Thursday, February 21, 2019
  • Bob 1.0.1: CTF Walkthrough
  • Top 30 Information Assurance Analyst Interview Questions and Answers for 2019
  • Linux use-after-free vulnerability found in Linux 2.6 through 4.20.11
  • Google’s home security system, Nest Secure’s had a hidden microphone; Google says it was an “error”
  • CSPM for AWS: Monitoring Misconfigurations in IaaS

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
    • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » Rooted in Security Basics: The Four Pillars of Cyber Hygiene

Rooted in Security Basics: The Four Pillars of Cyber Hygiene

by David Henderson on November 26, 2018

The term “cyber hygiene” pops up frequently in articles, blogs and discussions about cybersecurity. But what does it really mean? Some say it is an ill-defined set of practices for individuals to follow (or ignore). Others say it is a measure of an organization’s overall commitment to security. Still others – and I am among them – think of “cyber hygiene” as simple, readily available technologies and practices for cybersecurity.

In reality, cyber hygiene is an overall approach to security within an organization. It includes people, tools, processes, procedures and reporting. Baselines, compliance, vulnerability management and log collection are four areas that are very important to cyber hygiene. Knowing what assets there are, how they are configured, what’s vulnerable, what’s changing, what’s failing, who’s doing what and having a log footprint to back it all up are some determining factors of having good cyber hygiene in place.

That being said, there’s good news and bad news. The good news is that organizations can use frameworks like the Center for Internet Security’s Critical Security Controls to fulfill these foundations of cyber hygiene. The bad news is that many organizations are currently not implementing these or other standards.

Indeed, in its survey of 306 IT security professionals for its State of Cyber Hygiene report, Tripwire found that nearly two-thirds of organizations didn’t use hardening benchmarks to establish a secure baseline. This neglect, in turn, negatively affects the quality of companies’ cyber hygiene in several respects:

  • More than half (57%) of respondents to Tripwire’s report said it takes hours, weeks, months or longer to detect new devices connecting to the corporate network.
  • 40% of organizations admitted that they don’t conduct vulnerability scans weekly or on a more frequent basis, and just half run more comprehensive scans.
  • The majority (54%) of survey participants (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Henderson. Read the original post at: https://www.tripwire.com/state-of-security/government/rooted-security-basics-pillars-cyber-hygiene/

November 26, 2018November 26, 2018 David Henderson Connecting Security to the Business, cyber hygiene, Data management, Federal, government, log management, patch management, security
  • ← Paris Call: A Missed Call or a Great Opportunity?
  • DevOps Chat: IoT Security with DigiCert’s Mike Nelson →
Featured Blog

Verodin Blog

Security Instrumentation for the Casino & Gaming Industry by Brian Contos

Verodin Blog

The Transformation of Talent & Technology by Kevin Morrison

Verodin Blog

Instrumenting Carbon Black with Verodin SIP

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Cybersecurity Issues in Mobile App Development
Trust Nothing if You Want Real Security
Password Security Fears Strong Among IT Pros
How the FFE’s Expansion to the U.S. Will Help Combat Financial Cyberattacks
Vote Now: 2019 Security Blogger Awards Finalists
LDAP for MSPs
Preventing Illegal Robocalls, Webcam Spying, Dating App Account Hacking – WB56
Introduction to Endpoint Management
Learn How You Can Get a Running Start with DevSecOps
US DoD Launches New AI Based Fire-Fighting Project In California

Upcoming Webinars

Tue 26

Reducing Risk of Credential Compromise at Netflix

February 26 @ 1:00 pm - 2:00 pm
Apr 01

Container Security: Securing from Within

April 1 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Automating Open Source Security: A SANS Product Review of WhiteSource

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

MFA: How to Eliminate Profile Fraud and Win the Fight for Consumer Trust
Identity & Access Industry Spotlight Security Boulevard (Original) 

MFA: How to Eliminate Profile Fraud and Win the Fight for Consumer Trust

February 21, 2019 Jean Shin | 6 hours ago 0
Failure to Plan: 3 Unexpected Security Challenges That Undermine Your CISO
CISO Suite Cybersecurity Industry Spotlight Security Boulevard (Original) 

Failure to Plan: 3 Unexpected Security Challenges That Undermine Your CISO

February 20, 2019 Stephen Moore | Yesterday 0
Password Security Fears Strong Among IT Pros
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Password Security Fears Strong Among IT Pros

February 19, 2019 Majid Latif | 2 days ago 0

Top Stories

Armorblox Applies AI to Prevent Data Loss
Analytics & Intelligence Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

Armorblox Applies AI to Prevent Data Loss

February 21, 2019 Michael Vizard | 1 hour ago 0
Security Startup Boldly Claims ‘No False Positives’
Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

Security Startup Boldly Claims ‘No False Positives’

February 20, 2019 B. Cameron Gain | Yesterday 0
Survey Finds Security Teams Betting on Machine Learning
Cybersecurity Data Security Featured Network Security News Security Boulevard (Original) Spotlight 

Survey Finds Security Teams Betting on Machine Learning

February 20, 2019 Michael Vizard | Yesterday 0

Security Humor

via  the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, Opportunity Rover

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.