Let’s jump right in. The first part of the DUH Security Planning Formula is Data. This is where you ensure you are properly monitoring your data access, fixing issues, and defining requirements.
Data Protection - encompasses all data the organization produces.
Data hunting is a guaranteed way to get complete control of any network and access to all data.
Data is a key fundamental of cybersecurity defense and breach/attack insight.
If you don’t log data access you may not be able to determine the extent of a data breach!
Edward Snowden isn’t a hacker – he exploited a weakness that would have been caught by a data audit.
If you don’t know who accessed data you won’t know the extent of a breach.
You should be able to answer all of these questions!
Data protection encompasses all data which the organization produces.
All data is good data – never pass up an opportunity to collect more data. Especially Security Data!
Data monitoring is the act of monitoring and logging all data access!
Data auditing is the act of verifying data policy, access and monitoring procedures are in alignment with organizational standards.
Data Intelligence is about transforming data into information, information into knowledge, and knowledge into value.
The second part of the DUH Formula is Update. Know what have and if it’s updated at all times. Malware often exploits unpatched systems.
Operating Systems (OS)
Most companies have many OS’s not being updated.
Not updating makes any company “low hanging fruit”.
Not updating software give hackers easy access into your network, data, and controls.
Human Virus Definitions
Users are 70% less likely to click on a phish they already experienced.
Internet-connected coffee pots can get you hacked.
Cyber technology increases at an exponential rate.
Windows is a very popular OS. Common OS’s are Linux (has many different names), UNIX (same), Apple and more.
Microsoft Office is a very popular suite of software, but it includes any applications installed on company-owned computers.
Weaknesses in technology are always being discovered and updates fix known vulnerabilities.
Appliances are hardware used to assist with day to day business operations. Examples are routers, printers, and firewalls.
Human virus definitions are a combination of high-frequency education and attack emulations.
Technology can be anything digital and encompasses all cybersecurity controls as well as technology used to run the organization.