Defensive Security Controls

  1. Technical controls

    1. System hardening

    2. Sanitize user input/parameterize

    3. Administrative controls

    4. - Multifactor authentication

    5. - Encryption -

    6. - Process-level remediation

    7. - Patch management

    8. - Key rotation

    9. - Certificate management

    10. - Secrets management solution

    11. - Network segmentation

    12. - Infrastructure security controls

  2. Physical controls

    1. Access control vestibule

    2. Biometric controls

    3. Video surveillance

  3. Operational controls

    1. Job rotation

    2. Time-of-day restrictions

    3. Mandatory vacations

    4. User training

  4. Administrative Controls

    1. Role-based access control

    2. Secure software development life cycle

    3. Minimum password requirements

    4. Policies and procedures

PreviousChainsawNextPhysical Security

Last updated