1. Establish and define business requirements for security and compliance
- What is the organizational structure and who are the stakeholders for security?
- What products, services and data need to be protected?
- What policies and procedures need to be in place?
- What are the regulatory obligations?
2. Identify critical assets and evaluate/baseline the security posture of those assets
- Discover where important information is stored, processed and transmitted.
- Determine business criticality of those assets and prioritize what needs to be protected first.
- Assess the security and compliance posture, identifying inherent risks of those assets.
- Prioritize the closure of security and compliance gaps found during the assessment stage.
3. Harden the attack surface and make it difficult for attackers to compromise
- Establish and test policies, procedures and configurations to minimize risk.
- Develop and implement a security awareness training program for all employees.
- Protect the identities of your employees and prevent stolen credentials.
- Automate the detection, prevention and remediation of threats to critical assets.
4. Take a proactive approach to security and compliance management
- Leverage threat intelligence to proactively stay ahead of threats.
- Develop and implement a threat detection and response practice (SOC).
- Continuous visibility, monitoring and insights into the security and compliance posture.