Description
On a per-device basis, this Pillar most commonly addresses company needs around:
Identity and Access Management
- Managing Access and Permissions: Ensuring appropriate access to systems and data.
- Enforcing (MFA): Enforcing and troubleshooting MFA for critical business applications.
- Managing Unauthorized Access Attempts: Investigating failed login attempts or suspicious activity and managing password policies.
Security Awareness
- Phishing Awareness: Educating employees about social engineering threats.
- Monitoring Security Logs and Alerts: Reviewing logs from security tools and firewalls.
Data Protection and Compliance
- Managing Data Encryption: Encrypting sensitive business data in transit and at rest.
- Ensuring Compliance with Industry Regulations (e.g., HIPAA, PCI-DSS, GDPR): Implementing policies and software to meet security and privacy requirements.
Cloud and Application Security
- Securing Microsoft 365/Google Workspace/Apple Accounts: Configuring security settings for cloud productivity suites.
- Managing Secure Access to SaaS Applications: Ensuring third-party business applications follow security best practices.
General Security Administration
- Security Audits: Regularly evaluating the security posture of the organization.
- Developing and Enforcing IT Security Policies: Creating policies for acceptable use, data protection, and security best practices.
