o  Ensuring that network components are secured and configured according to
                              organizational policies that are aligned to applicable regulations and industry best
                              practices.

                          o  Monitoring the dark web for compromised emails/passwords and verifying that
                              passwords are changed frequently.
                          o  Ensuring appropriate anti-malware and anti-phishing software are deployed.

                          o  Conducting mandatory employee awareness training for anti-malware and anti-
                              phishing software.
                      Ensuring appropriate access.

                          o  Ensuring that access to switches is restricted and that technicians routinely maintain
                              and update them for functionality.
                          o  Ensuring that physical access to routers is restricted. Routers almost always have
                              remote access capabilities for the devices themselves. These should be secured with
                              strong passwords and monitored for failed login attempts.
                          o  Verifying that remote users are required to use two-factor authentication.

                      Ensuring patch maintenance. Ensuring the latest security patches and firmware updates
                       are installed on network components (e.g., firewalls, routers, printers, and Voice over Internet
                       Protocol (VoIP) phones).
                      Ensuring appropriate management of third-party network risks. This is applicable if
                       network management is outsourced and if so, ensuring the vendor’s security programs are
                       robust, efficient, effective, and accessible.







































                   34 — theiia.org