Targeted advice for IT project managers

Use of best practices and security standards

- Adopt standards such as ISO 27001, NIST, and CIS Critical Security Controls
- Implement information security policies
- Conduct regular vulnerability testing and security audits
- Apply the principle of least privilege for access rights
Access and identity management

- Use two-factor authentication (2FA)
for sensitive accounts for everyone !
- Implement an identity and access management (IAM) system
- Regularly monitor and audit access to sensitive resources
- Quickly revoke access rights of employees who leave the organization
Securing networks and systems

- Deploy firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS)
- Encrypt sensitive data and communications
- Apply regular security patches and keep software up to date
- Segment the network to isolate critical systems
Implement incident detection and response mechanisms

- Set up a security operations center (SOC)
- Use security information and event management (SIEM) tools
- Define and test a cybersecurity incident response plan
- Perform post-incident analysis to improve processes and systems
Manage third party vendors and partners

- Assess cybersecurity risks associated with vendors and partners
- Include cybersecurity clauses in contracts and cooperative agreements
- Regularly audit suppliers and partners for compliance with security standards
- Sharing cyber threat information with partners and cooperating organizations
Training and awareness of technical staff

- Provide training on security best practices and specific tools
- Raise awareness of the challenges of inter-organizational collaboration and information sharing
- Encourage participation in conferences and workshops on cybersecurity
- Organize practical exercises to reinforce technical security skills