Rooted in Security Basics: The Four Pillars of Cyber Hygiene
The State of Security
The term “cyber hygiene” pops up frequently in articles, blogs and discussions about cybersecurity. But what does it really mean? Some say it is an ill-defined set of practices for individuals to follow (or ignore). Others say it is a measure of an organization’s overall commitment to security. Still others – and I am among them – think of “cyber hygiene” as simple, readily available technologies and practices for cybersecurity.
In reality, cyber hygiene is an overall approach to security within an organization. It includes people, tools, processes, procedures and reporting. Baselines, compliance, vulnerability management and log collection are four areas that are very important to cyber hygiene. Knowing what assets there are, how they are configured, what’s vulnerable, what’s changing, what’s failing, who’s doing what and having a log footprint to back it all up are some determining factors of having good cyber hygiene in place.
That being said, there’s good news and bad news. The good news is that organizations can use frameworks like the Center for Internet Security’s Critical Security Controls to fulfill these foundations of cyber hygiene. The bad news is that many organizations are currently not implementing these or other standards.