Have an up-to-date inventory of Internet Connected Operational Devices
More and more internet connected devices are introduced into the ICT Infrastructure. They have access to the internet and certain internal resources, but are often unmanaged, or even in the impossiblity of being updated
Keep a fully detailed inventory of all these devices and rigourously analyse the risk they pose on your security program.
These devices are typically:
- Heating Thermostates, ventilation, and air conditioning devices
- Facility Access Devices (badge readers, camera's,...)
- Factory devices (PLC, SCADA,..)
- Meeting Room Reservation Panels
- Video Conferencing and IP Telephony Systems
- IP Camera's and their recorders
- Network Connected 'SMART'-Devices
All these devices should be inventorized, with as many details as possible, and especially with what access they have to corporate resources. You should make sure you are able to impose minimum security requirements, including full network isolation and containment
Do not entrust this task to external staff, as you need to remain in control of the situation.