Advanced Threat Protection

 View Only

Tactical Cyber Security Checklist  

May 11, 2016 12:27 PM

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu.

Sun Tzu’s words still resonate today. Organizations who know their adversaries, while being aware of their own strengths and vulnerabilities, stand a better chance in the ongoing cyber security war. Don’t wait until after your organization has been attacked to bolster your security posture. Go on the offensive against attackers. 

What are some measures to ensure your organization is cyber resilient and ready for battle? We created the following tactical cyber security checklist based on best practices from the 2016 Internet Security Threat Report (ISTR), our annual report which provides an overview and analysis of the year in global threat acitivity. 



  1. Ensure all devices allowed on company networks have adequate security protections.
    Use active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the enterprise network. This includes servers, workstations, laptops and remote devices.
  2. Implement a removable media policy.
    Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can both introduce malware and facilitate intellectual property breaches, whether intentional or unintentional. If external media devices are permitted, automatically scan them for viruses upon connection to the network and use a data loss prevention (DLP) solution to monitor and restrict copying confidential data to unencrypted external storage devices.
  3. Be aggressive in your updating and patching.
    Update, patch, and migrate from outdated and insecure browsers, applications, and browser plug-ins. This also applies to operating systems, not just across computers, but mobile, ICS, and IoT devices as well. Keep virus and intrusion prevention definitions at the latest available versions using vendors’ automatic updates. Most software vendors work diligently to patch exploited software vulnerabilities; however, such patches can only be effective if adopted in the field. Wherever possible, automate patch deployments to maintain protection against vulnerabilities across the organization.
  4. Enforce an effective password policy.
    Ensure passwords are strong and at least 8 -10 characters long with a mixture of letters and numbers. Encourage users to avoid re-using the same passwords on multiple websites, and sharing of passwords with others should be forbidden. Passwords should be changed regularly—at least every 90 days.
  5. Ensure regular backups are available.
    Create and maintain regular backups of critical systems, as well as endpoints. In the event of a security or data emergency, backups should be easily accessible to minimize downtime of services and employee productivity.
  6. Restrict email attachments.
    Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Enterprises should investigate policies for PDFs that are allowed to be included as email attachments. Ensure that mail servers are adequately protected by security software and that email is thoroughly scanned.
  7. Ensure that you have infection and incident response procedures in place.​​
  • Keep your security vendor contact information handy, know who you will call, and what steps you will take if you have one or more infected systems.
  • Ensure that a backup-and-restore solution is in place in order to restore lost or compromised data in the event of successful attack or catastrophic data loss.
  • Make use of post-infection detection capabilities from web gateway, endpoint security solutions and firewalls to identify infected systems.
  • Isolate infected computers to prevent the risk of further infection within the organization, and restore using trusted backup media.
  • If network services are exploited by malicious code or some other threat, disable or block access to those services until a patch is applied.

While you check off these best practices, be sure to also test, test, and test. Are your security solutions updated regularly? Do you know how your team will respond in the event of a data breach? It’s important to constantly test not only your security technology but also the teams that manage the solutions to stay ahead of threats. 

0 Favorited
0 Files

Tags and Keywords


Apr 05, 2017 10:12 AM

It has not changed.

Apr 05, 2017 10:05 AM

Hello, thanks for the recommendations, but the last time we checked, Symantec Endpoint Protection doesn't have an option for scanning removable media upon insertion to the PC/server.  Can you please advise if things have changed?



Sep 01, 2016 01:46 PM

Very solid checklist, which covers everything from a high level perspective.

Sep 01, 2016 01:18 PM

As per above checklist every organzation has be to checked all boxes for adequte security in the company environment.

Sep 01, 2016 12:48 PM

tactical cyber security checklist based on best practices from the 2016 Internet Security Threat Report (ISTR)

Aug 31, 2016 01:20 PM

Ensure this to be done on priority

Aug 31, 2016 09:11 AM

in ny organsation all boxes not checked. nned to review the same

Aug 31, 2016 08:10 AM

Agree with Symantec and need to follow every organsation for better security

Aug 31, 2016 05:24 AM

Accepted....much have checked all boxes

Aug 31, 2016 04:54 AM

i am aggred with symantec need to be checked all above boxes

Aug 30, 2016 09:08 AM

Thats great, need to check all boxes to ensure the security

Aug 30, 2016 05:06 AM

All boxes need to be checked for security

Aug 30, 2016 02:59 AM

Ensure all boxes are checked.....else ready for mishap

Aug 29, 2016 12:47 PM

Need to check if we have all boxes checked. Must be checked. Good article

Aug 22, 2016 10:55 AM

Truly agreed. Must have those above checklist complied.

Aug 02, 2016 09:26 AM

I agree with above points

Jul 12, 2016 06:36 PM

Hi All -- Thank you for the feedback!

We just published a blog post "Data Breach Checklist," which provides insights on how organizations (and individuals) can protect themselves before, during and after an attack.

Please read the full post and see the "Data Breach Checklist" here:

Jul 08, 2016 09:01 AM

Thanks for sharing your security checklist.

Jul 01, 2016 11:34 PM

All boxes checked!

Jun 17, 2016 05:45 AM

Useful checklist, most important for me is backups for when things go wrong!

Jun 15, 2016 02:24 PM

It's a great security checklist to follow. From my point of views, important things are restrict email attachment, do backup more frequently and use strongest passwords as possible.

Jun 07, 2016 03:47 PM

You really do need to think like a potential enemy in roder to protect yourself.  The items in the checklist should be SOP for any business.

Jun 06, 2016 02:37 AM

A good checklist - it put you a step ahead from these so-called 'attackers'.

Jun 03, 2016 03:05 PM

This is a great checklist and details on the specifics of it.

Jun 03, 2016 11:44 AM

Its sounds good checklist

Jun 03, 2016 07:49 AM

Excellent list of things to be aware of!

Jun 03, 2016 05:28 AM

All boxes checked. Must have checklist and should must pay attention.

Jun 03, 2016 04:01 AM

Sounds like a great checklist to adhere too.

Jun 02, 2016 12:50 PM

All boxes checked!  We're good! :)

Related Entries and Links

No Related Resource entered.