As the old security adage goes, “a well-managed network/system is a secure network/system,” and this notion of network and system management is a cybersecurity foundation. Pick any framework (e.g., NIST Cybersecurity framework), international standard (e.g., ISO 27000), best practice (e.g., CIS 20 Critical Controls) or professional certification (e.g., CISSP), and much of the guidelines presented will be about security hygiene and posture management.
Another time-honored colloquialism also comes to mind here: “An ounce of prevention is worth a pound of cure.” From a cybersecurity perspective, all frameworks, standards, and best practices suggest that security strategies start with some fundamentals like an inventory of all assets on the network, hardened configurations, least privilege accounts, system/data classification, rapid vulnerability discovery/remediation, and continuous monitoring. Get these right and you make it harder for adversaries to exploit your assets.
Cybersecurity hygiene and posture management are the equivalent of automotive maintenance recommendations like changing your oil and rotating your tires. Do these…
