Set of Cyber Hygiene Practices
(minimum organizations should do)
- Identify and prioritize key service, products and support assets
- Identify, prioritize and respond to risks to key services and products
- Establish network security and vulnerability monitoring
- Establish an incident response and remediation plan
- Conduct education and awareness activities
- Control access based on least privilege
- Manage technology changes and use standardized configurations and standards
- Develop a process for software installation
- Identify applications that aren’t used and disable
- Keep an inventory of hardware and software
- Upgrade aging infrastructure and systems
- Patch immediately and regularly
- Manage risks associated with suppliers, contractors and external dependencies
- Back up data, keep multiple copies and secure process
