October is Cyber Security Month
IT@Sam is hosting a poster contest and a Cyber Security Awareness Panel Discussion. The Panel is sponsored by the IT@Sam Service Desk and will be held in the Mafrige Auditorium (Smith-Hutson Building Room 186) on October 19 from 3 – 4 p.m.
Members of the panel will include:
- Ann Holder, SHSU Copyright Officer
- Dr. Matt Nobles, Criminal Justice Assistant Professor
- Dr. Kristy Vienne, Assistant VP and Director of OneCard Services
- Dr. David Burris, Computer Science Professor
- Michael Lombard, U.S. Secret Service Agent.
Please stop by to ask your questions and take part in the discussion.
20 Critical Security Controls from the SANS Institute
Who is SANS?
From the SANS website:
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
20 Critical Security Controls
Excerpted from the article:
- Critical Control 1: Inventory of Authorized and Unauthorized Devices
- Critical Control 2: Inventory of Authorized and Unauthorized Software
- Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
- Critical Control 4: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- Critical Control 5: Boundary Defense
- Critical Control 6: Maintenance, Monitoring, and Analysis of Security Audit Logs
- Critical Control 7: Application Software Security
- Critical Control 8: Controlled Use of Administrative Privileges
- Critical Control 9: Controlled Access Based on the Need to Know
- Critical Control 10: Continuous Vulnerability Assessment and Remediation
- Critical Control 11: Account Monitoring and Control
- Critical Control 12: Malware Defenses
- Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 14: Wireless Device Control
- Critical Control 15: Data Loss Prevention
Additional Security Controls
The following sections identify additional controls that are important but cannot be fully automatically or continuously monitored to the same degree as the controls covered earlier in this document.