https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46818#M2021 <P>If they're already familiar with the ISO standards related to the different manufacturing processes, it may not be a hard sell if you wanted to start the conversation with 27001.</P><P>&nbsp;</P><P>If you wanted to throw a quick slide show together about what you listed, I'd recommend building it off of the CIS Controls.</P><P>&nbsp;</P><P><A href="https://www.cisecurity.org/controls/cis-controls-list/" target="_blank">The 18 CIS Controls (cisecurity.org)</A>&nbsp;</P> Thu, 05 Aug 2021 13:34:16 GMT tmekelburg1 2021-08-05T13:34:16Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46814#M2020 <P>Hi,&nbsp;</P><P>&nbsp;</P><P>We have a 400 staff client, a manufacturing company. This client is far away from (ISO27001) certification. I want to start small by presenting security guiding principles; e.g. use least privilages, avoid using generic accounts, avoid giving persons access rights on CI's (use security groups), use netwerksegmentation, harden servers, keep servers up to date, CIA etc. This should fit on&nbsp;1 page.<BR />These are general principle's, so it does not describe "how" and "scope".</P><P>&nbsp;</P><P>Is there somebody who has listed these principles already and is willing to share?&nbsp;</P><P>&nbsp;</P><P>Thanks in Advance.&nbsp;</P> Mon, 09 Oct 2023 09:57:16 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46814#M2020 Cees 2023-10-09T09:57:16Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46818#M2021 <P>If they're already familiar with the ISO standards related to the different manufacturing processes, it may not be a hard sell if you wanted to start the conversation with 27001.</P><P>&nbsp;</P><P>If you wanted to throw a quick slide show together about what you listed, I'd recommend building it off of the CIS Controls.</P><P>&nbsp;</P><P><A href="https://www.cisecurity.org/controls/cis-controls-list/" target="_blank">The 18 CIS Controls (cisecurity.org)</A>&nbsp;</P> Thu, 05 Aug 2021 13:34:16 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46818#M2021 tmekelburg1 2021-08-05T13:34:16Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46825#M2022 <P>Depend on your audience and readers.</P><P>NIST 800 SP 160 volume 1 has appendix F for design principle for security (but that's for security engineering), pick the most important for you.</P><P><A href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf" target="_blank">https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf</A></P><P>&nbsp;</P> Thu, 05 Aug 2021 18:53:39 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46825#M2022 csjohnng 2021-08-05T18:53:39Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46831#M2023 Appendix F gives me inspiration for making a 1 page summery. thanks Fri, 06 Aug 2021 07:49:48 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46831#M2023 Cees 2021-08-06T07:49:48Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46833#M2024 <P>you are welcome. Glad that it give you a starting point.</P><P>NIST actually has many good resource and practice, but the problem is you need to know where to find, which SP is taking care of what and spend time on them.</P> Fri, 06 Aug 2021 09:30:15 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46833#M2024 csjohnng 2021-08-06T09:30:15Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46837#M2025 <P>You could start by simple by ensuring the essentials were in place:</P><P>&nbsp;</P><P><A href="https://www.ncsc.gov.uk/files/NCSC_A5_Small_Business_Guide_v4_OCT20.pdf" target="_blank">https://www.ncsc.gov.uk/collection/small-business-guidehttps://www.ncsc.gov.uk/files/NCSC_A5_Small_Business_Guide_v4_OCT20.pdf</A></P><P>&nbsp;</P><P><A href="https://www.ncsc.gov.uk/collection/10-steps" target="_blank">https://www.ncsc.gov.uk/collection/10-steps</A></P><P><A href="https://www.ncsc.gov.uk/files/2021-10-steps-to-cyber-security-infographic.pdf" target="_blank">https://www.ncsc.gov.uk/files/2021-10-steps-to-cyber-security-infographic.pdf</A></P><P>&nbsp;</P><P>It's important not to get lost in the detail and overlook something essential.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 06 Aug 2021 10:20:24 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46837#M2025 Steve-Wilme 2021-08-06T10:20:24Z https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46842#M2026 Very interesting. It looks like the Statement of Applicability of the ISO 27001. The excel gives a great overview, Fri, 06 Aug 2021 11:29:39 GMT https://community.isc2.org/t5/Welcome/Security-Guiding-principles/m-p/46842#M2026 Cees 2021-08-06T11:29:39Z