NAS2002 Protect Tasks List

#Winter24/NAS2002/protect

based on NIST Cybersecurity Framework 2.0

IAM and Access Control

1. implement a centralised identity and access management system
2. use MFA for proofing and binding identities to credentials
3. ensure proper authentication and authorisation before granting access to
resources
4. implement least privilege and separation of duties
5. secure physical access to critical infrastructure

tools - MS Active Directory, OpenLDAP, Google Authenticator, YubiKey, SAML,

OpenID Connect, RBAC, CCTV cameras

Awareness and Training

1. develop and deliver awareness training to all employees
2. offer specialised cybersecurity training for IT staff and other roles with specific
security responsibilities

tools - Cybrary, PluralSight, PhishMe, KnowBe4

Data Security
1. encrypt sensitive data at rest and in transit
2. implement policies for data retention and destruction
3. periodically create, protect and test backups of critical data

tools - data lifecycle management tools - Eraser, data loss prevention

solutions, backup solutions - Veeam, Acronis

Platform Security
1. ensure secure configurations for all hardware and software assets
2. implement network segmentation and enforce access controls

tools - configuration management tools - Ansible, Chef, firewalls and NACL

Infrastructure Resilience
1. protect networks and environments from unauthorised logical access and usage
2. protect assets from environmental threats
3. implement mechanisms to achieve resilience in normal and adverse situations
4. deploy adequate resources to ensure availability