One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are.
Several regulatory organizations have established standards for avoiding security misconfigurations in order to prevent cyberattacks and accidental security breaches, maintain compliance with regulations, and strengthen the overall cybersecurity posture of any business. Cyber Security Hub recently recorded a webinar with Fortra’s Tyler Reguly about the top security misconfigurations to watch out for.
Industry Standards and Organizations
Some of the industry frameworks and regulations that have guidance around misconfigurations include:
- The Center for Internet Security (CIS) is a community-driven nonprofit organization, known mainly for the CIS Controls and CIS Benchmarks. There are 18 Critical Security Controls and 639 published benchmarks, as well as other resources provided by CIS, including hardened operating system…
