shutterstock_669226159.jpg

Security Maturity Model Appendix

LEVEL 1

Antivirus - Software used to prevent, scan, detect and delete viruses and malware from your devices. This is the first line of defense against breaches.

Spam Filtering - Detecting unwanted and virus-infested email (spam) to stop it from reaching your inbox, protecting your employees and your network.

DNS Filtering - Blocking malicious websites or content and allows your organization to restrict access to inappropriate material from your internal network. This only applies to Windows Devices

Enforced Password Policy - Ensures all employees maintain strong and varied passwords on internal applications to limit your chances of a breach.

Data Protection Solution - Timely, reliable and secure backup of your data to either a cloud or onsite appliance

Basic MFA - Multi-factor Authentication goes beyond a strong password to add another validation method for users accessing your internal network and applications. The most basic versions of MFA are text message codes or simple authenticator apps.

Business Class Firewall - An appliance that monitors inbound and outbound internet traffic and removes malicious communications while allowing valid traffic to flow easily.

SECURITY STARTER

LEVEL 2

Corporate Controlled MFA - Adds another level of protection beyond basic MFA and provides authentication support for cloud applications, VPN’s, Remote Desktop sessions and more.

Security Awareness Training - An education program that equips your employees with the information they need to protect themselves from human-targeted attacks such as phishing and account takeovers.

Advanced Endpoint Detection - Identifies potential threats as early as possible and targets hidden bugs that sneak past traditional antivirus tools and sit on your network.

Microsoft 365 Hardening - Ongoing security changes and preventative maintenance of your Microsoft 365 corporate accounts to ensure optimal security settings are established and practiced.

Firewall with Advanced Filtering - A more advanced firewall that allows you to filter certain types of content on your network, adds another layer of Antivirus onto your network, and enables Intrusion Detection giving you another method of reporting.

Mobile Drive Encryption - Gives you the ability to encrypt your machines’ hard drives to fight against data or identity theft should any of your devices be stolen.

MFA Enforced on Public Apps - A critically important policy that adds a layer of prevention onto all of your public-facing applications, limiting the most common method of attack in today’s security landscape.

SECURITY PRACTITIONER

LEVEL 3

Vulnerability Scans - An application that creates an inventory of all the systems on your network, and then runs tests on the inventory to detect any known vulnerabilities highlighting problem areas and alerting you of red flags.

Annual Security Assessments - A yearly review of all of your security systems and standards to ensure that your network security is up to date and meeting your expectations.

Dark Web Scans - A service that searches the dark web for any stolen usernames, passwords, credit card numbers, or social security numbers associated with your business that are listed for sale.

Advanced DNS Filtering - Similar to normal DNS Filtering, but gives you extra visibility into your servers and non-Windows devices such as smart phones and tablets. Also goes beyond traditional filtering by allowing you to pinpoint the exact device causing issues on your network.

Network Segmentation - The practice of splitting a network into smaller parts in order enforce policies to restrict access to more sensitive data such as financial or employee information. Segmentation also limits how far a potential attack can spread throughout your network.

Data Loss Prevention - A software that detects potential data breaches or ex-filtration transmissions and prevents them by monitoring your sensitive data and identifying any policy violations.

SECURITY INVESTOR

LEVEL 4

SIEM Log Management - An extremely valuable tool that helps monitor activity on your network, manage security events, and identifies weaknesses before a breach can occur. The biggest advantage of a SIEM is that it provides you with a wide wholistic view of your company’s security in real-time.

Security Operations Center - A centralized team that deals with security issues on an organizational level. This team is comprised of security experts that deal specifically with detecting and responding to security incidents when they occur, and help prevent breaches from occurring in the first place.

Intrusion Detection - “A software application that watches networks for suspicious activity or policy violations. Any intrusion activity automatically gets flagged and reported back to your SIEM software.”

Penetration Testing - A simulated cyberattack on your network meant to evaluate how vulnerable your network would be in the event of a real attempted breach.

Mobile Device Management - The administration of mobile devices like smart phones and tablets within your network. MDM is usually done in the form of a 3rd party app that allows additional management features and limits any employee-owned devices from exposing your network to risk.

Incident Management Plan - A document or policy that helps you plan for and respond as quickly as possible to any security incidents. A solid IMP will help identify weaknesses in your security posture and limit the potential damage should a breach occur.

Implement Zero Trust - A security concept that proposes organizations should not automatically trust anything inside our outside

SECURITY PROMOTER

LEVEL 5

Threat Intelligence - Big data that is collected, processed and analyzed to understand potential hacker’s motives, potential targets and attack behavior.

Predictive Security Technology - AI-powered technology that analyzes vulnerabilities in your network, compares that to the latest threat intelligence, and predicts the areas of your network that will most likely be targeted in an attempted breach.

Advanced Anomaly and Breach Detection - Top-of-the-line software that can detect even the smallest or most unnoticeable breaches and respond accordingly, protecting your network against sophisticated attacks.

User Behavioral Analytics - An advanced software tool that analyzes human behavior on your network, then applies statistical analysis and machine learning to detect anomalies from those patterns, indicating a potential threat.

SECURITY LEADER