Reducing Risk Impact - A Goal To Be Experienced

Security is always coupled with the term RISK. When we say implementing or measuring security controls for the environment then it, in turn, has an impact on the risk factor which is made or measured tolerable or under the limit. Security is a wide term consists of various things into consideration for keeping the infra or application security. But few basic measure or awareness imbibed in our day to day practice would vastly reduce exposure to high risks. Following are the major areas that contribute to risk which on controlling would minimize it.

  1. Server Controls
  2. Network Controls
  3. Logical Access Controls
  4. Log Management Controls
  5. Backup Controls

Few minimal checks performed regularly with respect to each control will ensure efficient path in reducing risk.

Server Controls:

  • Proper updation of server patches
  • Ensuring no application/Database sharing the same server

Network Controls:

  • Using TLS latest version of all the communication channel
  • Not disclosing any application related information like its name, version etc
  • Disabling SSL versions

Logical Access Controls:

  • Do not set the password same or vice versa as the username
  • Stick to minimum 8 character length of password with the combination of lower case, upper case, special characters and numbers
  • Restrict the failed attempts to a certain (as per standard based on criticality) number
  • Allocate the least privilege for the users on need to know basis
  • High privileged user accounts should be vault
  • Avoid creating shared user access
  • Guest users should have only view alone permission
  • Delete the accounts when not active for certain (as per standard based on criticality) number of days

Log Management Controls:

  • Ensure logging happens regularly
  • Audit logs should exist
  • Log rotation should be configured to capture continuous logging
  • Logs should be archived on a regular interval
  • Backup of the logs should be maintained

Backup Controls:

  • Backup should be planned for regular intervals
  • Backups should be archived 
  • Latest successful backup should be transferred on tapes and located in different locations

On keeping these measures in mind while performing an assessment for security or for risk will pull down the risk factor to low. This would apply to all sort of components that are measured to comply for security such as Application, Server, Database, Network Devices etc. Let’s have these basics noted and follow to strive for risk-free security.

Authored By - Rajalakshmideepa
TCS Cyber Security Practice

 

Rate this article: 
Average: 5 (1 vote)
Article category: