"Trong the gioi ky thuat so ngay nay, du lieu chinh la tai san quy gia nhat. Nhung cung chinh vi the, nguy co bi tan cong, danh cap thong tin ngay cang gia tang. Ban co dang cam thay bat an ve su an toan cua he thong thong tin ma minh dang quan ly? Viec bao mat khong con la mot lua chon, ma la mot dieu kien tien quyet de duy tri hoat dong kinh doanh va su tin cay cua nguoi dung. Bai viet nay se chia se 7 buoc cot loi, mot ""cong thuc vang"" giup ban cung co hang rao phong thu cho he thong cua minh.



1. Danh Gia Rui Ro va Kiem Ke Tai San (Risk Assessment & Asset Inventory)



Buoc dau tien va quan trong nhat chinh la ""biet minh biet ta"". Ban khong the bao ve nhung gi ban khong biet minh dang so huu. Hay bat dau bang viec lap mot danh sach chi tiet tat ca cac tai san cong nghe thong tin quan trong: may chu, co so du lieu, ung dung, thiet bi mang, va ca du lieu nhay cam cua khach hang.



Sau khi co danh sach tai san, tien hanh danh gia rui ro. Xac dinh nhung moi de doa tiem tang (nhu ma doc tong tien, tan cong tu choi dich vu) va lo hong hien tai (nhu phan mem chua duoc va loi, mat khau yeu). Viec nay giup ban uu tien nguon luc vao nhung khu vuc de bi ton thuong nhat, thay vi rai deu ngan sach mot cach vo ich. Mot he thong duoc kiem ke ro rang se de dang duoc giam sat va bao ve hon rat nhieu.



2. Ap Dung Chinh Sach Mat Khau Manh va Xac Thuc Da Yeu To (Strong Password Policy & MFA)



Loi co ban nhung lai la cua ngo pho bien nhat cho hacker chinh la mat khau de doan. Da den luc ban can thay doi tu duy ve mat khau. Chinh sach mat khau phai yeu cau do dai toi thieu (vi du: 12 ky tu tro len), ket hop chu hoa, chu thuong, so va ky tu dac biet.



Tuy nhien, mat khau manh thoi la chua du. Viec trien khai Xac thuc Da Yeu To (MFA) cho tat ca cac tai khoan quan trong (dac biet la tai khoan quan tri va truy cap tu xa) la mot lop bao ve khong the thieu. MFA buoc ke tan cong phai co ca mat khau lan thiet bi vat ly (nhu dien thoai) moi co the xam nhap, giam thieu dang ke nguy co bi chiem doat tai khoan.



3. Cap Nhat Phan Mem va Quan Ly Ban Va Thuong Xuyen (Patch Management)



Cac nha phat trien phan mem lien tuc phat hien va 7m cac lo hong bao mat moi. Neu ban tri hoan viec cap nhat he dieu hanh, ung dung hay firmware, ban dang co tinh mo cua cho nhung ke khai thac lo hong da duoc cong bo rong rai.



Chinh sach quan ly ban va can duoc tu dong hoa va thuc hien theo chu ky dinh ky, khong chi cho may tinh nguoi dung ma con cho may chu va thiet bi mang. Hay xem viec cap nhat khong phai la cong viec phien phuc ma la mot hanh dong bao ve chu dong. Mot he thong luon duoc va loi day du la mot he thong kho bi xam nhap qua cac phuong thuc tan cong da biet.



4. Trien Khai Giai Phap An Ninh Mang Da Tang (Layered Network Security)



Bao mat he thong khong the chi dua vao mot buc tuong lua duy nhat. Ban can mot chien luoc bao mat da tang, hay con goi la ""Defense in Depth"". Dieu nay bao gom viec ket hop nhieu lop bao ve:



Tuong lua (Firewall) the he moi: Kiem soat chat che luu luong truy cap vao va ra.

He thong Phat hien/Ngan chan Xam nhap (IDS/IPS): Theo doi va phan ung voi cac hanh vi mang dang ngo.

Phan mem chong Virus/Malware tien tien: Bao ve diem cuoi (endpoints).

Phan doan Mang (Network Segmentation): Chia mang thanh cac khu vuc nho hon de neu mot khu vuc bi xam nhap, ke tan cong se bi co lap va khong the de dang di chuyen sang cac khu vuc khac.



5. Sao Luu Du Lieu va Ke Hoach Phuc Hoi Tham Hoa (Backup & Disaster Recovery Plan)



Du ban co thuc hien moi bien phap phong ngua, rui ro van luon hien huu (chay no, loi phan cung, hoac te hon la bi tan cong ransomware). Sao luu du lieu la luoi an toan cuoi cung cua ban.



Nguyen tac 3-2-1 la tieu chuan vang: 3 ban sao du lieu, tren 2 loai phuong tien luu tru khac nhau, va 1 ban sao luu tru ngoai tuyen (offline) hoac o dia diem tu xa. Quan trong hon, viec sao luu chi co gia tri khi ban thuong xuyen kiem tra kha nang khoi phuc. Mot ban sao luu khong the khoi phuc duoc cung vo dung nhu khong co ban sao luu vay.



6. Dao Tao Nhan Thuc Bao Mat Cho Nhan Vien (Security Awareness Training)



Con nguoi thuong la mat xich yeu nhat trong chuoi bao mat. Ngay ca he thong bao mat dat tien nhat cung co the bi vo hieu hoa boi mot nhan vien nhap vao duong link lua dao (phishing).



Chuong trinh dao tao nen duoc to chuc dinh ky, khong chi la mot buoi hoi thao mot lan. Noi dung can thuc te, bao gom cach nhan dien email lua dao, tam quan trong cua viec khong chia se thong tin dang nhap, va quy trinh bao cao su co bao mat. Khi nhan vien tro thanh tuyen phong thu thu nhat, kha nang bi tan cong xa hoi (social engineering) se giam di dang ke.



7. Giam Sat Lien Tuc va Ung Pho Su Co (Continuous Monitoring & Incident Response)



Bao mat khong phai la mot du an co diem ket thuc, ma la mot qua trinh lien tuc. He thong can duoc giam sat 24/7 de phat hien cac hoat dong bat thuong ngay khi chung xay ra. Viec thu thap va phan tich nhat ky (logs) tu tat ca cac thiet bi (su dung cac cong cu SIEM neu co) giup ban nhin thay buc tranh toan canh.



Dong thoi, phai co mot Ke hoach Ung pho Su co (Incident Response Plan) duoc viet ro rang va duoc thuc hanh dinh ky. Ke hoach nay can xac dinh ro ai lam gi, khi nao can co lap he thong bi anh huong, va lam the nao de giao tiep voi cac ben lien quan khi su co xay ra. Phan ung nhanh chong va co to chuc se giam thieu thiet hai va thoi gian ngung hoat dong.



Bao ve he thong la mot hanh trinh doi hoi su cam ket lien tuc. Bang cach ap dung chat che 7 buoc tren, ban se xay dung duoc mot nen tang an toan vung chac, giup doanh nghiep tu tin doi mat voi moi thach thuc cua khong gian mang."



Xem them: ty le cuoc