Here is an interesting place to come across some cybersecurity best practices.
The Securities and Exchange Commission (SEC) recently issued a report on what organizations are doing that achieve success in cybersecurity.
The SEC's Office of Compliance Inspections and Examinations (OCIE) uncovered the following best practices while looking at Data Loss Prevention (DLP) programs.
These programs are designed to protect against the loss or misuse of data.
Data Loss Prevention (DLP) best practices
Successful DLP efforts include eight key tenets:
1. Establishing vulnerability management programs
2. Monitoring incoming and outgoing network traffic (i.e., using firewalls, web proxy systems, and intrusion detection systems)
3. Implementing endpoint threat detection capabilities
4. Establishing patch management programs for software and hardware
5. Maintaining an inventory of hardware and software, including how such systems are protected
6. Encrypting data and implementing network segmentation
7. Monitoring insider threats through testing business systems and conducting penetration tests
8. Securing legacy systems and equipment to ensure that any disposal of hardware and software programs does not lead to vulnerabilities
What else would you add to the list?
Additional cybersecurity best practices
The SEC report also covers additional InfoSec best practices around resilience, GRC, IAM, and incident response. Read the report here.
And speaking of cybersecurity best practices, they have implemented a lot of them at Aflac. Listen to our podcast interview with Aflac Global CSO Tim Callahan for a crash course: