Project Management

Project Management Central

Please login or join to subscribe to this thread

Topics: Requirements Management
Cybersecurity
What mechanisms are being implemented in projects to manage cybersecurity?
Sort By:
1) Security Audits . Develop a template to ask questions to the vendor on how they manage information security. How do they collect, store, retrieve and disseminate information.
2) Review your organization's own security policy . For example disallow any USB's that are not provided by the organization and encrypted.
3) Enforce strong password policies
4) Implement stronger web filtering and monitor what websites are being accessed by employees.
5) Implement Two factor authentication
6) Keep your operating system patches up-to date
7) Review your firewall rules
8) Restrict users from downloading their own software without the assistance from IT.
9) Lock down the Web Browser versions
10) Implement a Standard Operating Environment (SOE) on all the computers.
11) Conduct vulnerability scans on all your servers
12) Sign non disclosure agreements with all your vendors and suppliers
...
2 replies by Rami Kaibni and William Washinski II
Jan 17, 2018 6:13 PM
Rami Kaibni
...
Deepesh - You nailed it. Impressive summary - Cheers !
Jan 17, 2018 6:37 PM
William Washinski II
...
Great summary list.
Jan 17, 2018 5:25 PM
Replying to Deepesh Rammoorthy
...
1) Security Audits . Develop a template to ask questions to the vendor on how they manage information security. How do they collect, store, retrieve and disseminate information.
2) Review your organization's own security policy . For example disallow any USB's that are not provided by the organization and encrypted.
3) Enforce strong password policies
4) Implement stronger web filtering and monitor what websites are being accessed by employees.
5) Implement Two factor authentication
6) Keep your operating system patches up-to date
7) Review your firewall rules
8) Restrict users from downloading their own software without the assistance from IT.
9) Lock down the Web Browser versions
10) Implement a Standard Operating Environment (SOE) on all the computers.
11) Conduct vulnerability scans on all your servers
12) Sign non disclosure agreements with all your vendors and suppliers
Deepesh - You nailed it. Impressive summary - Cheers !
Jan 17, 2018 5:25 PM
Replying to Deepesh Rammoorthy
...
1) Security Audits . Develop a template to ask questions to the vendor on how they manage information security. How do they collect, store, retrieve and disseminate information.
2) Review your organization's own security policy . For example disallow any USB's that are not provided by the organization and encrypted.
3) Enforce strong password policies
4) Implement stronger web filtering and monitor what websites are being accessed by employees.
5) Implement Two factor authentication
6) Keep your operating system patches up-to date
7) Review your firewall rules
8) Restrict users from downloading their own software without the assistance from IT.
9) Lock down the Web Browser versions
10) Implement a Standard Operating Environment (SOE) on all the computers.
11) Conduct vulnerability scans on all your servers
12) Sign non disclosure agreements with all your vendors and suppliers
Great summary list.
Thank you Deepesh for sharing the steps to ensure cyber security.
Despite our best efforts cyber security breaches are inevitable and this has been proven so many times with so many firms/ organizations. The next strep should be to restrict the extent of breach and minimize data loss.
Deepesh, I believe you are 'spot on', technically. I mean to say that your list aims and strikes at the target of risk and risk mitigation. It defends and protects from a technical level. Might I add, the 'heart' of cyber incidents is malign agents (people) operating to cause damage albeit to a server, but aimed at other people. The one thing missing on your list is 'personnel training.' Not a boring half-hour CBT, but a sincere explanation of the threat employees face when they do not practice safe online practices.
Yes, Deepesh listed pretty extensively the mechanisms.

The changes on the projects i manage is the inclusion of one more person, role, "cybersecurity experts", who is accountable to guarantee the list is fulfilled by the solution designed for supporting the product/service, i.e. one more thread to manage.
I am experiencing and influx in questions about ransomware attacks. At this time, after review of several recent incidents here is the best advice. Increase the frequency of backups and be 100% sure it is stored offline on a portable drive that is encrypted.

Please login or join to reply

Content ID:
ADVERTISEMENTS

"There is not one wise man in 20 that will praise himself."

- William Shakespeare

ADVERTISEMENT

Sponsors

Vendor Events

See all Vendor Events