By Priya Rathnam

Copyright deccanchronicle

Hyderabad: In an attempt to safeguard small and medium businesses from cyber threats, CERT-In (Indian Computer Emergency Response Team) has released the 15 Elemental Cyber Defense Controls, which will strengthen cybersecurity posture and enable self-assessments to gauge the current level of preparedness.The 15 Elemental Controls aim to protect cyber infrastructure, secure confidential data, reduce financial risks, maintain customer confidence, support digital projects, and sustain business growth in an increasingly digital environment. The CERT-In guidelines also recommend that organisations conduct annual audits through CERT-In–empanelled auditing agencies. Such audits must clearly state that the requirements assessed represent the minimum baseline against which the audit was performed.1. Effective Asset Management (EAM) seeks to establish and maintain an asset management framework.2. Network and Email Security (NES) safeguards systems against unauthorised access, data breaches, and cyber threats by ensuring secure communication.3. Endpoint and Mobile Security (EMS) focuses on protecting end-user devices by enforcing security policies.4. Secure Configurations (SC) mandates the secure configuration of hardware and software within networks5. Patch Management (PM) reduces vulnerabilities by systematically identifying, testing, and applying patches along with timely software updates.6. Incident Management (IM) ensures timely detection and response to breaches7. Logging and Monitoring (LM) enables continuous logging of systems, networks, and user activities, ensuring timely alerts and auditability.8. Awareness and Training (AT) educates personnel on security policies and risks. 9. Third-Party Risk Management (TPRM) protects against vulnerabilities introduced by external service providers. 10. Data Protection, Backup and Recovery (DPBP) ensures confidentiality, integrity, and availability of data by securing backups and establishing effective recovery mechanisms.11. Governance and Compliance (GC) ensures accountability and adherence to cybersecurity policies through defined responsibilities, oversight, and regular reviews. 12. Robust Password Policy (RPP) strengthens password practices to prevent unauthorised access to sensitive data.13. Access Control and Identity Management (ACIM) ensures access is restricted to authorised users14. Physical Security (PS) prevents unauthorised physical access to critical infrastructure, systems, and data. 15. Vulnerability Audits and Assessments (VAA) evaluate an organisation’s overall security posture to verify its effectiveness against evolving threats.