Kelly Geary writes in Risk & Insurance that cyber underwriters have mostly agreed on what network security controls they want in place. Here is the "top 10" list:
- Comprehensive multi-factor authentication with strong password controls.
- Network sequestration and segmentation.
- Strong data backup strategy as part of a disaster recovery plan.
- Disabled administrative privileges on endpoints.
- Regular and frequent security awareness training for employees.
- Endpoint detection response and anti-malware.
- A sender policy framework for email authentication.
- A 24/7 security operations center.
- A security information event management platform.
- Strong services accounts security in the active directory.
The complete article is at riskandinsurance.com/top-10-cybersecurity-controls-commercial-underwriters-want-to-see/.