"First of all, you can use well-known information security standards. Ask yourself - to what extent does the organization comply with information security standards for its area? Perhaps you should develop a number of your own regulatory documents and security policies and then, using software to track compliance with standards, regularly check hardware and software. It is important to understand that if you cannot control the availability of updates and installed antivirus software on users' home computers, then this can potentially result in a big problem," believes Danila Egorov.
He also believes it is useful to restrict remote users' access to the company's information resources: "Before granting remote access to a user, it is important to make sure that he has the minimum necessary set of privileges and rights to those, and only those resources, that he needs for work, and you have a tool for tracking changes in user attributes. Monitoring changes in the infrastructure, security policies on network equipment, user rights and privileges on services will allow security administrators to competently assess the risks of remote access, as well as monitor the quality of its security."
Sergey Krivoshein believes that the assessment and bahrain mobile database of information security provision is the most difficult issue in corporate life, especially when switching to remote work. In his opinion, in establishing control over the state of information security, one can follow the path of fulfilling the requirements of various standards and recommendations and limit oneself to periodic verification of their compliance (audits). However, more and more companies today are switching to operational control, which requires operational data that can only be collected by a security incident monitoring and response center (SOC). SOC should help control critical business processes, assess the impact of supporting business processes on them (and remote access is precisely a supporting process), assess threats, their implementation channels, risks, and possible damage. Based on the data received in the SOC, control metrics are developed.
Quality control of remote access security
-
- Posts: 730
- Joined: Mon Dec 23, 2024 3:13 am