You can refer to a wealth of documents on the internet and try to put them into practice.
- A software development methodology , framework that is used to structure, plan, and control the life cycle of a software product. Common methodologies include waterfall, prototyping, iterative and incremental development, spiral development, agile software development, rapid application development, and extreme programming.
- Open Source Security Testing Methodology Manual (OSSTMM) (www.isecom.org/ research/): A peer-reviewed guide for the testing and analysis of a security infrastructure
- ISO/IEC 27002 (which replaced ISO 17799) (https://www.iso.org/standard/ 54533.html): An international standard that can be the basis of implementing organizational security and related management practices
- Information Technology Infrastructure Library (ITIL) (www.itlibrary.org): Initially crafted by the British government, ITIL is a set of recommended best practices for core IT security and operational processes .
- Control Objectives for Information and Related Technology (COBIT). COBIT is a documented set of best IT security practices crafted by the Information Systems Audit and Control Association (ISACA). It prescribes goals and requirements for security controls and encourages the mapping of IT security ideals to business objectives.
- etc etc
“Deadlines” may be the most common excuse, but the real cause is always a lack of knowledge about the rules, regulations and ignorance of the damage a loss of important data or malpractices could do to your business.
There is a lot of technical jargons but what are the “BEST” practices in concise …
- Know your data and its importance.
- Have some fear of losing it , protect it.
- Delegate to the right technology partner and consultant.
- Monitor and explore your infra , make sure there is no shadow IT.
- Always Double check , Audit
- Keep up to date
- DO MORE …
About the Author
Sachin is a Cloud and an IT expert with a vast experience in Systems , Security and Integration.