Skip to main content
NL
FR
EN
Other official information and services:
www.belgium.be
Cyberguide - Centre for Cyber security Belgium
Search
Basic
Advanced
Toggle navigation
Plan your cyber security
Open Plan your cyber security Submenu
Understand Your Enterprise Requirements
Management Commitment
Compose Your CyberSecurity Team
Appoint an Information Security Officer
Appoint a Data Protection Officer
Identify the key competencies and the people who have them
Make sure the information security officer is operating independently and not part of ICT
Distribute and update contact Information
Define Policies & Procedures
Develop and distribute a code of conduct for using ICT
Classification and marking scheme for sensitive information
Introduce Need to know, Least Privilege and Segregation of duties
Publish a Responsible Disclosure policy
Acceptable Use Policy
Backup Policy
Email/Communications Policy
Mobile Device Policy
Training, communication and awareness
Train your employees in recognizing CEO fraud
Train your users in recognizing phishing
Inform users about safe web behaviour
Evaluate the security skills of your staff members
Get users to subscribe to your code of conduct & policies
Organise Cyber Security Awareness Campaigns
Incident Management
Incident Management Basics
Have an up-to-date incident register
All employees must know the contact point for reporting incidents
Have incident response procedures
Report all incidents to senior management (C-level)
Evaluate the opportunity for cyber security incident insurance coverage
Business Continuity
Create a business continuity plan to preserve business
Include Redundancy and Failover into your architecture
Install fall-back capabilities for utilities (electricity, phone, internet…)
Evaluate and test these plans every year
Business Continuity in the cloud
Change Management
Custom made or internally developed software and hardware
Manage Your Risk
Open Manage Your Risk Submenu
Select a Risk Management Methodology
Understand Your Risk Appetite
Keep a register of all your assets
Have an up-to-date inventory of network devices and connections
Have an up-to-date inventory of Workstations and Servers
Have an up-to-date inventory of mobile devices and tablets
Have an up-to-date inventory of Internet Connected Operational Devices
Keep Records of Partners, Vendors, Contracts, SLA's
Decomissioning of assets and media disposal
Identify the vulnerabilities and threats
Perform A Risk Analyses
Define a baseline security configuration
Security by Design and Security by Default
Take Security Measures
Open Take Security Measures Submenu
Back Up and Restore
Make regular back-ups of your important data
Store back-ups offline and in a separate place (at a distance from their source if possible)
Back-ups are stored in a safe or in a secure data centre
Select own or cloud backup solutions
Encrypt data stored in the cloud
Periodic restoration tests are carried out in order to check the quality of the back-ups
Email Security
Email Security
Protect your email domain from spoofing
Manage Antivirus/Malware
Antivirus software is installed, active and up to date on all workstations and servers
Automate updates of antivirus products
Make users familiar with the antivirus software’s infection warning procedure
The antivirus software is regularly tested with fingerprint solutions
Antivirus software is installed on all mobile devices
All virus warnings are analyzed by an ICT expert
Update all programs
Patch Management
Automate the update process and audit its effectiveness
Apply security related updates to all software as soon as possible
Update all third-party software such as browsers and plugins
For servers: make a full back-up before, and create emergency repair disks after, each update
Develop a reference and test environment for new patches
User Access Controls
Implement a user life cycle
New Users, Default User accounts and User departure
Login management
Passwords management
Single Sign-On
Use Multi-Factor Authentication whenever possible
Frequently audit the central directory (Active Directory or LDAP directory)
Keep a limited and updated list of system administrator accounts
Shared, Service and Technical Accounts
Role-based access control (RBAC)
Secure Physical Access
Register all visits
Limit employee access with a badge system and create multiple security zones
Any physical access to servers and network components is registered
Ensure office cleaning is carried out during working hours or under permanent surveillance
Have sensitive documents stored in locked closets
Have sensitive documents destroyed using a shredder
Limit physical access to servers and network components to a minimum number of people
Enforce the locked print option when available
At the end of the working day have any documents left on the printer shredded
Secure Server Access
Strengthen all systems according to vendor recommendations
Shut down unused services and ports
Avoid direct remote connections to servers
Change all default passwords and disable unused accounts
For the administration of servers, use a network that is (logically) separated from the user network
Enforce authentication and password rules
Use only individual accounts and never share passwords
Search for abnormal access to information and systems (timeframes, applications, data…)
No one works with administrator privileges for daily office tasks
Secure Desktops and Laptops
Disable autorun functions from external media
Add a screenlock with short lock period
Prohibit the connection of personal devices to the organization’s information system
Technical measures are applied to prevent the connection of unregistered portable media
Maintain a 'whitelist' of allowed programs
Laptops, smartphones or tablets are never left unattended
External media such as USB drives are checked for viruses before they are connected to a computer
Encrypt hard disks and external media
Store or copy all data on a storage solution
Sensitive or confidential data must be encrypted for transmission
The data stored in the cloud is encrypted (e.g. BoxCryptor)
Decommissioned hard drives, media and printer storage are physically destroyed
Allow programs to run only in certain folders
Secure Network Access
Use secure applications and protocols
Firewalls
The guest Wi-Fi network is separated from the corporate network
The Wi-Fi network is protected by WPA2 encryption
Enforce Network Authentication
An IDS/IPS (Intrusion Detection/Prevention System) monitors all communications
Secure Internet Access
Prevent any direct access to the internet, but force traffic through a proxy and IDS
Block Access to Sites deemed unsafe
Evaluate the risk of file sharing sites
Secure Mobile Devices and Tablets
Enforce VPN on public networks
Update your device automatically
Use strong passwords/biometrics
Encrypt your Device
Remote Lock and Remote Data Wipe
Use Mobile Device Management
Secure Remote Access
All connections to the corporate network must be secured and encrypted
Allow only Virtual Private Network (VPN) connections for end points
Limit remote access to what is strictly necessary
Remote access must be disconnected automatically when inactive for a certain amount of time
Strong authentication is required when connecting from external public networks
Secure your Website
Secure your Website using HTTPS
Most Critical Web Application Security Risks
Secure your Cloud
Storing Sensitive Information
Passwords and Multi Factor Authentication
Keep a backup outside of the cloud
Data Breaches are real
Data Loss
Encrypt your Data
Hijacking of Accounts is still a possibility
Abuse of Cloud Services
Shared Vulnerabilities
Insufficient Due Diligence
The guarantees offered by the cloud provider correspond to the stored information’s level of criticality
Secure UnManaged Devices and IOT
Map and monitor all connected devices
Change all default usernames and passwords
Disable unneeded services
Update the devices regularly
Apply Network Segmentation and Network Isolation
Secure Your Databases
Avoid Shared Servers for Critical Databases
Enable Security Controls
Encrypt Stored/Configuration Files
Separate the Database and Web/Application Servers
Use Web Application Firewalls to protect your Databases
Logging and Log Analyses
Security logs on servers and firewalls are kept for a period of at least 6 months
An analysis and warning system (SIEM) uses the logs in order to detect any malicious behaviour
Evaluate all server, firewall and network component events/alerts
Secure Your Endpoints
Evaluate Your Actions
Open Evaluate Your Actions Submenu
Define and evaluate Key Performance Indicators
Plan and execute security audits
Continuously Review Your Asset Register
Continuously evaluate your Risk Register
Communicate to and request feedback from Senior Management
Perform penetration tests and vulnerability scans
Perform a Business Continuity Exercise
Perform a restore periodically
Periodically evaluate users’ awareness and responsiveness
Periodically remind users of the importance of their secure behaviour
Periodically remind users that information should be treated as sensitive and with respect for privacy
Audit all configurations regularly (including servers, firewalls and network components)
Evaluate your actions
Search
Basic level
Advanced Level
Manage risks for your most important assets
Select a Risk Management Methodology
Risk appetite
Keep a register of all your assets
Identify the vulnerabilities and threats
Perform a Risk Analyses
Define a baseline security configuration
Security by Design and Security by Default
