FORUM
Our forum is designed for the community to talk about everything cybersecurity.
Forum
Welcome! Have a look around and join the discussions.
General Discussion
Share stories, ideas, pictures and more!
3Questions & Answers
Get answers and share knowledge.
0Information Protection Program
Processes should be in place to ensure confidentiality, integrity, and availability of sensitive data. This includes the
0Endpoint Protection
This refers to anti-virus/anti-malware configurations, firewalls, intrusion detection systems, software updates, patches
0Portable Media Security
This control domain includes mobile storage (e.g., USB drives, CD-ROMs, DVD-ROMs, backup tapes).
0Mobile Device Security
This covers requirements specific to laptops, smart phones and tablets.
0Wireless Security
This refers to all aspects of corporate and guest wireless networks but does not include protections for devices connect
0Configuration Management
This includes all aspects of configuration managementas well as environments used for development and testing.
0Vulnerability Management
This includes vulnerability scanning and patching, antivirus/anti-malware and network/host-based penetration detection.
0Network Protection
This includes all aspects of perimeter and internal network security.
1Transmission Protection
This includes web and network connections, such as those for VPN, email, and chat.
0Password Management
This covers specific issues around the use of traditional passwords.
1Access Control
This control includes all aspects of access control other than the use of traditional passwords.
0Audit Logging and Monitoring
This refers to controls for audit logging and monitoring.
0Education, Training, and Aware
This domain control is for the awareness campaigns, as well as the initial and continual education and training.
0Third-Party Assurance
This refers to all aspects of managing risk linked to third parties, such as vendors and business associates.
0Incident Management
These controls relate to incident monitoring and detection activities, incident response, and breach reporting.
0Business Continuity and DR
This covers all aspects of contingency, business continuity, and disaster recovery.
0Risk Management
This includes risk assessment, risk analysis, and other operations connected to risk management.
0Physical and Environmental
This domain includes physical and environmental security requirements for data centers and other facilities.
0Data Protection and Privacy
The final domain addresses the organization’s compliance and privacy program and related controls.
0