Organizing my ideas, I came up with this IT Security Cheat Sheet, nothing really important should be missing, but in case drop me a line:
-
Know your IT assets, often attackers know them better than you do
-
Implement a strong IAM security programme, people are the first weak point
-
Establish an IT security baseline and apply it to all your IT assets, no matter what or who
-
Evaluate IT security risks from a business perspective and implement IT security measures to manage them; do not trust any IT system by default
-
Detect, manage and solve IT security incidents, they happen even if you do not detect them
-
Learn from the security incidents and feed the knowledge into the previous steps
-
Review and re-implement all steps at least yearly (Governance).
Andrea Pasquinucci 