
Critical Controls
CERT NZ's Critical Controls
Each year, we review our critical controls against the incidents we have seen over the past 12 months. When correctly im
Each year, we review our critical controls against the incidents we have seen over the past 12 months. When correctly im
Providing a password manager for your staff to store their passwords, or other secrets like alarm codes, is a great way
Limiting and securing your internet-exposed services will help you prevent unauthorised access.
While macros have a valid business function, they are often used by attackers too. Using secure default configurations w
When paired together, segmentation and separation can add an additional level of access control and security to your net
Storing and securing your logs in a central place makes log analysis and alerting easier.
After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and
The principle of least privilege means only having the access you need to do your job. Restricting the level access to o
You can authenticate with something you know, something you have, or something you are. Multi-factor authentication (MFA
Application allowlisting (otherwise known as whitelisting) is a method of strictly controlling what programs can be run
Keeping your software up-to-date is one of the most simple and effective steps to take, to ensure your environment stays