Monday, October 15, 2018
  • Security as a North Star at Contact Atlantic
  • W32/Agent Virus – How to Remove It
  • Why DNSSEC Isn’t Enough
  • Remove Excellentsearch.org Browser Hijacker
  • Support for PHP 5.6.x Ends in 2 Months, Millions of Websites at Risk

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Security Bloggers Network 

Home » Security Bloggers Network » 6 Steps for Establishing and Maintaining Digital Integrity

6 Steps for Establishing and Maintaining Digital Integrity

by David Bisson on July 8, 2018

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or impairment.

Digital integrity is possible only through the merging of people, process and technology into a holistic framework. Such an effort can be difficult without proper guidance. Fortunately, several of the Center for Internet Security’s Critical Security Controls (also known as the CIS Controls) can help. Organizations should pay particular attention to these security measures:

  • CIS Controls 3, 5 and 11 together help organizations continuously manage their vulnerabilities, harden critical endpoints and monitor for unexpected changes.
  • CIS Control 17 aids organizations in creating a security awareness training program for their employees that helps maintain skills and competencies.
  • CIS Control 6 supports organizations in their development of an audit log policy and implementation of proactive change management.

With those controls, businesses can abide by the following six steps to establish and maintain a profile of digital integrity.

Step 1: Establish a Configuration Baseline for Your Infrastructure

Organizations need to understand how their assets are configured. Towards this end, they can use CIS Controls 5 and 11 to create a configuration baseline that allows them to manage configurations, catalog acceptable exceptions and issue alerts for unauthorized changes. Enterprises should design that standard in such a way that it applies to all authorized endpoints.

Step 2: Determine the Critical Files and Process You Need to Monitor Your Baseline

With a baseline in place, organizations need to monitor it using their critical files and processes. They can apply CIS Controls 7-17 to refine their monitoring processes to include endpoint (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/6-steps-for-establishing-and-maintaining-digital-integrity/

July 8, 2018July 8, 2018 David Bisson configuration, Featured Articles, Integrity, Security Controls
  • ← How to Ensure Safety from Fraud Within Your Business
  • The Shared Security Weekly Blaze – Mobile App Data Leaks, The California Privacy Act, Third-party Gmail Access →
Featured Blog

Secure Code Warrior

Why financial institutions are leading the charge to upskill their developers in secure coding

Secure Code Warrior

Why SQL Injections Are The Cockroaches of the AppSec World (and how CISOs can eradicate them once and for all)

Secure Code Warrior

A Brighter Future For DevSecOps? It’s Closer Than You Think

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

White House: Let’s Get It On with Cyber Ops
Chinese MSS Officer Extradited to U.S. from Belgium
Scraping Attacks: Compromising Web Security, Impacting Business Continuity
Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
Carbon Black Introduces Cb ThreatHunter, Delivering Advanced Threat Hunting and Incident Response (IR) Capabilities on the Cb Predictive Security Cloud™ (PSC)
Supply Chain Security 101: An Expert’s View
Yes, a Data Breach Is Inevitable: Here’s Why and What You Should Do
Millions of Rewarding Jobs: Educating for a Career in Cyber Security
Rob Bathurst on IoT, Healthcare Security, and CypherFrame
Threat Announcement: Phishing Sites Detected on Emoji Domains

Upcoming Webinars

Thu 18

Building Blocks of Secure Development: How to Make Open Source Work for You

October 18 @ 11:00 am - 12:00 pm
Mon 29

Seeing Red: Understanding Red Team Security

October 29 @ 1:00 pm - 2:00 pm
Wed 31

Beyond S3 Buckets – Effective Countermeasures for Emerging Cloud Threats

October 31 @ 11:00 am - 12:00 pm
Nov 07

Operationalizing Data For Fraud Investigations

November 7 @ 1:00 pm - 2:00 pm
Nov 29

Cloud Security: What You Need to Know

November 29 @ 1:00 pm - 2:00 pm
Dec 13

Year-End Review/Predictions

December 13 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The Main Application Security Technologies to Adopt by 2018

CISO/Security Vendor Relationship Series

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

5 Tips to Ensure a Secure Cloud Migration
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

5 Tips to Ensure a Secure Cloud Migration

October 15, 2018 Gilad David Maayan | 6 hours ago 0
SOAR: Helping Maximize the Value of Your Security Team
CISO Suite Cybersecurity Industry Spotlight Security Boulevard (Original) 

SOAR: Helping Maximize the Value of Your Security Team

October 12, 2018 Cody Cornell | 3 days ago 0
Scraping Attacks: Compromising Web Security, Impacting Business Continuity
Blockchain Data Security Industry Spotlight Security Boulevard (Original) 

Scraping Attacks: Compromising Web Security, Impacting Business Continuity

October 11, 2018 Rakesh Thatha | 4 days ago 0

Top Stories

Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya
Endpoint Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Backdoor Links 2016 Ukrainian Blackout to Sandworm APT and NotPetya

October 12, 2018 Lucian Constantin | 2 days ago 0
Magecart Injects Skimmer Code in Customer Rating Widget
Data Security Endpoint Featured News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Magecart Injects Skimmer Code in Customer Rating Widget

October 11, 2018 Lucian Constantin | 3 days ago 0
Red Hat Extends Cybersecurity Automation Ambitions
Cybersecurity DevOps Featured News Security Boulevard (Original) Spotlight 

Red Hat Extends Cybersecurity Automation Ambitions

October 10, 2018 Michael Vizard | Oct 10 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.