|
25
sales@purplesec.us
controls designed around Least Privilege and Critical Infrastructure NIST
recommendations. Compromise of these systems pose a critical threat.
Implement system patching management cycle to ensure that all systems are regularly
receiving important security updates from vendors.
Revoke or replace PFX files in user profiles as a precaution
Data compliance and end user social engineering training should be implemented to
promote safer practices. HIPAA data should be contained to ONLY systems that require
access to the data; it is encouraged that these systems employ good data at rest
encryption and least privilege access controls to prevent unauthorized access. Best
practice is to centrally store these types of files on a managed, hardened network
location, users should access the files only via network connectors in their in profiles
with configured security permissions.
References
Open Web Application Security Project (OWASP). (2014).
Testing Guide v4.0
.
https://www.owasp.org/images/1/19/OTGv4.pdf
Assured Compliance Technology. (2015a).
Information Security Project Quality
Assurance
Manual v1.4
. ACT Policy Library.
Assured Compliance Technology. (2015b).
Information Security Penetration Testing
Method
.
ACT Policy Library.
Dostları ilə paylaş: |
