cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cees
Newcomer II

Security Guiding principles

Hi, 

 

We have a 400 staff client, a manufacturing company. This client is far away from (ISO27001) certification. I want to start small by presenting security guiding principles; e.g. use least privilages, avoid using generic accounts, avoid giving persons access rights on CI's (use security groups), use netwerksegmentation, harden servers, keep servers up to date, CIA etc. This should fit on 1 page.
These are general principle's, so it does not describe "how" and "scope".

 

Is there somebody who has listed these principles already and is willing to share? 

 

Thanks in Advance. 

6 Replies
tmekelburg1
Community Champion

Re: Security Guiding principles

If they're already familiar with the ISO standards related to the different manufacturing processes, it may not be a hard sell if you wanted to start the conversation with 27001.

 

If you wanted to throw a quick slide show together about what you listed, I'd recommend building it off of the CIS Controls.

 

The 18 CIS Controls (cisecurity.org) 

csjohnng
Community Champion

Re: Security Guiding principles

Depend on your audience and readers.

NIST 800 SP 160 volume 1 has appendix F for design principle for security (but that's for security engineering), pick the most important for you.

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1.pdf

 

John
Cees
Newcomer II

Re: Security Guiding principles

Appendix F gives me inspiration for making a 1 page summery. thanks
csjohnng
Community Champion

Re: Security Guiding principles

you are welcome. Glad that it give you a starting point.

NIST actually has many good resource and practice, but the problem is you need to know where to find, which SP is taking care of what and spend time on them.

John
Steve-Wilme
Advocate I

Re: Security Guiding principles

You could start by simple by ensuring the essentials were in place:

 

https://www.ncsc.gov.uk/collection/small-business-guidehttps://www.ncsc.gov.uk/files/NCSC_A5_Small_B...

 

https://www.ncsc.gov.uk/collection/10-steps

https://www.ncsc.gov.uk/files/2021-10-steps-to-cyber-security-infographic.pdf

 

It's important not to get lost in the detail and overlook something essential.

 

 

 

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Cees
Newcomer II

Re: Security Guiding principles

Very interesting. It looks like the Statement of Applicability of the ISO 27001. The excel gives a great overview,