Security, for many, seems hard to do right. I know that we all think about firewalls, patch management, antivirus and physical security. But I like to cover an area that does not get focused on by most companies.
Baseline and inventory of computers on a network are often overlooked. I ask all the time, “Do you know what the computers are in your network? What are the services that are running? What ports are open? Who uses the services? Who are the users?”
For the most part, I hear “Uh, no. We don’t know.” If you do not know what’s running on your systems, how will you know what changed if someone breaks into your network? How will you know? I believe that you need to create a master file (portfolio) that lists what the computers/servers are doing; what tasks/services are being run; what ports are open; who is the owner of that application; who are the users; what are the data backup requirements, 1 a day, once and hour ?; and finally, who maintains master file (portfolio)?
If you have this as minimum documentation you can then do a risk assessment and identify all the systems and prioritize what needs to be monitored and controlled.