Professional Documents
Culture Documents
CYBER CONTROLS
CLIENT
GANESH TECHNOLOGIES
DATE: 4/18/2024
Summary Report
4/18/2024
Level 1
Multi-factor Authentication
Require multi-factor authentication for all remote access and cloud-based services.
Cyber Insurance
Obtain and maintain adequate cyber insurance coverage for risk like network security & privacy liability, media liability,
business interruption and errors and omissions.
Level 2
Regulatory Frameworks
An industry framework has been identified, adopted, and actively used for cyber risk management? (NIST, CIS, ISO)
Report Phishing
Configure email client with a "Report Phish" button/mechanism, so employees can flag suspicious emails.
Conditional Access
Apply and user conditional access policies to enables user app access and sessions to be monitored and controlled in real
time based on access and session policies.
Level 3
Vulnerability Notification
Sign-up for automated email alerts from Common Vulnerabilities and Exposure (CVE) data sources.
Password Repository
Use a commercial off-the-shelf password repository to store administrative passwords and tightly control access to this
repository.
Secure Disposal
Develop procedures to wipe hard drives and remove configuration and all related information from assets ready to be
retired.
Operator Accounts
Do not allow shared operator accounts. If there is a system limitation maintain a way to track the operator based on shift/
schedule or logical access path.
Phishing Campaign
Develop a phishing awareness training program that includes simulated phishing campaigns targeted at your own
employees.
Level 4
DDoS Mitigation
Purchase a cloud-based anti-DDoS solution to filter or divert malicious DDoS traffic.
Cloud Connections
Encrypt all information stored outside the premises of the organization in the cloud, and ensure secure access to data
stored in the cloud (e.g. using secure web browser connections).
Level 5
DHCP Logging
Enable Dynamic Host Configuration Protocol (DHCP) logging on all DHCP servers or IP address management tools.
Vulnerability Remediation
Compare the results from back-to-back vulnerability scans to verify that vulnerabilities have been remediated per required
timeframes.
Temporary Accounts
All application test accounts, contractor accounts, and third-party accounts must have; a) Owner identified that is an
employee/contractors manager, b) the expiry date set during provisioning.
Secure Development
Ensure web application developers use secure coding practices like OWASP Top 10.
Level 6
Whitelisting
Utilize application whitelisting technology on all assets to ensure that only authorized software executes and all
unauthorized software is blocked.
Host Segregation
Operate critical services on separate physical or logical host machines, such as DNS, DHCP, file, mail, web, and database
servers.
Jump Servers
If 2FA is not feasible, consider restricting administration to geographically disparate (at least 2) or independently-hosted
administrative jump stations and implementing 2FA on those jump servers.
Level 7
Password Blacklist
Implement a password blacklist that checks against known weak passwords before a new password is allowed for use.
Pre-shared Keys
Treat pre-shared keys like TACACS+, RADIUS, SNMP community strings like an administrator password and set character
length and complexity matching the admin password requirements or more.
Drift Remediation
Establish configuration drift remediation timelines based on risk ranking.
Log Review
On a regular basis, review logs to identify anomalies or abnormal events.
Cloud IDaaS
Use single sign-on or federated credentials for cloud service access.
Use Breadcrumbs/Canary
Deploy breadcrumbs across your environment with alerts set when credentials, systems or data is accessed.
Level 8
Change Control
Establish and follow a strict change procedure for security appliance configuration and all firewall rules.
Classify Data
Analyze and classify all your data based on the sensitivity of the information. Data security categories might include
restricted, confidential, internal use, and public.
Level 9
Use Automated Tools to Verify Standard Device Configurations and Detect Changes
Compare all network device configurations against approved baselines and alert when any deviations are discovered.
Implement Decoys
Enumerate your IT environment and plant decoy endpoints, servers, devices into your environment with alerts configured to
fire on each of these decoys.
Cloud Logging
Make sure to turn on security logging and monitoring to see unauthorized access attempts and other issues.
Level 10
Threat Intelligence
Cyber threat intelligence is received from information sharing forums and sources
Compliance Requirements
Establish a compliance function/department dedicated to meeting applicable compliance requirements.
Implement DMARC
Implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification.
Geo Fencing
Use geo fenced decoy files that provide geo-location data and intelligence when opened.
Threat Hunting
Perform a periodic threat hunting investigation based on known Indicators of Compromise (IOC) or Indicators of Attack
(IOA)