We have a 400 staff client, a manufacturing company. This client is far away from (ISO27001) certification. I want to start small by presenting security guiding principles; e.g. use least privilages, avoid using generic accounts, avoid giving persons access rights on CI's (use security groups), use netwerksegmentation, harden servers, keep servers up to date, CIA etc. This should fit on 1 page.
These are general principle's, so it does not describe "how" and "scope".
Is there somebody who has listed these principles already and is willing to share?
Thanks in Advance.
If they're already familiar with the ISO standards related to the different manufacturing processes, it may not be a hard sell if you wanted to start the conversation with 27001.
If you wanted to throw a quick slide show together about what you listed, I'd recommend building it off of the CIS Controls.
Depend on your audience and readers.
NIST 800 SP 160 volume 1 has appendix F for design principle for security (but that's for security engineering), pick the most important for you.
you are welcome. Glad that it give you a starting point.
NIST actually has many good resource and practice, but the problem is you need to know where to find, which SP is taking care of what and spend time on them.
You could start by simple by ensuring the essentials were in place:
It's important not to get lost in the detail and overlook something essential.