1. Manage the IT assets
· Identify the assets in an environment and its life
· disable/restrict the vendor defaults
· define the patch cycle for firmware
· review the assets list regularly
2. Manage the software’s in an environment
· define a list of authorized software
· assess the environment for un-authorized software’s and remove it
· define the patch cycle for authorized software
· review the authorized software list regularly
3. Secure the access to an environment
· identify the access points to an environment
· restrict the access points with appropriate controls (physical, logical)
· review the access point controls regularly
4. Secure the endpoint
· document the endpoint configurations
· restrict the admin privileges at endpoint
· update/upgrade the endpoint regularly
· review the endpoint configurations regularly
5. Identify and address critical vulnerabilities
· assess the environment for vulnerabilities regularly
· patch the vulnerabilities as per patch cycle
6. Control the use of administrative privileges
· identify & document the admin access rights
· limit the admin access rights to the job tasks
· log the admin activities in detail
· review the admin activities regularly
7. Conduct the awareness trainings
· define the relevant awareness material
· provide the awareness trainings regularly
· assess the users for awareness