Tuesday, March 9, 2021
  • Secure Offboarding Best Practices
  • Stop Password Reuse by Going Passwordless
  • Ghidra 101: Loading Windows Symbols (PDB files)
  • Compliance – The Invisible Hand of Cybersecurity
  • Tradecraft Webinar: Secure and Effective Financial Crime Investigations

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » Rooted in Security Basics: The Four Pillars of Cyber Hygiene

Rooted in Security Basics: The Four Pillars of Cyber Hygiene

by David Henderson on November 26, 2018

The term “cyber hygiene” pops up frequently in articles, blogs and discussions about cybersecurity. But what does it really mean? Some say it is an ill-defined set of practices for individuals to follow (or ignore). Others say it is a measure of an organization’s overall commitment to security. Still others – and I am among them – think of “cyber hygiene” as simple, readily available technologies and practices for cybersecurity.

In reality, cyber hygiene is an overall approach to security within an organization. It includes people, tools, processes, procedures and reporting. Baselines, compliance, vulnerability management and log collection are four areas that are very important to cyber hygiene. Knowing what assets there are, how they are configured, what’s vulnerable, what’s changing, what’s failing, who’s doing what and having a log footprint to back it all up are some determining factors of having good cyber hygiene in place.

That being said, there’s good news and bad news. The good news is that organizations can use frameworks like the Center for Internet Security’s Critical Security Controls to fulfill these foundations of cyber hygiene. The bad news is that many organizations are currently not implementing these or other standards.

Indeed, in its survey of 306 IT security professionals for its State of Cyber Hygiene report, Tripwire found that nearly two-thirds of organizations didn’t use hardening benchmarks to establish a secure baseline. This neglect, in turn, negatively affects the quality of companies’ cyber hygiene in several respects:

  • More than half (57%) of respondents to Tripwire’s report said it takes hours, weeks, months or longer to detect new devices connecting to the corporate network.
  • 40% of organizations admitted that they don’t conduct vulnerability scans weekly or on a more frequent basis, and just half run more comprehensive scans.
  • The majority (54%) of survey participants (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Henderson. Read the original post at: https://www.tripwire.com/state-of-security/government/rooted-security-basics-pillars-cyber-hygiene/

November 26, 2018November 26, 2018 David Henderson Connecting Security to the Business, cyber hygiene, Data management, Federal, government, log management, patch management, security
  • ← Paris Call: A Missed Call or a Great Opportunity?
  • DevOps Chat: IoT Security with DigiCert’s Mike Nelson →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Zero-Trust in a Trusting World
Okta Acquisition of Auth0 Signals DevSecOps Shift Left
John McAfee Indicted for ICO Manipulation, Securities Fraud
Decentralizing Cloud Security Management
Three Top Russian Cybercrime Forums Hacked
The March IronNet Threat Intelligence Brief
Get authenticated, tamper-proof documents with a digital signing service
The Stats are in — and They’re Grim: Highlights of February’s Crop of Cybercrime Reports
Radware Named by Forrester a Leader in DDoS Protection

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Tue 30

Application Security in the Rapid Digital Transformation Age

March 30 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm
Apr 01

Pharma Drama: An Interactive Crisis Simulation of an Insider Threat

April 1 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

3 Hiking Principles That Made Me a Better CISO
CISO Suite Cybersecurity Industry Spotlight Security Boulevard (Original) 

3 Hiking Principles That Made Me a Better CISO

March 8, 2021 Jack Hamm | Yesterday 0
Decentralizing Cloud Security Management
Cloud Security Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 

Decentralizing Cloud Security Management

March 5, 2021 Michael Salleo | 4 days ago 0
A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | Mar 04 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | 4 days ago 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | Mar 02 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Mars Rovers’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.