Created on October 12, 2023
What are the requirments?
Below are the cyber essentials needed for a secure IT structure:
- Secure Configuration
- Security update management
- User access control
- Malware protection
// Five Technical controls
The majority of organisations are constantly running a form of communication between devices. These devices run network services, which allows this. Network services can be tapped into effortlessly, a way to combat this is a firewall. FFirewalls prevent unauthorised users access to services. This greatly benefits your organisation because cybercriminals would be deterred due to the levels of security.
// Firewalls - protect (a network or system) from unauthorized access with a firewall.
Requirements: Safeguarding all devices within an organisation should be the first priority. The following are the required standards that should be met:
- Change default passwords into strong passwords
- Monitor individuals who are accessing administrative interface
- Automatically block foreign inbound connections
- Tailor firewall rules to what your organisation finds essential & unessential
Every single electronic device within an organisation ought to configured. This reduces the chance of the device having any weaknesses that could be exploited. Also, it only allows the device to carry out the specific requirements set by the administrator.
// Secure Configuration - security measures that are implemented to reduce unnecessary cyber vulnerabilities
Requirements:The problem with just relying on deafault configuration is that unless checked there are backdoors for example, default passwords (which are the same for everyone). The following requirements should prevent this:
- Remove unnecessary accounts
- Change default passwords
- Uninstall any useless software
- Halt any actions which don't need permission
- Authenticate users before giving access
- Device unlocking is in place (limited password guess attempts)
<03>SECurity update managment
There is always a way to exploit an electronic device. Malicious individuals are on the constant lookout to find these weaknesses. One way to make sure there are no vulnerabilities is to update the system as soon as possible.
// Security Update Managment
Requirements:The follwoing requiremnts must be followed to eradicate any major or minor security issue.
- Device licensed supported
- Remove licesnse from devices when necessary
- Apply automatic updates (if applicable)
- Be up to date with all updates
The role of controling who has access to certain services must be taken seriously. Access is a huge responsibility, the users you grant access to must be authorised. Users should only be able to interact with what their specific needs are.
// User access control - dictates who's allowed to access and use company information and resources.
Requirements:These are the requirements for how to handle access controls:
- Authenticate users with username and passwords
- Disable inactive/old accounts
- Use multi factor authentification
- Make a seperate account for administrative access
- Give out the neccessary privileges and turn off ones which are not needed.
Malware can inflict an incredible amount of damage on your devices if you have no protection against it. Having protection, can stop malware from causing damage and from gaining any unauthorised access. In an organisation malicious emails with attachments are common.
// malware protection - cyber security solution that adds an extra layer of security to your computer to protect against cyberattacks.
Requirements:You must protect yourself against malware by following these measures:
- Have malware protection mechanism