Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cees
Newcomer II
‎08-05-2021 08:56 AM
‎08-05-2021 08:56 AM

Security Guiding principles

Hi, 

 

We have a 400 staff client, a manufacturing company. This client is far away from (ISO27001) certification. I want to start small by presenting security guiding principles; e.g. use least privilages, avoid using generic accounts, avoid giving persons access rights on CI's (use security groups), use netwerksegmentation, harden servers, keep servers up to date, CIA etc. This should fit on 1 page.
These are general principle's, so it does not describe "how" and "scope".

 

Is there somebody who has listed these principles already and is willing to share? 

 

Thanks in Advance. 

Reply
6 Replies
tmekelburg1
Community Champion
‎08-05-2021 09:34 AM
‎08-05-2021 09:34 AM

If they're already familiar with the ISO standards related to the different manufacturing processes, it may not be a hard sell if you wanted to start the conversation with 27001.

 

If you wanted to throw a quick slide show together about what you listed, I'd recommend building it off of the CIS Controls.

 

The 18 CIS Controls (cisecurity.org) 

Reply
csjohnng
Community Champion
‎08-05-2021 02:53 PM
‎08-05-2021 02:53 PM

Depend on your audience and readers.

NIST 800 SP 160 volume 1 has appendix F for design principle for security (but that's for security engineering), pick the most important for you.

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf

 

John
Reply
0 Kudos
Cees
Newcomer II
‎08-06-2021 03:49 AM
‎08-06-2021 03:49 AM

Appendix F gives me inspiration for making a 1 page summery. thanks
Reply
0 Kudos
csjohnng
Community Champion
‎08-06-2021 05:30 AM
‎08-06-2021 05:30 AM

you are welcome. Glad that it give you a starting point.

NIST actually has many good resource and practice, but the problem is you need to know where to find, which SP is taking care of what and spend time on them.

John
Reply
0 Kudos
Steve-Wilme
Advocate II
‎08-06-2021 06:20 AM
‎08-06-2021 06:20 AM

You could start by simple by ensuring the essentials were in place:

 

https://www.ncsc.gov.uk/collection/small-business-guidehttps://www.ncsc.gov.uk/files/NCSC_A5_Small_B...

 

https://www.ncsc.gov.uk/collection/10-steps

https://www.ncsc.gov.uk/files/2021-10-steps-to-cyber-security-infographic.pdf

 

It's important not to get lost in the detail and overlook something essential.

 

 

 

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos
Cees
Newcomer II
‎08-06-2021 07:29 AM
‎08-06-2021 07:29 AM

Very interesting. It looks like the Statement of Applicability of the ISO 27001. The excel gives a great overview,
Reply
0 Kudos