joffmatteo
Posts: 11 +0
I just wonder,does firewall or antivirus was sufficient to protect our company from cyber threat or we also need to study it security or cyber security? what's your thought about this?
How did you protect your company regarding cyber threat?
- Thread starter joffmatteo
- Start date
cliffordcooley
Posts: 13,141 +6,441
A firewall and antivirus is not even enough to protect people that are not a high priority target. Companies become higher priority target the larger they grow. Companies that do not take steps in locking down their systems will only find themselves compromised sooner.
I'm not IT. But if I was. I would not allow anyone, any freedom outside their terminal responsibilities. People in general can not be trusted to keep your company systems safe.
I'm not IT. But if I was. I would not allow anyone, any freedom outside their terminal responsibilities. People in general can not be trusted to keep your company systems safe.
TheDevopsGuy
Posts: 681 +195
General Items/policies you should be looking at.
Windows GPO limitation for Downloads and system access.
Password policies-- Long passwords that expire at "the very least!" every 60 days
A well hardened Firewall we use Juniper for example but any other brand such as Cisco ASA ect should be fine.
Group Assignment-- Segregate your users into groups and set requirements as per users needs.-- Most of the time the less permissions the better!
Probably the most important here is.
User training... Please educate your users I cannot stress how many issues are introduced by an uneducated users. The last thing you want is admin/user credentials being stolen through a phishing attempt.
Windows GPO limitation for Downloads and system access.
Password policies-- Long passwords that expire at "the very least!" every 60 days
A well hardened Firewall we use Juniper for example but any other brand such as Cisco ASA ect should be fine.
Group Assignment-- Segregate your users into groups and set requirements as per users needs.-- Most of the time the less permissions the better!
Probably the most important here is.
User training... Please educate your users I cannot stress how many issues are introduced by an uneducated users. The last thing you want is admin/user credentials being stolen through a phishing attempt.
D
DelJo63
Remember -- all the policies in the world are PASSIVE and by themselves do absolutely nothing. The active part is the educated user who READS and follows each policy every day.
As the company grows and staff is added to create the I.T.(information technology) department, you need to budget immediately for a Security Czar who will manage ALL security devices, policies and how/who gets access to what. DO NOT SKIP THIS STEP.
As the company grows and staff is added to create the I.T.(information technology) department, you need to budget immediately for a Security Czar who will manage ALL security devices, policies and how/who gets access to what. DO NOT SKIP THIS STEP.
D
DelJo63
Start reading on the subject "Roll based permissions"
en.wikipedia.org
Role-based access control (RBAC) refers to the idea of assigning permissions to users based on their role within an organization. It provides fine-grained control and offers a simple, manageable approach to access management that is less prone to error than assigning permissions to users individually.
Role-based access control - Wikipedia
Similar threads
