Conducting research

- [Instructor] Technology is constantly changing and evolving. And that requires cyber security professionals to always be researching the latest best practices, new technologies, and evolving technologies as part of their job. Having worked in the industry for the past two decades, I can attest to the fact that rapid changes do occur and you must keep yourself abreast of those changes to remain relevant in the defense of your networks. Just think about the smartphone that's located in your pocket. Two decades ago, no one would've conceived that you can carry around a small computer with you everywhere you go.

But now the majority of our workforce relies on their smartphones and there network connectivity on a daily basis. Now, every industry has certain best practices that they follow. Best practices are the procedures or standards that are accepted as being correct or most effective. As a cyber security professional, it's your job to ensure that the organization is using the best practices that are applicable to your industry. Because there are a lot of different best practices out there. There are many organizations that provide publications on different standards and best practices that may be applicable to your organization's security program.

These include the Computer Security Resource Center, the International Organization for Standardization and International Electrotechnical Commission, and the Institute of Electrical and Electronics Engineers. If you are an IT service management organization, you may rely on the Information Technology Infrastructure Library, or ITIL framework, for its best practices, as well. Documentation of which best practices you're following is also considered important because this can help your organization defend itself during a potential lawsuit.

For example, if your organization suffers from a cyber breach but it's been clearly following documented best practices, this might help you be able to found not liable for the damages that resulted from the breach. Remember, your organization doesn't have to follow a single set of best practices, either. You can pick and choose from the varies best practices to best protect your organization but be sure to document them. Your organization's internal policies should be the result of choosing and combining the most appropriate best practices to ensure the security of your networks.

Best practices for the security of your network also exist for each device that comprises your network such as for the configuration of your Windows machines and your Linux servers, your routers, switches, and more. Because each of these devices requires unique configurations, it's important to consult the manufacturers guidance for their own best practices when you're configuring them. There are some general best practices that you should consider across all of your devices. Such as disabling and renaming any default administrative or guest accounts on the device and changing their passwords.

Also, you should regularly update the software and firmware of the devices with the latest patches. Firewalls should be implemented both on the network and the device itself. Additionally, you should disable remote login capabilities on these devices unless it simply must be used because you have no other choice. Some other key best practices are to always use encryption to protect your data, whether it's in rest or in transit. Auditing should always be configured and enabled because having that audit trail is necessary to detect issues over time and is useful in recreating the events after a data breach.

Those same audit logs should also be reviewed on a regular basis in order for you to detect trends and irregularities. Finally, you should harden all your devices by disabling all unnecessary services and protocols. Since technology is always changing, we're always subject to new technologies being introduced into our networks. When I began working in the industry, wireless networks were just being introduced into our enterprise networks. But today they're considered common place. The Internet of Things, or IOT, is introducing new technologies and censors into our networks at a break-neck pace.

As cyber security professionals, we should aim to keep abreast of the latest technologies and determine the most secure way to implement those into our organizational networks. Some of these new technologies are requested by our users while others are requested by our security personnel. For example, new security systems like the Unified Threat Management systems, or UTM, are often requested by security personnel. These Unified Threat Management systems can provide us with the capabilities of a traditional firewall with advance content inspection, content filtering, spam filtering, intrusion detection, antivirus, and anti-malware systems all in a combined, single rack mounted device.

To learn about potential new technologies, cyber security professionals should read industry blogs, white papers, and knowledge base articles to learn about the latest technologies that our users and our fellow security professionals are utilizing on a daily basis. Always be careful when adopting a new technology and weigh the cost versus the benefit in terms of both the financial and security perspectives. Finally, it's important to remember that technology is always adapting and evolving. In order to communicate any major changes to the various protocols that our networks rely upon, the Internet Engineering Task Force, or IETF, utilizes the request for comment process.

The RFC process allows new protocols or changes to be described. It provides industry experts an opportunity to conduct peer review of the submissions and, once approved by the Internet Engineering Task Force, the RFC becomes the new internet standard for that particular protocol. RFCs have been issued for numerous protocols such as Telnet, FTP, SNMP, DHCP, SMTP, RADIUS, and numerous others.

While I'm providing you the RFC numbers here on the screen, you don't have to memorize these RFC numbers or the protocols for the CASP exam. Instead, you should just be aware that for every protocol used on the internet, there is an RFC that exists describing in detail how it should operate.