I am not a security expert, and by this reason to read about security aspects is something complex, specially when you want to gain perspective of the area of security it’s being talked.
The SANS Institute is a cooperative research and education organization which contains programs for security professionals around the world. They have the Critical Security Controls which focuses on prioritizing security functions that are effective against the latest Advanced Targeted Threats: security controls, processes, architectures and services.
Each item of the list below (version 5) contains a detailed checklist of activities to be covered:
- 1: Inventory of Authorized and Unauthorized Devices
- 2: Inventory of Authorized and Unauthorized Software
- 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- 4: Continuous Vulnerability Assessment and Remediation
- 5: Malware Defenses
- 6: Application Software Security
- 7: Wireless Access Control
- 8: Data Recovery Capability
- 9: Security Skills Assessment and Appropriate Training to Fill Gaps
- 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- 11: Limitation and Control of Network Ports, Protocols, and Services
- 12: Controlled Use of Administrative Privileges
- 13: Boundary Defense
- 14: Maintenance, Monitoring, and Analysis of Audit Logs
- 15: Controlled Access Based on the Need to Know
- 16: Account Monitoring and Control
- 17: Data Protection
- 18: Incident Response and Management
- 19: Secure Network Engineering
- 20: Penetration Tests and Red Team Exercises
WordPress
Google + 
Facebook