AIVD gives companies tips for network security
The AIVD has published a list of tips with which companies can better protect their ICT infrastructure themselves. This ‘cybersecurity approach’ helps companies secure information and processes, make risk assessments and choose security means.
The information comes from the National Bureau for Connection Security or NBV. This is part of the General Intelligence and Security Service. The NBV helps companies and organizations to better secure their networks with knowledge gained by the AIVD. The service has released the Cyber Security Approach Defensible Network. The guide contains practical tips for companies and security officers that revolve around four pillars: context analysis, resistance, detection and damage limitation.
The guide prescribes how companies can first analyze how their network is structured and where possible vulnerabilities are. The tips then move on to making it more resilient, for example with network segmentation and access controls. Next comes the detection of incidents through endpoint or network-based detection and by educating employees. Finally, there are rules for incident response and for recovery plans.
The AIVD does not actively help companies with security, but works together with other authorities such as the National Cyber Security Center to warn companies about possible incidents. In recent years, such government bodies have paid more attention to the security of external companies, even if they do not fall under the so-called critical infrastructure.