this post was submitted on 22 Jan 2024
2 points (100.0% liked)
cybersecurity
3249 readers
4 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I just started my first official cybersecurity position at a medium size company in an industry that is currently being heavily targeted with ransomware.
I'm starting pretty much from scratch as they have not had a dedicated security role in over a year and my predecessor didn't make much progress. So far i've been focused on inventory lists, policies, and procedures for hardware, software, and data. I think we're doing okay with minimizing stuff thats internet facing and patching is in a good place (well, at least with the devices and os's that are still supported).
Any suggestions on where to go from there or what to prioritize?
https://www.cisecurity.org/controls/v8
Thanks! This is actually exactly what I have been basing my efforts on so far, it's just sobering to look at how far away we are from completing implementation group 1.