Critical controls

Every few weeks we'll publish more information about a critical control. For each control a page will summarise the intent and success measures for business owners and a separate page will provide implementation advice for practitioners.

10 critical controls for 2018

This is a summary of the ten controls that would mitigate the majority of information security incidents that CERT NZ has analysed so far.

1. Patching

Keeping your software up-to-date is one of the most simple and effective steps to take, to ensure your environment stays secure.

2. Legacy systems

Legacy systems are systems that are no longer supported by the vendor, or systems that an organisation no longer maintains. This includes end-of-life or unsupported software.

3. Unused services and protocols

Unused or older services and protocols often have their own vulnerabilities. Proactively scan your network for any that are not used or vulnerable, and disable them.