Assignment 1 Cyber Security in Telecommunications Company | CSIS 343 - Cybersecurity
4. Network Segmentation and Access Controls:
a. Zero Trust Model:
Adopt a zero-trust approach, assuming that no one inside or outside the network is trustworthy by default.
b. Role-Based Access Control (RBAC):
Implement RBAC to restrict access based on job roles, minimizing the risk of unauthorized access.
c. Firewalls and Intrusion Prevention Systems (IPS):
Deploy firewalls and IPS strategically to monitor and control traffic flow, preventing unauthorized access and attacks.
d. Regular Review of Access Permissions:
Conduct periodic reviews of access permissions to ensure they align with current job responsibilities.
Importance of Network Segmentation and Access Controls:
Isolation of Critical Assets: Segmentation limits the lateral movement of attackers, containing a potential breach to a specific network segment. Reduced Attack Surface: By controlling access to specific resources, the attack surface is minimized, making it harder for malicious actors to exploit vulnerabilities. Granular Control: Access controls and segmentation allow for granular control over who can access what, enhancing overall security posture. Compliance: Many regulatory frameworks require network segmentation and access controls as part of data protection measures. In summary, a comprehensive cybersecurity strategy should include a combination of technical measures, regular assessments, and employee training to safeguard the company's data networks and internet services against evolving threats. Regularly updating and adapting these strategies based on emerging threats is essential for maintaining a robust security posture.