On the 25th of June, we will be guest speakers at the KVK Online session: software updates.

The session will take place online from 12:30 to 13:00 and is completely free.
Sign up directly here.

Keep your door closed to hackers

Every year, one in five entrepreneurs is a victim of cybercrime. For example through hacking, where criminals break into your computer. This is often done via vulnerabilities in non-updated software. Find out how software updates prevent hackers from exploiting these vulnerabilities.

Updates keep your software working properly and safe. Regularly and quickly updating your software prevents hackers from breaking into your computer. That way, they can’t steal your money or data. Or secretly install ransomware.

During this online session at KVK, we will really get into all of this. We discuss what exactly software updates are. And why it is important to install updates immediately. Especially when it comes to security updates. You will get tips on how to keep your systems up-to-date and where to start.

“Not installing updates is like walking around with a hole in your shoe. Nothing the matter when the weather is nice, but when it rains you’ll regret not just stopping by the shoemaker”

Marcel Krommenhoek

Do you have any questions during the broadcast? Then ask these live via chat.

For who is this session?

This online session is aimed at sole traders and small SMEs working on their digital security.

Preparation

Read up in advance so that you take in all the information during the online event even better. We recommend you read the following article:
Software updates: keep the door locked for hackers.

Attending the event

Sign up directly via this link and join this session.

For organizations striving for ISO 27001 certification, developing and implementing an integrated internal framework is a crucial step. This framework ensures that internal controls are seamlessly integrated into daily business processes, making them an essential part of the organization’s normal operations. But how do you tackle this and integrate existing control mechanisms?

What is an integrated framework for internal controls?

Let’s first define what we mean by an integrated framework for internal controls, before going into the integration of existing controls. This is basically a set of controls that are implemented in the business processes, incorporating them as an essential part of the daily activities of the organization.

Main frameworks for information security

Several frameworks are available to help organizations integrate controls. Some well-known examples are COSO, COBIT and ISO/IEC 27001. These frameworks provide guidance on identifying, implementing and maintaining effective internal control measures.

Approach to setting up an ISO 27001 framework

The approach to setting up an ISO 27001 framework largely follows the principles of COSO, with a strong focus on risk assessment and implementing policies, procedures and control activities. ISO 27001 certification focuses not only on implemented controls, but also on setting up an information security management system (ISMS).

Integration of existing control frameworks

For organizations that already have control frameworks in place, it’s important to integrate this framework with the requirements of ISO 27001. Full utilization of the existing framework is strongly recommended, as it minimizes effort and facilitates management acceptance.

Approach to integration

Make the most of what is already implemented in your organization

It is essential to make full use of the existing frameworks. It would be a shame to ignore the investments in the current control framework. It is advisable to use the ISO 27001 Annex A control set as a guide, considering all relevant controls and implementing them if applicable. Appropriate Governance Risk and Compliance tooling can also help you in putting the initial structure in place. This simplifies the performance, monitoring and reporting of control tasks and ensures unambiguous communication on controls.

Do a mapping based on a GAP analysis

By comparing the existing control framework with the ISO 27001 control set at the control test/supervisory level, GAPs can be identified. This simplifies the process of aligning existing controls with the ISO 27001 control set.

Filling in following your GAP analysis

Where the existing framework shows GAPs against the ISO 27001 control set, new controls should be defined and implemented. The aim is to ensure that all risks are adequately addressed by the control framework, this supports the functioning of the ISMS.

Management buy-in and the benefits of integration

Keeping the existing framework simplifies management acceptance and facilitates the integration of controls into business processes. Moreover, a GAP analysis at the internal testing/supervisory levels helps identify gaps in the information security policy and ISMS, enabling continuous improvement.

In conclusion, developing an ISO 27001-compliant integrated internal controls framework is a crucial step for organizations striving to achieve a high level of information security and certification in line with international standards. By integrating existing control frameworks and continuously striving for improvement, organizations can build a solid foundation for effective information security and risk management.

Need more information or help developing an ISO 27001-compliant integrated framework for internal controls?

Then contact us, no commitment necessary. At OpenSight, we are happy to help!

The NIS2 and several solutions to help you become compliant have been hot topic for a while now. The advice we’ve brought out is trustworthy, of course, but all that information can make the process a bit confusing. Want to keep track? Try deploying a GRC tooling to keep an overview and link the different solutions together in a logical way.

NIS2: the next European directive on cyber security

NIS2, the second European directive on the security of your network and information systems, sets stringent requirements for organizations managing critical infrastructure or providing digital services. It aims to increase resilience to cyber threats and minimize the impact of incidents.

For companies, compliance with NIS2 means not only meeting legal requirements, but also protecting digital assets, ensuring business continuity and preventing financial and image damage.

The role of GRC tooling

Governance, Risk & Compliance (GRC) tooling provides organizations with a structured approach to managing regulatory requirements, risks and compliance processes. These tools automate and streamline the audit process, allowing organizations to save time and resources while still complying with complex regulations such as NIS2.

The benefits of GRC tooling for your own NIS2 audit

• Centralization of data: GRC tooling provides a central repository for all relevant data related to cyber security and compliance, making it easier to manage, analyze and report data during an NIS2 audit.
• Automating processes: By automating audit processes, such as evidence collection, audit validation and report generation, organizations can improve efficiency and minimize human error.
• Risk management: GRC tools help identify, evaluate and manage risks that may affect NIS2 compliance. By addressing risks proactively, organizations can identify potential weaknesses and take corrective action before they become a problem.
• Compliance controls: GRC tooling provides built-in controls to ensure that organizations comply with the requirements of NIS2. These controls can be tailored to the specific needs of the organization and help demonstrate compliance during an audit.

GRC tooling makes it easier

NIS2 compliance is a complex and challenging task that many organizations have to face on top of their own activities, but with the right approach and tools, they can take the necessary steps to meet the requirements and establish a stronger cyber security culture. GRC tooling provides an integrated and structured approach to managing regulatory requirements and risks, allowing organizations to remain compliant while maintaining operational efficiency.

Cyberday.ai

Inspired by our blog? Take a look at the website of cyberday.ai, one of our partners. We have used this tooling to implement the various cyber security frameworks at multiple clients without losing overview. Want to know how OpenSight can support your organisation? That, of course, is possible too! Schedule a no-obligation appointment with us.

Supply chain security is a crucial part of cyber security that companies should not neglect. In the modern world, the supply chain represents a complicated network of interconnected systems, technologies and partners. This complexity makes it susceptible to cyber attacks that can cause significant damage to businesses, including the loss of sensitive information, intellectual property and financial consequences. In this blog, we will explore the significance of supply chain security for cyber security, discuss the risks associated with supply chain attacks and examine the measures companies can implement to strengthen supply chain security.

Associated risks

Supply chain attacks are becoming more frequent and pose a serious threat to businesses. These attacks target a company’s supply chain partners, such as suppliers, subcontractors or third-party service providers, to gain access to their systems and data. Once the attacker has gained access to the partner’s systems, this can be exploited to penetrate the target company’s systems and steal sensitive data or disrupt business operations.

Risks and impact of cyber attacks in the supply chain

• Data theft: Cyber criminals can steal valuable information such as customer data, trade secrets and intellectual property from partners, which can cause serious financial damage and loss of reputation for the company.
• Ransomware attacks: Hackers can install ransomware on supply chain partner systems encrypting data and demanding a ransom for release. If the company depends on this partner for its operations, the ransomware attack could cause significant disruptions.
• Business interruption: Cyber attacks on partners can lead to disruptions in business operations, resulting in significant financial losses and reputational damage.

The crucial role of supply chain security in cyber security

It is an integral part of cyber security as it relates to protecting the entire ecosystem of suppliers, partners and service providers a company relies on for its operational processes. A cyber attack on any of these parties can have serious consequences, including loss of customer data, reputational damage and legal liability. Moreover, many companies today use cloud-based services, which increases the risk of cyber attacks on the supply chain. Because cloud service providers are responsible for managing infrastructure, data and applications, a security incident in their systems could potentially impact all businesses that depend on their services.

Effective risk management and trust building in supply chain security

By taking a proactive approach to supply chain security, companies can effectively manage the risks that can affect their organization. This includes strengthening relationships with suppliers and partners, as well as developing a clear understanding of each other’s security needs and responsibilities. This allows companies to recognize early warning signs of potential incidents that could affect the organisation and identify potential dependencies on specific suppliers. Moreover, companies with strong cyber security frameworks increase their chances of winning supplier contracts, especially those from the government where security requirements are often mandatory. By implementing a solid security structure and regularly assessing and auditing supply chain partners, companies can ensure that they and their partners meet the required security standards. This helps build trust with customers and stakeholders, while at the same time reducing the risks of supply chain attacks.

Strategies for improving supply chain security in companies

To strengthen supply chain security, companies can take the following measures:

1. Conducting a risk assessment: identification and evaluation of risks associated with supply chain partners, including assessment of security measures, vulnerabilities and potential impact on business operations.
2. Implement a security framework: Establish a framework of standards for supply chain partners, setting requirements for access management, incident response and security awareness training.
3. Monitoring supply chain partners: Regular monitoring of supply chain partners for security breaches and anomalies, including establishing a process for reporting and responding to security incidents.
4. Conduct regular audits: Periodic audits of supply chain partners to ensure compliance with the established security framework, including vulnerability assessments and penetration tests.
5. Consider cyber insurance: Consider cyber insurance for financial protection in case of a cyber attack on supply chain partners, including coverage of data recovery costs, legal expenses and reputational damage.

Collaboration is Key

Supply chain security is a crucial part of cyber security that should not be overlooked by companies. With the increasing complexity of the supply chain ecosystem and the rise of cloud-based services, the risk of cyber attacks on the supply chain is higher than ever. By implementing a robust security framework, monitoring supply chain partners and conducting regular audits, companies can strengthen supply chain security and protect themselves from the devastating effects of supply chain attacks.

the OpenSight 10 new year’s cyber security resolutions

During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:

• The company’s digital assets.
• Are my colleagues engaged and aware of cyber security?
• Are our company assets under control?
• Architecture focused on security and the business.
• How to keep vulnerability management in order?
• Who’s that? And what is he doing here?
• How do we protect digital assets?
• Is this normal behavior and does it happen more often?
• Preparation is key!
• Is there a weak link in my supply chain?

With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.

Want to know more?

Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!

Cyber security incident management involves a structured process of detecting, analysing, responding to and recovering from security incidents. The main goal is to minimize the impact of attacks and quickly restore to a normal operational state. The process includes detection, evaluation, containment, forensic investigation and implementation of improvements to prevent future incidents.

Proactive planning and response to cyber incidents within the organization

Proactively planning the response to cyber incidents is crucial to minimize their impact within the organization. This includes identifying potential cyber threats and vulnerabilities, creating a response plan with clear roles and responsibilities for different teams. How to communicate internally should be considered, but certainly also how to communicate externally. Regular training and exercises to ensure that all involved know how to act in the event of a cyber incident is also an important part. Through this preparation, organizations can strengthen their resilience to cyber threats and ensure a quick and effective response when an incident occurs.

The crucial role of incident management in cyber security

Incident management is an essential part of cyber security where organizations are assisted in detecting, responding and recovering from cyber incidents. Here are some of the benefits of incident management in the context of cyber security:

• Fast detection: Effective incident management allows organizations to quickly identify potential security incidents using automated tools, monitoring systems and threat intelligence.
• Rapid response: An incident management plan enables organizations to respond quickly to cyber incidents, limit the damage and prevent further spread of the attack.
• Minimal impact: Incident management helps minimize the impact of a security breach through a systematic approach to identify, contain and recover from the incident.
• Reducing downtime: A well-executed incident management plan can minimize downtime due to a security breach, allowing the organisation to return to normal operations faster.
• Reputation preservation: Cyber security incidents can seriously damage an organization’s reputation. Incident management helps organizations respond proactively and effectively to incidents, which can help maintain their reputation and customer trust.
• Regulatory compliance: Many regulations require organizations to have a robust incident management plan. Implementing such a plan can help organizations comply with regulations.

Incident management is a fundamental part of cyber security that supports organizations in preparing for, detecting and responding to security incidents. It allows organizations to mitigate the consequences of such incidents and act effectively.

Optimizing incident management in cyber security: collaboration, training and continuous improvement

Collaboration and coordination for effective incident management: Effective incident management requires seamless collaboration and coordination between various teams including IT, security, communications, legal and human resources. Clear roles, responsibilities, communication channels and escalation procedures are essential to ensure an efficient incident response.

Involvement of relevant department: When creating cyber incident response plans, it is crucial to involve relevant stakeholders, including IT security staff, legal and HR personnel, PR representatives, and suppliers/vendors.

Right connections for effective incident management: For effective incident management, it is important to integrate incident response plans with disaster recovery, business continuity and crisis management plans, and to have the necessary capabilities in place.

Clear roles and responsibilities: Everyone’s roles and responsibilities should be clearly defined and understood, with appropriate training for those involved. Specific individuals or incident managers should be designated and authorized to manage incidents with clear terms of reference for decision-making.

Detection methods and reporting: Methods of detection such as logging and monitoring, staff or third-party reporting and escalation criteria should be precisely defined.

Regular tabletop exercises: Regular tabletop exercises include simulated scenarios in which the response team discusses their roles and responsibilities and the steps they would take to manage the incident. These exercises help identify gaps in the plan and promote communication and cooperation among team members.

Simulation training for realistic testing: Simulation training mimics real incidents and allows the response team to test their capabilities and processes in a realistic environment. This can identify areas for improvement in the plan.

Supplier and partner involvement: Given possible third-party involvement in cyber security incidents, it is important to include suppliers and partners in the response plan exercises. This ensures awareness of the plan and effective actions by all involved.

Documentation of results and continuous improvement: Documenting results for each exercise facilitates identification of areas for improvement and records progress. Use these insights to continuously improve and update the response plan in line with new threats and risks.

Importance of incident management for business continuity

Essentially, incident management is an indispensable process for any organization looking to reduce the impact of disruptions and ensure business continuity. By being prepared, having a plan and executing it effectively, organizations can respond to incidents quickly and effectively, minimizing the impact on operations and reputation.

the OpenSight 10 new year’s cyber security resolutions

During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:

• The company’s digital assets.
• Are my colleagues engaged and aware of cyber security?
• Are our company assets under control?
• Architecture focused on security and the business.
• How to keep vulnerability management in order?
• Who’s that? And what is he doing here?
• How do we protect digital assets?
• Is this normal behavior and does it happen more often?
• Preparation is key!
• Is there a weak link in my supply chain?

With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.

Want to know more?

Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!

At a time when cyber threats are constantly evolving and your digital assets are of increasing value, it is vital that organizations implement next-generation security measures. This has been the reason for us to set up collaborations with our partners Crowdstrike, Zscaler and OKTA. For us, the seamless integration between these partners provides a strong solution for protecting your digital assets without having a huge impact on your important employee experience.

Crowdstrike: Next-Generation Endpoint Protection

Crowdstrike is at the forefront of endpoint protection, detecting, investigating and neutralizing advanced threats. With advanced features such as machine learning and behavior analytics, Crowdstrike offers a proactive solution against malware, ransomware and other cyber threats. Integrating OKTA with Crowdstrike allows organizations to dynamically adjust endpoint access policies based on user and hardware managed by OKTA, strengthening security and reducing the risk of breaches.

Zscaler: Your Zero Trust exchange

Zscaler is a cloud-native zero trust platform for network security that helps organizations provide secure and compliant internet access for all users, wherever they are in the world. With zero trust networking and advanced threat intelligence, Zscaler provides protection against malware, phishing and other Internet threats. By integrating OKTA with Zscaler, organizations can strengthen access control to Internet resources based on user identity and contextual information, improving protection against external threats.

OKTA: Identity and access management

OKTA is known as a pioneer in identity and access management (IAM), enabling organizations to ensure secure access to their applications and data. With OKTA, companies can manage identities, enforce access policies and implement authentication on a comprehensive platform. By integrating OKTA with Crowdstrike and Zscaler, organizations can manage access to corporate assets based on contextual information, such as device status, user location and behavior, increasing overall security.

Benefits of integration between our partners

The integration between OKTA, Crowdstrike and Zscaler offers numerous advantages for organizations in terms of security and operational efficiency:

• Enhanced security: By integrating identity and access management with endpoint and network security, organizations can implement a more layered and context-aware approach to security, strengthening overall protection.
• Increased operational efficiency: The integration enables organizations to streamline and automate security policy management, leading to simplified operational processes and reduced costs.
• Improved user experience: Integration allows organizations to provide a seamless and secure user experience, where users can easily and securely access the resources they need, regardless of their location or the device used.

In short, the integration between OKTA, Crowdstrike and Zscaler provides a powerful solution for advanced security management, enabling organizations to effectively protect their digital assets from an increasingly complex threat landscape. By leveraging the integration between these partners, companies can build a robust and resilient security infrastructure that enables them to move forward with confidence in this digital age.

We at OpenSight have joined these partners to use our innovative technology to prepare our customers for the digital future. OpenSight can therefore help advise, implement, train and maintain these partners. Want to know more? Feel free to make an appointment with us!

By designing systems with attention to detection, investigation and response to incidents, an organisation can respond more quickly and decisively. To do this, you need robust logging and security monitoring. It increases visibility and ensures that the chances of something happening out of sight remain low.

For effective detection and investigation of incidents, it is crucial to have a security monitoring strategy in place. This means active analysis of logs and other data sources to identify patterns or behaviors that may indicate a security incident. By monitoring systems in this way, potential threats can be recognized and responded to quickly, minimizing the impact of security incidents.

In addition to monitoring, it is essential to have incident response procedures in place. This includes defining roles and responsibilities, setting up communication channels and creating a plan. This allows an organisation to manage security incidents and gives clear direction to everyone involved in handling the incident. These procedures allow a quick response to incidents and minimize the impact on systems and the organization.

The importance of cyber security logging and monitoring

• Improved visibility: Qualitative logging provides an overview of system activity and usage, enabling a better understanding of how systems are utilized and identifying potential security risks.
• Early detection of threats: Monitoring allows proactive analysis of logs and other data sources to detect patterns or behaviors that may indicate a security risk. This makes it possible to detect and respond to incidents before they escalate.
• Extra layer of protection: Security monitoring adds an extra layer of protection to systems and acts as an early warning system for potential security incidents. It also helps in staying ahead of constantly changing threats.
• Effective incident response: By actively monitoring systems via logging, early signs of intrusion can be responded to quickly, before they can cause significant damage.

Targeted logging and monitoring in security strategies

• Understand the objectives: It is crucial to understand the objectives when implementing logging and monitoring. Consider the context of the system, existing threats and available resources so that appropriate monitoring levels can be determined.
• Adapt the monitoring strategy: Tailor monitoring strategies to the specific needs of the organisation. Frequent cyber attacks may require investment in sophisticated SOC services, while organizations with limited resources may simply collect logs in case of a data breach or leak.
• Responding to incidents: Regardless of the monitoring level chosen, the capacity to respond to incidents should be a top priority. Collecting logs and other crucial data during an incident is essential for effective response.
• Proactive and vigilant: The key word for successful logging and monitoring is to be proactive and vigilant. By reviewing and adapting practices regularly, organizations can anticipate emerging threats and respond quickly to security incidents.

Effective practices for log management in incident response

1. Quick access: Ensure knowledge of the location of stored logs and ensure appropriate access rights to quickly search relevant log data during an incident.
2. Storage policy: Ensure logs are kept long enough to answer questions that arise during an incident. The retention period may vary by source, taking into account factors such as storage costs and the availability of different data types.
3. Frequency:By implementing frequent checks of your log systems, you can rely on capturing the necessary data in your logs.
4. Protection: Protecting logs from tampering is crucial to ensure accurate recording of events. Implement measures to prevent unauthorized access and changes to maintain reliable logs.

Improving security incident detection and response via integration of previous incident insights into logging and monitoring solutions

Integrating insights from previous incidents into logging and monitoring solutions is crucial to identify gaps in the strategy. This improves the ability of systems to detect and respond to security incidents. Analysis of previous incidents provides valuable information on attack patterns and tactics, which can be used to refine surveillance and response capabilities. Incorporating these insights into surveillance solutions strengthens overall security and minimizes the impact of future incidents.

the OpenSight 10 new year’s cyber security resolutions

During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:

• The company’s digital assets.
• Are my colleagues engaged and aware of cyber security?
• Are our company assets under control?
• Architecture focused on security and the business.
• How to keep vulnerability management in order?
• Who’s that? And what is he doing here?
• How do we protect digital assets?
• Is this normal behavior and does it happen more often?
• Preparation is key!
• Is there a weak link in my supply chain?

With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.

Want to know more?

Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!

In today’s digital age, it is essential to secure data against unauthorized access, manipulation or deletion. This requires the implementation of security measures for both the transport and storage of data. Good examples are measures such as encryption, zero-trust principles, as well as taking end-of-life measures such as careful disposal of information. In addition, it is crucial to protect systems from the growing threat of ransomware attacks. In this blog, we discuss the principles around securing data through isolation, zero-trust to offline backups. This blog offers insight into how organizations can implement a comprehensive data security framework.

Benefits of data security

Ensuring data security is essential to prevent sensitive information from falling into unauthorized hands and to protect against potential threats such as hackers or malware. Ensuring that data can be restored quickly in case of failures or outages increases resilience. The unavailability of data due to, for example, a virus attack or server failure can have a huge impact on the organization’s core processes By making regular backups and storing them in a secure location, access to crucial data can be quickly restored even if the original data is lost. It is also important to secure old or reused storage media to prevent sensitive information from falling into the wrong hands, even after disposal.

Best practices for protecting your digital assets

• Identify risks: It is essential to ensure effective data protection by identifying risks and implementing appropriate security measures. Start by taking stock of the data present, storage locations and sensitivity of the data. Centralize data where possible and avoid storing redundant information. If replication or caching of data takes place, make sure all copies are adequately protected. Distributed data, such as files on user desktops, can be harder to manage and easier for attackers to find.
• Secure, encrypted and authenticated access for data security: Guarantee proper protection of data in transit by using secure, encrypted and authenticated access. By applying zero-trust principles, each access request is verified and the action to be taken is determined based on the content of the information. By centralizing access policies, network security and authentication, you reduce the attack surface and thus the risk. Even if information is stored, it should be secured. Use file encryption and Information Rights Management (IRM), to secure the most critical data. Make sure this happens at all sites (On-Prem, Cloud or SaaS).
• Standardized cryptographic algorithms for data security: For effective data protection, it is crucial to use current standardized cryptographic algorithms. Old or non-standardized algorithms offer less protection and may provide a false sense of security. Ensure that certificates and keys are protected against unauthorized access.
• Define data security interfaces: Develop data security interfaces that allow access to sensitive information and expose only the necessary functionality to minimize the risk of misuse by attackers. Limit access to bulk datasets and only allow users to perform arbitrary queries on sensitive datasets if there is a legitimate business need and this is carefully controlled.
• Provide a central security solution: In today’s landscape where organizations use many different platforms and where location-independent working has become the standard, measures must also evolve with them. It therefore makes sense to arrange information accessibility through a centralized solution, allowing security and access policies to be harmonized across all platforms.

Best practices for effective data backups

Besides securing the legitimate use of information, it is also necessary to protect data through backups. A backup is a backup copy of the information on an independent medium. Taking snapshots is a nice mechanism to quickly restore information, but it differs from backup in that there is dependence on the source data. A solid data backup strategy is an essential risk mitigation measure.

1. Identify critical data for business operations and make sure it is backed up regularly. Both of business data and of all configuration data needed for the optimal operation of business systems.
2. Store multiple copies of important files in different locations. Provide at least 3 copies of the data spread across 2 different devices, with at least 1 copy kept in a remote location.
3. Keep an offline backup separate from the internal network or use a specially designed cloud service. Restrict access to credentials and servers used for backups to prevent attackers from targeting the backups.
4. Keep backups over a period of time instead of just one recent backup. This provides extra protection in cases where a virus or system damage goes undetected until the backup is overwritten.
5. Test backups regularly to ensure they are effective and reliable. Make sure you are familiar with the process of restoring files from a backup before this is actually needed.
6. Minimize the risk of reinfection when restoring data from backups by reinstalling executables from trusted sources, rather than restoring them directly from the backup. Make sure operating systems and application software are up-to-date on the target systems and scan files with up-to-date anti-virus software before restoring.

Reuse, disposal and destruction of storage media: sound policy and practical implementation

It is crucial to have sound policies in place for the proper handling of data and data no longer in use. This policy should cover the reuse, repair, disposal and destruction of all storage media and devices capable of storing data, including peripherals. Ensure that unnecessary data and records are securely and permanently deleted. Failure to sanitize storage media increases the risk of data breaches, which can result in damage to the organisation. When buying equipment, it is essential to consider the costs and effort involved in rehabilitating storage devices and/or media when they are no longer needed. In some cases, destruction is the only option. Remember to remove any labels or markings referring to the nature of the data before destroying the device. It is important to regularly check and test the procedures and equipment for decontamination and destruction to ensure they are effective and comply with applicable laws and regulations.

the OpenSight 10 new year’s cyber security resolutions

During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:

• The company’s digital assets.
• Are my colleagues engaged and aware of cyber security?
• Are our company assets under control?
• Architecture focused on security and the business.
• How to keep vulnerability management in order?
• Who’s that? And what is he doing here?
• How do we protect digital assets?
• Is this normal behavior and does it happen more often?
• Preparation is key!
• Is there a weak link in my supply chain?

With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.

Want to know more?

Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!

In today’s highly connected world, businesses increasingly rely on technology and data. This dependency has increased the threat of cyber attacks and data theft. ‘Identity and Access Management’ (IAM) is a crucial approach to prevent such security incidents. This blog explores the fundamentals of IAM and highlights its importance in the context of cyber security.

What is identity- and access management?

Identity and Access Management (IAM) concerns managing digital identities and regulating access to resources within an organization’s network. It ensures that authorized persons have access to relevant information at the right time, while unauthorized users are prevented from reaching sensitive data. IAM comprises several components, including authentication, authorization and user management.

The identity and access management process, or IAM process, includes the following steps:

• Identity provisioning: The first phase of the IAM process involves the creation of digital identities for employees, partners and customers. This involves collecting data such as a name, e-mail address, function and role.
• Authentication: Next, user identity is verified through mechanisms such as passwords, biometrics or multi-factor authentication (MFA).
• Authorization: After identity verification, access to resources is granted based on the user’s role and responsibilities within the organization. In this phase, users are granted permissions and privileges.
• Monitoring and reporting: The final stage of the IAM process involves monitoring user activity and generating reports on access and usage. This step detects possible anomalies or suspicious activity that may indicate a security breach.

The importance of identity- and access management in cyber security

IAM plays a vital role in ensuring the security of an organization’s network and data. Some of the reasons why IAM is vital for cyber security are:

• Enhanced security: IAM contributes to increased security levels by maintaining strict control over access to sensitive information, minimizing the risk of data breaches and security incidents.
• Compliance: IAM supports organizations in complying with various regulations, such as HIPAA, PCI DSS and GDPR. It ensures measures to protect sensitive data and limits access to authorized users, which is crucial to meet compliance requirements.
• Increased efficiency: IAM improves operational efficiency by automating the process of creating and managing digital identities. This reduces the workload of IT teams and speeds up the accurate granting of access.
• Cost savings: IAM helps organizations save costs by reducing the risk of security incidents and data breaches, resulting in the avoidance of costly legal proceedings, fines and reputational damage.

So, what do you need to do for identity and access management?

• Develop appropriate policies and procedures: To ensure secure access to systems and data, it is essential to formulate appropriate identity and access management policies and procedures. The policy should clearly define which persons have access to what resources, for what purpose and under what circumstances. Different categories of users, such as full-time and part-time employees, contractors, volunteers, students and visitors, should be considered.
• Guidelines for obtaining audit records: The policy should include specific guidelines for obtaining audit records, including measures to protect them from tampering. It should also address the identification of processes to be performed or authorized by multiple people. A key point is that the policy should apply not only to systems directly under the organization’s control, but also to all locations where the organization’s identities are used.
• Single Sign-On (SSO): Implementing organizational identities for online services is crucial to manage access to these services and revoke this access when an individual leaves the organization. Temporary accounts created for testing processes should be deleted or suspended as soon as they are no longer needed.

Multi-factor authentication to improve security of privileged accounts

To increase user account security, it is vital to consider multi-factor authentication (MFA) for all user accounts. It is crucial to select authentication methods that are proportionate to the risk and consistent with users’ natural ways of working. When implementing MFA, there should be considerations for user-to-service, user-to-device and device-to-service authentication.

• Multi-factor authentication (MFA): is essential for all online service accounts to provide protection against password guessing and theft. Users should have the option to choose from different self-authentication factors, such as SMS or e-mail messages, biometrics or physical tokens, as no single method is suitable for everyone or all environments and devices.
• A password policy: should be user-friendly and strike a balance between ease of use and security. The aim is to minimize the number and complexity of passwords to remember, for example by using single sign-on or allowing password managers. In this way, users are discouraged from unsafe practices such as reusing passwords, choosing easy-to-guess passwords or writing them down.
• Technical security measures: such as Multi-factor Authentication (MFA), setting account restrictions or blocks, monitoring suspicious behaviour and preventing the use of weak or exposed passwords, should be implemented. It is essential to protect references appropriately, both at rest and during transfer, to ensure overall safety.

In essence, considering multi-factor authentication for all user accounts, selecting appropriate authentication methods, implementing password policies and applying technical controls are fundamental steps to strengthen user account security. These measures help reduce the risk of unauthorized access and protect sensitive data for organizations.

the OpenSight 10 new year’s cyber security resolutions

During the OpenSight 10 new year’s cyber security resolutions, we will publish a blog each week about each of the ten resolutions as listed below:

• The company’s digital assets.
• Are my colleagues engaged and aware of cyber security?
• Are our company assets under control?
• Architecture focused on security and the business.
• How to keep vulnerability management in order?
• Who’s that? And what is he doing here?
• How do we protect digital assets?
• Is this normal behavior and does it happen more often?
• Preparation is key!
• Is there a weak link in my supply chain?

With these 10 new year’s resolutions, we at OpenSight hope to give you some insight regarding the ten steps you could take to decrease the chance and impact of an incident.

Want to know more?

Be sure to keep an eye on our blogs where, following these Cyber Security resolutions for 2024, we will cover all 10 topics in detail. Follow us on LinkedIn to be the first to know about all our updates!