Protect - Access Management
Aug 30, 2022One of the largest components of the NIST Framework falls under the “Protect” function, which provides a series of outcomes to secure your systems. This function supports the ability to reduce the attack surface and limit the cyber events' impact on your systems.
Protecting your organization involves six critical cybersecurity categories:
- Access Control
- Awareness and Training
- Data Security
- Information Protection Processes and Procedures
- Maintenance
- Protective Technologies
What is the first thing that comes to mind when you hear “access management?” Most often than not is usernames and passwords. However, here is what you need to know:
- The credentials must be identified and managed (the entire lifecycle, from creation to deletion)
- Physical access to your devices also falls under this category
- Managed remote access
- Access permissions are managed using the principle of least privilege
- Network segmentation is also part of access control
- Make sure all activities are associated with an individual for audit traceability
- Based on risk, use multi-factor authentication (MFA) as appropriate
Did you know that Access Control was a lot more involved?
========
*** FREE GUIDE ***
https://www.execcybered.com/asset-management
- Blog: https://www.execcybered.com/blog
- Training: https://www.execcybered.com/iso27001foundationcourse
- Linkedin: https://www.linkedin.com/company/exceccybered/
- Twitter: https://twitter.com/DrBillSouza
- Instagram: https://www.instagram.com/drbillsouza/
- Youtube: https://bit.ly/3BGOtPA
Author: Dr. Bill Souza | Aug 30, 2022
