Cyber Security Controls

  • Preventive security controls

    • Security Policies

    • Physical security policies

    • Do we have security awareness training

      • On boarding training

      • Quarterly training

    • Data encryption

    • Writing weak passwords

  • Deterrent Security controls

    • Firewalls

    • Encryption

  • Technical/logical controls

    • Encryption

    • TPM on assets

  • Detective security controls

    • Log management

      • SIEM/SOC/SOAR

    • Honey Pots/deception technology

  • Corrective security controls

    • Antivirus/endpoint

    • IDS/IPS

    • Business continuity plans

  • Recovery controls

    • Backup copies

    • Sever clustering

  • Privacy controls

    • Privacy Policies

  • Data protection

    • Standards

    • Procedures

    • Baselines

    • Guidelines

  • Data Classification

  • Data Lifecycle

    • Data creation

    • Data Storage

    • Data in use

    • Data sharing

    • Data Archive

    • Data Destroy

  • OECD Guidelines

    • Data collection limitation

    • Data quality

    • Data collection purpose specification

    • Use limitation

    • Security safeguards

    • Openness

    • Individual participation

    • Accountability

    • Supervisory Authority (SA)

  • Privacy standards

    • GDPR

    • Following SMART approach to build polices

    • Developing and communicating acceptable use case policies

    • Periodical Review and assessment of the policies

  • Organization policies:

    • Vulnerability Policy

    • Cloud computing policy

    • Incident reporting policy

    • Cloud storage policy

    • Business continuity policy

    • Disaster Recovery

    • Developing and communicating acceptable use case policies

    • Following SMART approach to build polices

PreviousCyber Security Road MapNextCyber Security Strategy and Architecture

Last updated