Best practices is a term you'll hear a lot in cybersecurity. In this article, we'll talk about what best practices are, where they come from, and where you can find them.
Technical best practices - in the cybersecurity field - is a blanket term for commonly accepted security settings, configurations, and architectures that are deemed to be secure when implemented. These best practices are often found in compliance programs and spreadsheets, but typically originate from recommendation set forth by the National Institute of Standards and Technologies (NIST).
The NIST Special Papers 800 series is an extremely comprehensive set of standards for government systems, but are very applicable to businesses as well. Some notable papers to check out at NIST include:
-
NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations
-
NIST SP 800-30 - Guide for Conducting Risk Assessments
-
NIST SP 800-171 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Aside from NIST, there are a number of other organizations that publish best practices for various technologies. Some notable examples include:
-
DISA Security Technical Implementation Guides (STIGs) - A very in-depth resource for securing operating systems, applications, network devices, and much more.
-
CIS Benchmarks - Similar to the STIGs, but aimed more towards business. This is generally a subset of the STIGs but in a commercial format.
-
Open Web Application Security Project™ (OWASP) Top 10 Project - The OWASP project is specifically geared towards web application security. The top-10 is a yearly list of best practice that should be followed by all web application developers.
Cybersecurity is constantly evolving along with IT. We recommend finding the bet practices for the technologies you use most in your environment, either from the links above and become familiar with the possible security controls you can implement to make your organization more secure.
For more information on this topic, please reach out to us; we’re here to help!