Best practices is a term you'll hear a lot in cybersecurity. In this article we'll talk about what best practices are, where they come from, and where you can find them.

Technical best practices - in the cybersecurity field - is a blanket term for commonly accepted security settings, configurations, and architectures that are deemed to be secure when implemented. These best practices are often found in compliance programs and spreadsheets, but typically originate from recommendation set forth by the National Institute of Standards and Technologies (NIST).

The NIST Special Papers 800 series is an extremely comprehensive set of standards for government systems, but are very applicable to businesses as well. Some notable papers to check out at NIST include:

  • NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations
  • NIST SP 800-30 - Guide for Conducting Risk Assessments
  • NIST SP 800-171 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Aside from NIST, there are a number of other organizations that publish best practices for various technologies. Some notable examples include:

Cybersecurity is constantly evolving along with IT. We recommend finding the bet practices for the technologies you use most in your environment, either from the links above and become familiar with the possible security controls you can implement to make your organization more secure.

For more information on this topic, please reach out to us; we’re here to help!

Did this answer your question?