IT Security Programme Cheat Sheet

Organizing my ideas, I came up with this IT Security Cheat Sheet, nothing really important should be missing, but in case drop me a line:

  1. Know your IT assets, often attackers know them better than you do

  2. Implement a strong IAM security programme, people are the first weak point

  3. Establish an IT security baseline and apply it to all your IT assets, no matter what or who

  4. Evaluate IT security risks from a business perspective and implement IT security measures to manage them; do not trust any IT system by default

  5. Detect, manage and solve IT security incidents, they happen even if you do not detect them

  6. Learn from the security incidents and feed the knowledge into the previous steps

  7. Review and re-implement all steps at least yearly (Governance).