| title | description | published | date | tags | editor | dateCreated |
|---|---|---|---|---|---|---|
Procedures, Controls & Guides |
true |
2021-08-10 15:07:29 UTC |
bronze, home, bronze-controls |
markdown |
2021-03-02 03:57:32 UTC |
Implementing processs for sticking to strategic direction, managing risks, and verifying that your systems work as designed today and will work as expected during an incident. {.is-success}
- Code of Conduct
- Incident Categories {.links-list}
Practices for classifying, managing, and storing your information/data electonically. {.is-success}
- Data Handling Controls
- Secure sanitization of storage media
- SharePoint Governance
- Protecting SMS messages
- Offline backups
- Microsoft Office Macros {.links-list}
Technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. {.is-success}
- Introduction to identity and access management
- Password guidance
- Multi-factor authentication for online services
- Conditional and Context-Aware access control {.links-list}
Technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. {.is-success}
- E-Mail Anti-Spoofing & Trust Collection
- Configure DMARC, DKIM, and SPF
- Protect against phishing, malware, and frauds.
- Manage inbound requests, website contact forms, and the like {.links-list}
- Choose an anti-spoofing management tool
- Protect email in transit
- Configure anti-spoofing controls
- Send spoof emails to spam
- Spoof emails being rejected
- Continuous improvement {.grid-list}
Device management is the process of managing the implementation, operation and maintenance of a physical and/or virtual device. It is a broad term that includes various administrative tools and processes for the maintenance and upkeep of a computing, network, mobile and/or virtual device. Majority of this section emphasizes Mobile Device Management, which is an industry accepted term for nearly all End-User Devices. While historically worksations and desktops were treated differently from phones and tables, the convergence of these technologies has made them ubquitious. BCSF assumes that all end-user devices are mobile devices whether they are a workstation, desktop, laptop, phone, tablet, or thin-client.
Securing mobile devices is an essential part of guarding your organization against a variety of threats, many of which herald from the internet. You can also begin with our forward for Mobile Device Guidance. {.is-success}
Before you start deploying and configuring mobile devices, there are a few important decisions you need to make. This includes which devices to buy, how to buy them, and how to get them into the hands of your users, securely.
The choices you make at this stage of your deployment can have a huge impact on the resulting security of your networks, so it’s important to get them right. The guides in this section will walk you through these key decisions, highlighting the security issues at stake and suggesting 'best practice' solutions where possible. {.is-info}
- Choosing mobile devices Advice on how to choose which smartphones, tablets, laptops or desktop PCs to use in your organization.
- Purchasing devices Managing supply chain security when buying smartphones, tablets, laptops and desktop PCs
- Provisioning and distributing devices Advice for IT administrators on how to provision and distribute smartphones, tablets and laptops to end users
- Zero-touch enrollment Using zero-touch enrollment to automatically provision smartphones, tablets and laptops
- Mobile Device Management Advice on the selection and implementation of Mobile Device Management within your enterprise {.links-list}
Once you’ve chosen which devices your staff will use and decided how they should use them, you’ll need to start thinking about how to configure these devices and the services on them. Ideally, there will be a combination of settings and controls which makes it easy for your users to get their jobs done but makes it hard for attackers to compromise your systems. {.is-info}
- Using biometrics Advice for IT system administrators on using biometric authentication on smartphones, tablets, laptops and desktop PCs.
- Antivirus and other security software Advice on the selection, configuration and use of antivirus and other security software on smartphones, tablets, laptops and desktop PCs
- Managing web browser security Advice for IT Admins on the management of security settings for web browsers
- Using built-in cloud services Secure use of built-in cloud services on smartphones, tablets, laptops and desktop PCs.
- Using peripherals securely Advice for IT system administrators on the secure management of peripherals for smartphones, tablets, laptops and desktop PCs
- Using third-party applications Advice on the assessment, distribution and use of third-party applications on smartphones, tablets, laptops and desktop PCs
- Enterprise instant messaging Advice on assessing the security features of enterprise instant messaging systems for smartphones, tablets, laptops and desktop PCs {.links-list}
Even once your devices are in the hands of your users, there is still more work to do. In particular, you’ll want to make sure your deployment remains secure. {.is-info}
- Erasing mobile devices Advice for IT admins and individuals on the secure removal of data or malware from smartphones, tablets, laptops and desktop PCs
- Keeping devices and software up to date Advice for individuals and organizations on keeping software on smartphones, tablets, laptops and desktop PCs up to date.
- Logging and protective monitoring Using logging and monitoring to identify threats and protect smartphones, tablets, laptops and desktop PCs
- Managing mobile device firmware Advice for IT system administrators on firmware management for smartphones, tablets, laptops and desktop PCs
- Advising end users Advising your organization’s users on expected and acceptable uses of smartphones, tablets, laptops and desktop PCs
- Obsolete products Reducing the risks from using out of date smartphones, tablets, laptops, desktop PCs, appliances or software applications.
- Bring Your Own Device (BYOD) Guidance for organizations on enabling staff to use their own smartphones, tablets, laptops and desktop PCs to access work information.
- BYOD/Personal Device Agreement Sample Template for stating the oversight capabilities your organization has over personal devices whehn accessing company resources. {.links-list}
Any deployment of mobile devices will be built upon a network of supporting infrastructure. This section includes our guidance on how to develop, manage, and secure the systems which underpin your mobile devices. {.is-info}
- Enterprise authentication policy Implementing effective authentication on smartphones, tablets, laptops and desktop PCs
- Virtual Private Networks (VPNs) Choosing, deploying and configuring VPN technologies
- Network architectures Advice for network architects and systems administrators on the design of remote access architecture for enterprise services {.links-list}
- Securing Windows 10
- Securing macOS
- Securing iOS {.links-list}
- Reset and reprovision - Windows
- Reset and reprovision - iOS
- Reset and reprovision - Android {.links-list}
Network management is the process of administering and managing computer networks. Services provided by this discipline include fault analysis, performance management, provisioning of networks and maintaining quality of service. {.is-success}
- Protecting organizations from malicious web content
- Domain Name System
- Preventing Lateral Movement {.links-list}
System monitoring is essentially about checking the operation of devices and applications across the IT infrastructure, including measuring traffic and activity between different network components. It can also include catching discrete occurrences or patterns within event logs signaling errors or security issues. {.is-success}
- Introduction to logging for security purposes {.links-list}
Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security {.is-success}
Guidance for organizations looking to use, deploy, and understand the risks of adopting a range of popular Software as a Service (SaaS) applications. {.is-success}