I am part of a smaller (6 currently) company that is in the process of hiring several new people. Im happy but this is stressful and it's coming out that one of our biggest weaknesses is lack of established policies and practices for new people to catch on to. I hope I'm not being too vague when I say that we have been very shoot from the hip so far.
but recently I decided if we dont do something about it now. I vaguely remembering while cramming for a cysa+ exam they spent some time talking about a set of standards for things such as who has access to what passwords, separation of duties, doubling up on people who can perform a role so if something leaves we're not sitting dead, etc.
it all seems so daunting and I just wish I could reference a single doc for best practices as a starting point.
No comments:
Post a Comment