IT SECURITY FUNDAMENTALS

 

To Protect Your Caribbean Business or Organization From Cyber Criminals & Hackers Requires The Following Key Proactive Measures:

 

• Know What Hardware and Software Exist On Your Computer Network, as You Can't Protect What You Don't Know.

 

• Have an Internet Penetration Test Conducted Annually to Know Your Internet Facing Network Weaknesses and Vulnerabilities a Hacker Can Exploit.

 

• Have an  Internal Vulnerability Assessment Conducted Annually as the Greatest Cyber Risk Is Always From the Inside.

 

• Establish an IT Security Program Plan & Supporting System Policies.

 

• Conduct Mandatory End-User Cyber Security Awareness Training.

 

 

CCSC STANDARDS AND BENCHMARKS:

 

• ISO/IEC 27002:2005 (Code of Practice for Information Security Management)

• ISO/IEC 27002: 17799 Information Security Standards

• ISO/IEC 15408 (Evaluation Criteria for IT Security)

• ITIL (OR ISO/IEC 20000 SERIES)

• FISMA\NIST

 

Recommended IT Security Benchmarks:

 

• Center for Internet Security Benchmarks (CIS)

• Control Objectives for Information and related Technology (COBIT)

• Federal Information Security Management Act (FISMA)

• Federal Desktop Core Configuration (FDCC)

• Gramm-Leach-Bliley Act (GLBA)

• Health Insurance Portability and Accountability Act (HIPAA)

• Information Technology Information Library (ITIL)

• National Institute of Standards (NIST) configuration guidelines

• Payment Card Industry Data Security Standards (PCI DSS)

• Sarbanes-Oxley (SOX)

• Site Data Protection (SDP)

• Microsoft SSLF compliance