Professional Documents
Culture Documents
Controls Report 4-17-2024
Controls Report 4-17-2024
CYBER CONTROLS
CLIENT
JOSHI TREDERS
DATE: 4/17/2024
Summary Report
4/17/2024
Level 1
Multi-factor Authentication
Require multi-factor authentication for all remote access and cloud-based services.
Cyber Insurance
Obtain and maintain adequate cyber insurance coverage for risk like network security & privacy liability, media liability,
business interruption and errors and omissions.
Conditional Access
Apply conditional access policies to fine-tune cloud access control with contextual factors such as user, device, location,
and real-time risk information.
Level 2
Report Phishing
Configure email client with a "Report Phish" button/mechanism, so employees can flag suspicious emails.
Regulatory Frameworks
An industry framework has been identified, adopted, and actively used for cyber risk management? (NIST, CIS, ISO)
Level 3
Password Repository
Use a commercial off-the-shelf password repository to store administrative passwords and tightly control access to this
repository.
Secure Disposal
Develop procedures to wipe hard drives and remove configuration and all related information from assets ready to be
retired.
Vulnerability Notification
Sign-up for automated email alerts from Common Vulnerabilities and Exposure (CVE) data sources.
Phishing Campaign
Develop a phishing awareness training program that includes simulated phishing campaigns targeted at your own
employees.
Operator Accounts
Do not allow shared operator accounts. If there is a system limitation maintain a way to track the operator based on shift/
schedule or logical access path.
Level 4
DDoS Mitigation
Purchase a cloud-based anti-DDoS solution to filter or divert malicious DDoS traffic.
Cloud Connections
Encrypt all information stored outside the premises of the organization in the cloud, and ensure secure access to data
stored in the cloud (e.g. using secure web browser connections).
Level 5
DHCP Logging
Enable Dynamic Host Configuration Protocol (DHCP) logging on all DHCP servers or IP address management tools.
Vulnerability Remediation
Compare the results from back-to-back vulnerability scans to verify that vulnerabilities have been remediated per required
timeframes.
Secure Development
Ensure web application developers use secure coding practices like OWASP Top 10.
Temporary Accounts
All application test accounts, contractor accounts, and third-party accounts must have; a) Owner identified that is an
employee/contractors manager, b) the expiry date set during provisioning.
Level 6
Whitelisting
Utilize application whitelisting technology on all assets to ensure that only authorized software executes and all
unauthorized software is blocked.
Host Segregation
Operate critical services on separate physical or logical host machines, such as DNS, DHCP, file, mail, web, and database
servers.
Jump Servers
If 2FA is not feasible, consider restricting administration to geographically disparate (at least 2) or independently-hosted
administrative jump stations and implementing 2FA on those jump servers.
Level 7
Password Blacklist
Implement a password blacklist that checks against known weak passwords before a new password is allowed for use.
Pre-shared Keys
Treat pre-shared keys like TACACS+, RADIUS, SNMP community strings like an administrator password and set character
length and complexity matching the admin password requirements or more.
Drift Remediation
Establish configuration drift remediation timelines based on risk ranking.
Log Review
On a regular basis, review logs to identify anomalies or abnormal events.
Cloud IDaaS
Use single sign-on or federated credentials for cloud service access.
Use Breadcrumbs/Canary
Deploy breadcrumbs across your environment with alerts set when credentials, systems or data is accessed.
Level 8
Change Control
Establish and follow a strict change procedure for security appliance configuration and all firewall rules.
Classify Data
Analyze and classify all your data based on the sensitivity of the information. Data security categories might include
restricted, confidential, internal use, and public.
Level 9
Use Automated Tools to Verify Standard Device Configurations and Detect Changes
Compare all network device configurations against approved baselines and alert when any deviations are discovered.
Cloud Logging
Make sure to turn on security logging and monitoring to see unauthorized access attempts and other issues.
Implement Decoys
Enumerate your IT environment and plant decoy endpoints, servers, devices into your environment with alerts configured to
fire on each of these decoys.
Level 10
Threat Intelligence
Cyber threat intelligence is received from information sharing forums and sources
Compliance Requirements
Establish a compliance function/department dedicated to meeting applicable compliance requirements.
Implement DMARC
Implement Domain-based Message Authentication, Reporting and Conformance (DMARC) policy and verification.
Geo Fencing
Use geo fenced decoy files that provide geo-location data and intelligence when opened.
Threat Hunting
Perform a periodic threat hunting investigation based on known Indicators of Compromise (IOC) or Indicators of Attack
(IOA)