Set of Cyber Hygiene Practices
(minimum organizations should do)
-
Identify and prioritize key service, products and support assets
-
Identify, prioritize and respond to risks to key services and products
-
Establish network security and vulnerability monitoring
-
Establish an incident response and remediation plan
-
Conduct education and awareness activities
-
Control access based on least privilege
-
Manage technology changes and use standardized configurations and standards
-
Develop a process for software installation
-
Identify applications that aren’t used and disable
-
Keep an inventory of hardware and software
-
Upgrade aging infrastructure and systems
-
Patch immediately and regularly
-
Manage risks associated with suppliers, contractors and external dependencies
-
Back up data, keep multiple copies and secure process