Cyber Security: Asset Protection

References in this guidance to national banks or banks generally should be read to include federal savings associations (FSA). 89 pages and detailed discussion of Risk Management.

43 pages. For Water, Assets include Example Assets:
• Primary, secondary, and tertiary treatment units
• Disinfection equipment
• Pumps
• Blowers
• Buildings
General enough that steps can be applied to a variety of asset types.

Assets are resources owned and used by a company to generate a positive economic benefit. As a business owner, it is important to know which assets you own, their location, and their value.

Partnership Tips:
1. Unified Mission
2. Information Sharing
3. Training and Expertise
4. Prevention is Key
5. Legal Framework
6. Community Engagement
7. Adaptability to Emerging Threats
8. Mutual Respect and Trust
Recognizing joint achievements, whether preventing incidents or recovering stolen assets, strengthens the partnership and reinforces its positive impact.

Modernize your security strategy
Transformations, mindsets, and expectations
Adopting the shared responsibility model
Building security initiatives

Checklist to prepare your Security Operations Center (SOC) to respond to cybersecurity incidents.
Activity
Description
Benefit

Use conditional access policies: Conditional access policies are customizable and will adapt to the changing cyberthreat landscape.
Train and retrain employees on social engineering tactics: Educate employees and the public to recognize and react to phishing emails, vishing (voicemail), smishing, (SMS/text) social engineering attacks, and apply security best practices for Microsoft Teams.
Rigorously protect data: Ensure data remains private and controlled from end to end.
Leverage Generative AI security tools: Tools like Microsoft Copilot for Security can expand capabilities and enhance the organization’s security posture.
Enable multifactor authentication: Enable multifactor authentication for all users, especially for administrator functions, as it reduces the risk of account takeover by over 99 percent.

You must adopt a strategy that includes multiple technologies to defend against these attacks. Simply implementing a privileged identity management / privileged access management (PIM/PAM) solution is not sufficient.

Disclaimer: The order of these steps is designed to ensure you reduce risk as fast as possible, and built on an assumption of great urgency that overrides normal security and IT priorities, in order to avoid or mitigate devastating attacks.

Privileged access should be the top security priority at every organization. Any
compromise of these users has a high likelihood of significant negative impact to the
organization. Privileged users have access to business critical assets in an organization,
nearly always causing major impact when attackers compromise their accounts. This strategy is built on Zero Trust principles of explicit validation, least privilege, and
assumption of breach.

Verify explicitly: Always authenticate and authorize based on all available data points.
Use least privilege access: Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
Assume breach: Minimize blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses.