{"id":42881,"date":"2019-11-17T17:00:36","date_gmt":"2019-11-17T17:00:36","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=42881"},"modified":"2024-11-14T12:26:21","modified_gmt":"2024-11-14T17:26:21","slug":"cybersecurity-due-diligence-checklist","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/cybersecurity-due-diligence-checklist","title":{"rendered":"Cybersecurity Due Diligence Checklist"},"content":{"rendered":"\n

Regardless of industry or organization size, company leaders must guard their data<\/a> fiercely from bad actors and improve their cybersecurity practices.<\/p>\n\n\n\n

A shifting IT landscape makes for new and different challenges to which IT admins must respond. For example, the frequency of ransomware and DDoS attacks decreased in 2018, but losses caused by business email compromises doubled and cryptojacking incidents more than tripled, according to the Online Trust Alliance<\/a>. <\/p>\n\n\n\n

Protect your data against these varied attacks with a layered approach. This checklist provides the first steps in doing your due diligence to secure your company and ward off bad actors. Security isn’t one-size-fits-all, and you’ll want to tailor your solutions to your organization, but these are the high-impact basics to get you started.<\/p>\n\n\n\n

1. Identify Resources to Guide Cybersecurity Work<\/h2>\n\n\n\n

To begin with, identify frameworks to guide your cybersecurity work and strengthen your company’s security posture. Combine these frameworks for even more guidance as you complete your work.<\/p>\n\n\n\n

NIST Framework<\/h3>\n\n\n\n

The National Institute of Standards and Technology (NIST) produced a framework for improving critical infrastructure cybersecurity, which officials said<\/a> should serve as \u201cevery company\u2019s first line of defense.\u201d<\/p>\n\n\n\n

This framework outlines five functions: <\/p>\n\n\n\n

\n

Identify<\/strong> \u2014 Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.<\/p>\n\n\n\n

Protect<\/strong> \u2014 Develop and implement appropriate safeguards to ensure delivery of critical services.<\/p>\n\n\n\n

Detect <\/strong>\u2014 Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.<\/p>\n\n\n\n

Respond<\/strong> \u2014 Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.<\/p>\n\n\n\n

Recover <\/strong>\u2014 Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.<\/p>\n<\/div>\n\n\n\n

These functions \u201caid an organization in expressing its management of cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and improving by learning from previous activities.\u201d<\/p>\n\n\n\n

To learn more about this framework and how it can be implemented, check out NIST\u2019s \u201cFramework for Improving Critical Infrastructure Cybersecurity\u201d publication<\/a>, which provides an in-depth look at its guidelines.<\/p>\n\n\n\n

After familiarizing yourself with this framework, you can pair it with the zero trust security (ZTS) methodology to inform your security work further.<\/p>\n\n\n\n

Zero Trust Security Methodology<\/h3>\n\n\n\n

Following the ZTS methodology<\/a>, IT admins want to take four key steps:<\/p>\n\n\n\n