12 Security

 

This chapter covers

  • Important considerations for securing your enterprise
  • Developing with security in mind
  • Crisis management in the midst of an attack or breach
  • Recognizing when a dedicated CISO (Chief Information Security Officer) is required

Security is one of those areas that, if done properly, looks effortless and easy. If done poorly, however, like doing the minimum to tick a box, it gets in the way. Some organizations, on the face of it, have great security, but scratch the surface, and you’ll discover that they have left the key under the mat, digitally speaking. Security is a seductive force—the longer you go without any sort of incident, the more you can convince yourself into believing you run a secure environment, not unlike thinking your house is fireproof because it hasn’t suffered a fire.

There is no doubt that layering in security at the end creates a lot of work and takes a concentrated effort to get right, with much disruption. That said, you can do a lot to secure an existing platform even if you have made no real effort to build it in from the start. In this chapter, we will go over some of the steps you can take to make significant progress to create a secure environment.

12.1 Patching

12.1.1 Identify patches

12.1.2 Scheduling

12.1.3 Special considerations

12.2 Penetration testing

12.3 Social engineering

12.4 Data leakage

12.4.1 Logging

12.4.2 Application errors

12.4.3 Data exports

12.4.4 Version control

12.5 Password rotation

12.5.1 System credentials tracking