Best Practices for User Domain Compliance
The best practice is a leading technique, methodology, or technology that through experience has proved to be very reliable. Best practices tend to produce consistent and quality results. The following brief list of best practices is focused on the user and should be considered in the audit scope. These best practices go a long way to protecting users and the organization. These basic best practices are as follows:
-
Attachments—Never open an attachment from a source that is not trusted or known.
-
Encryption—Always encrypt sensitive data that leaves the confines of a secure server. That means encrypting devices like laptops and backup tapes. It also means encrypting sensitive data in transit such as email remote access.
-
Layered defense—This approach establishes overlapping layers of security as the best way to mitigate threats.
-
Least privilege—The principle of least privilege is a concept that says that individuals should only have the access necessary to perform their responsibilities.
-
Patch management—Be sure all network devices, including user desktops and laptops, have the latest security patches.
-
Unique identity—All users accessing information must use unique credentials that identify who they are. The only exception is accessed by the public to an organization’s publicly facing website.
-
Virus protection—Virus and malware prevention must be installed on everyone’s desktop and laptop.
-
Firecall-IDs—Limit administrator and elevated privileges until needed.
The patch management is an essential part of a layered defense. Even when you do everything right, there may be a vulnerability in the operating system. An effective patch management program will mitigate many of these risks.