Sunday, October 1, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Avoid libwebp Electron Woes On macOS With positron
  • A Closer Look at the Snatch Data Ransom Group
  • Discover Endpoint VPN in 2023: Unlocking Secure Remote Access
  • DEF CON 31 - Lorenzo Cococcia 's 'War Stories - Finding Foes And Yourself With Latency Trilateration'
  • 2023 OWASP Top-10 Series: API10:2023 Unsafe Consumption of APIs
Security Bloggers Network 

Home » Security Bloggers Network » 6 Steps for Establishing and Maintaining Digital Integrity

SBN

6 Steps for Establishing and Maintaining Digital Integrity

by David Bisson on July 8, 2018

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or impairment.

AWS Builder Community Hub

Digital integrity is possible only through the merging of people, process and technology into a holistic framework. Such an effort can be difficult without proper guidance. Fortunately, several of the Center for Internet Security’s Critical Security Controls (also known as the CIS Controls) can help. Organizations should pay particular attention to these security measures:

  • CIS Controls 3, 5 and 11 together help organizations continuously manage their vulnerabilities, harden critical endpoints and monitor for unexpected changes.
  • CIS Control 17 aids organizations in creating a security awareness training program for their employees that helps maintain skills and competencies.
  • CIS Control 6 supports organizations in their development of an audit log policy and implementation of proactive change management.

With those controls, businesses can abide by the following six steps to establish and maintain a profile of digital integrity.

Step 1: Establish a Configuration Baseline for Your Infrastructure

Organizations need to understand how their assets are configured. Towards this end, they can use CIS Controls 5 and 11 to create a configuration baseline that allows them to manage configurations, catalog acceptable exceptions and issue alerts for unauthorized changes. Enterprises should design that standard in such a way that it applies to all authorized endpoints.

Step 2: Determine the Critical Files and Process You Need to Monitor Your Baseline

With a baseline in place, organizations need to monitor it using their critical files and processes. They can apply CIS Controls 7-17 to refine their monitoring processes to include endpoint (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/6-steps-for-establishing-and-maintaining-digital-integrity/

July 8, 2018July 8, 2018 David Bisson configuration, Featured Articles, Integrity, Security Controls
  • ← How to Ensure Safety from Fraud Within Your Business
  • The Shared Security Weekly Blaze – Mobile App Data Leaks, The California Privacy Act, Third-party Gmail Access →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Tue 03

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

October 3 @ 11:00 am - 12:00 pm
Wed 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Mon 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Tue 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Wed 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Thu 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Tue 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm
Tue 24

Reporting From the Pipeline: The State of Software Security in DevOps

October 24 @ 1:00 pm - 2:00 pm
Thu 26

How to Shift Left the Right Way

October 26 @ 3:00 pm - 4:00 pm
Mon 30

Zero-Trust

October 30 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Building Your Incident Response Team
ZenRAT Targets Windows Users with Fake Bitwarden Site
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
‘All of Sony’ Hacked, Claims Ransomed.vc Group
Microsoft AI Researchers Exposed 38TB Private Info
What You Need to Know About the libwebp Exploit
Methods To Protect Yourself From Identity Theft
Long Live the Pwn Request: Hacking Microsoft GitHub Repositories and More
Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification
Enhancing Cybersecurity Investigations With Protective DNS

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

CISA Rolls Out a HBOM Framework to Secure Hardware Components
Cloud Security Cybersecurity Featured Industry Spotlight Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

CISA Rolls Out a HBOM Framework to Secure Hardware Components

September 29, 2023 Jeffrey Burt | 1 day ago 0
Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data
Cyberlaw Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight News Security Boulevard (Original) Spotlight 

Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data

September 28, 2023 Jeffrey Burt | 2 days ago 0
Xenomorph Android Banking Trojan Makes Landfall in US
Application Security Cybersecurity Data Security Featured Identity & Access Industry Spotlight Malware Mobile Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Xenomorph Android Banking Trojan Makes Landfall in US

September 26, 2023 Jeffrey Burt | 4 days ago 0

Top Stories

Federal Shutdown Raises Cybersecurity Risks, Experts Warn
Analytics & Intelligence CISO Suite Cybersecurity Featured Governance, Risk & Compliance Incident Response IoT & ICS Security News Security Boulevard (Original) Social - Facebook Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Federal Shutdown Raises Cybersecurity Risks, Experts Warn

September 29, 2023 Nathan Eddy | 1 day ago 0
National Cybersecurity Infrastructure Efforts Bearing Fruit
Analytics & Intelligence CISO Suite Cyberlaw Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Incident Response News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

National Cybersecurity Infrastructure Efforts Bearing Fruit

September 29, 2023 Nathan Eddy | 1 day ago 0
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps DevSecOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

September 28, 2023 Richi Jennings | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Book Podcasts’

Randall Munroe’s XKCD ‘Book Podcasts’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.