing lines. In the case of security monitoring, fish nets are alerting on anomalies, where anomalies are defined as universal constants that have been broken. Fishing lines are manual search procedures. Phrase this principle like […] The post Core Control #6: Log Everything appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SANS Control 5—”Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers” The Core Principle Let’s sum it up in three words: Secure by default. The more systems that are secure by default, the less twiddling your IT team has to do for each deployment. Less twiddling means fewer chances to make […] The post Core Control #5: Secure by Default appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SANS Control 4—”Controlled Use of Administrative Privileges” The Core Principle This core principle can be summed up by the famous Reagan Cold War quote: trust but verify. Transcendent CISOs trust their people with privileged access, but are simultaneously very stringent about authenticating them. This approach is akin to Postel’s Law, which was the core principle […] The post Core Principle #4: Managing Privileged Access appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SANS Control 3—”Continuous Vulnerability Management” The Core Principle That first word—continuous—is the core of this control. “Continuous” has seen a bit of hype in tech circles in other contexts. In particular, I’m thinking of continuous integration and continuous delivery from the world of DevOps and continuous improvement from the world of Digital Transformation. Why not […] The post Core Principle #3: Continuous Security appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SANS Control 2—”Inventory and Control of Software Assets” The Core Principle The same Golden Rule that applies to hardware applies to software: know what you have. No user on your systems should be able to install an executable onto a company device without the approval of security. This may seem like a draconian policy (and […] The post Core Principle #2: Know Your Software appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
SAN Control 1—”Inventory and Control of Hardware Assets“ The Core Principle There are only six controls in the Top 20 list that are designated “Basic,” and an inventory of your hardware is number one. I actually would like to rephrase this control slightly, so it better fits the core principle I wanted to highlighted: if […] The post Core Principle #1: Know Your Hardware appeared first on Ken Kantzer's Blog.| Ken Kantzer's Blog
CISOs have an impossible job. When it comes to developing a roadmap for my company’s security program, where is the best place to start? That what this series is about.| Ken Kantzer's Blog