Monday, March 1, 2021
  • Betting Big on Identity and Authentication
  • Social Media Risks Increasing in 2021
  • Fixing the “Human Error” Problem
  • We are living in 1984 (ETERNALBLUE)
  • BSides Calgary 2020 – Josh Sokol’s ‘Architecting For Security In The Cloud’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » 6 Steps for Establishing and Maintaining Digital Integrity

6 Steps for Establishing and Maintaining Digital Integrity

by David Bisson on July 8, 2018

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks perform their intended functions without degradation or impairment.

Digital integrity is possible only through the merging of people, process and technology into a holistic framework. Such an effort can be difficult without proper guidance. Fortunately, several of the Center for Internet Security’s Critical Security Controls (also known as the CIS Controls) can help. Organizations should pay particular attention to these security measures:

  • CIS Controls 3, 5 and 11 together help organizations continuously manage their vulnerabilities, harden critical endpoints and monitor for unexpected changes.
  • CIS Control 17 aids organizations in creating a security awareness training program for their employees that helps maintain skills and competencies.
  • CIS Control 6 supports organizations in their development of an audit log policy and implementation of proactive change management.

With those controls, businesses can abide by the following six steps to establish and maintain a profile of digital integrity.

Step 1: Establish a Configuration Baseline for Your Infrastructure

Organizations need to understand how their assets are configured. Towards this end, they can use CIS Controls 5 and 11 to create a configuration baseline that allows them to manage configurations, catalog acceptable exceptions and issue alerts for unauthorized changes. Enterprises should design that standard in such a way that it applies to all authorized endpoints.

Step 2: Determine the Critical Files and Process You Need to Monitor Your Baseline

With a baseline in place, organizations need to monitor it using their critical files and processes. They can apply CIS Controls 7-17 to refine their monitoring processes to include endpoint (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/6-steps-for-establishing-and-maintaining-digital-integrity/

July 8, 2018July 8, 2018 David Bisson configuration, Featured Articles, Integrity, Security Controls
  • ← How to Ensure Safety from Fraud Within Your Business
  • The Shared Security Weekly Blaze – Mobile App Data Leaks, The California Privacy Act, Third-party Gmail Access →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Sysdig Donates Module to CNCF to Improve Linux Security
New Lacework CEO Takes the Helm
Cybersecurity Threats on the Rise
Hacking for Dollars: North Korean Cybercrime
XDR: Next-Level Prevention and Detection
CPAC 2021 Open Display of Nazi Symbols
Analysis of an attack on automotive keyless entry systems
Using Insurance Data to Better Tackle Ransomware
Fintech Cybersecurity Trends in 2021
What’s Different About Data Security in the Cloud? Almost Everything.

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Betting Big on Identity and Authentication
Application Security Cloud Security Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Betting Big on Identity and Authentication

March 1, 2021 Raz Rafaeli | 2 minutes ago 0
XDR: Next-Level Prevention and Detection
Analytics & Intelligence Cybersecurity Endpoint Incident Response Industry Spotlight Security Boulevard (Original) 

XDR: Next-Level Prevention and Detection

February 25, 2021 Eyal Gruner | 4 days ago 0
Breach Clarity Data Breach Report: Week of Feb. 22
Cloud Security Cybersecurity Data Security Endpoint Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of Feb. 22

February 24, 2021 Kyle Marchini | Feb 24 0

Top Stories

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | 2 days ago 0
Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | Feb 22 0
SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs

February 19, 2021 Richi Jennings | Feb 19 0

Security Humor

via   the respected information security capabilities of   Robert M. Lee     & the superlative illustration talents of   Jeff Haas   at   Little Bobby Comics

Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘WEEK 318’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.