this post was submitted on 08 Apr 2024
5 points (85.7% liked)
cybersecurity
3238 readers
1 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I was the lone security person there for a bit. Now there's 4 of us. I broke it down into two risks:
service / system outage data breach / loss
The way I approached shoring up defenses was with specific activities each week:
vulnerability remediation audit & compliance incident response governance & policy security awareness program
It might help to think of things in a maturity model. Putting in a SEIM is a big job, and maybe more appropriate for when the security program at your org has matured more. What you can do is spend time working on the other stuff - what's your endpoint protection? What compliance requirements do you have? How's your inventory & asset management? What's policy look like? Do your AD accounts all make sense? What's the password policy? Do you have any old service accounts?
Picking little stuff allows you to make progress, and gets you ready to move to the bigger things. A mentor once told me to use a checklist (for life in general, but applies to cyber):
1 Did they ask you for help 2 Do you have it to give 3 Have you done enough for now
Good luck!