NEBRASKA BANKERS ASSOCIATION 15 Modern vendor management requires a contemporary approach to controlling risk. religiously. Falling behind on patches leaves systems vulnerable to known attacks that can be prevented with proper patching. • Follow the 3-2-1 Data Backup Rule — The 3-2-1 Backup Rule is highly recommended for any organization looking to back up their data. This methodology suggests keeping three (3) copies of your data on two (2) different forms of media and one (1) of those copies being off-site. • Network Segmentation — The greater the segmentation, the harder it is for an attacker (or malware) to move throughout your network. • Egress Firewall Filtering — Firewalls, by default, block everything coming in and permit everything to go out. You gain significant control over what resources your internal systems can access when egress filtering is enabled. Here are a few additional tips to help control risk: • Log the right activity and establish a baseline on your network. Anything outside of the baseline could be an indicator of compromise. Ensure you have some central logging capability. Central logging capability is not SIEM. It is a place for you to store your collected logs. Make sure this system is a bastion host. Its data may be key in an investigation. • Have separate user accounts. The ultimate rule is that one user means one account and allows for accountability. All users should be restricted users, especially vendors. If a user is also an administrator, ensure they have a separate, privileged account to perform those administrative tasks. Ensure no one uses service accounts. Service accounts are often administrative in nature. Confirm each service that needs a service account has its own service account, like how individual Tech Talk — continued on page 16
RkJQdWJsaXNoZXIy ODQxMjUw